“If the product is available for free, then you are the product.”
This is a common quote in today’s tech startup landscape. When companies offer services for free, you are actually the product. In return for the free services, you may be fed advertisements and paid content, both of which are how service providers monetize you as users.
In some cases, however, companies go beyond taking advantage of your presence as users and the traffic you bring in. Some go as far as to collect your data, capture insights about your usage behavior, and sell that data to third-party buyers or service providers.
These are definite abuses of personal data and privacy. Unfortunately, users usually agree to these data abuses when they agree to the User Agreement or Terms of the service. So, which companies have the potential to abuse your data? Let’s find out.
The Case Against Free VPN
Using a free VPN service is always a big NO; it is something you want to avoid at all costs. VPN service providers can tap into the data you stream through their servers at any time, which means they can learn a lot about you as a user. When you browse a particular site, the VPN service provider tracks your activity and uses the insights for other purposes such as displaying ads.
Free VPN services are also less secure than premium ones. Not all free VPN servers enforce strict data encryption policies. Some even allow non HTTPS sites to be accessed openly, which means you are actually transmitting your data openly; in this format, anyone can sniff through your data packets and steal your information.
Betternet, a popular free VPN service, was recently caught selling user data they captured through their Android app to third-party buyers. The Betternet Android app has 14 tracking libraries that run in the background, secretly collecting data about you as you use the free VPN service. Betternet and other free VPN services do more than steal and sell data too.
There are instances where free VPNs inject their own cookies, replace the ads you see with their own, hijack your internet traffic, and run other malicious scripts on top of your internet requests. Even worse, these activities are considered common practice, with the majority of free VPN service providers being involved. So, it’s definitely not a good decision.
Traffic Hijacking
Traffic hijacking in particular is a serious case. If you think having your data sold to third-party buyers is bad, wait until you hear about how Hola, another popular free VPN service operating as a Chrome add-on, hijacks your internet whenever you are idle. Hola had previously been popular for its ease of use and the reliability of its VPN services.
You can use Hola to view TV series and sites that are designed to be viewed only from restricted regions. You fool the streaming servers by rerouting your request through a VPN server in the same region. Thousands – if not millions – of users turn to Hola to access exclusive content from regions such as Europe and the United States.
It was 8Chan, an online forum, who first sounded the alarm. 8Chan recognized a DDoS attack with a Hola signature; in essence, 8Chan saw Hola’s network as a network of botnets with more than 9 million IP addresses under its control. A DDoS attack from this network can be deadly to any server, even when they are equipped with sophisticated load balancing features.
The Harm of Minor Players
Data collection and utilization are not new things. Google, a tech giant whose products we use every day, knows virtually everything there is to know about its users. Google’s multiple arms and services allow the company to collect a holistic set of data from its services, ranging from your browsing habits to location history and personal preferences.
The same is true with Facebook. Facebook Pixel is one of the most intrusive (yet legal) ways of tracking users. As long as you are logged into your Facebook account, Facebook can track you across multiple sites, see your online spending habits, and collect a massive amount of information about you. Yes, these companies are collecting data legally.
Large players, however, are exposed in the open. What you really want to be mindful of are the minor players like Avast, who operate through add-ons and simple apps that offer free services. They often slip through the cracks and aren’t regulated as strictly as larger tech companies, which gives them the ability to monetize your data without getting noticed.