If you follow the world of online security, you might have heard a lot of concern being expressed over the last couple of years about free VPNs and the potential security threat that they pose. One particular concern is that free VPNs could be making their unsuspecting users part of a botnet for malicious and even illegal purposes. But what is a botnet, and how can one be created by a VPN? And most importantly, how can you avoid your device becoming part of a botnet? These are the questions that we are going to answer today in our article on how free VPNs make users part of a botnet – and how to avoid them.
What Is A Botnet?
The word botnet stands for robot network, and it refers to a group of computers which are remotely controlled by an organisation or individual. The devices which can be a part of a botnet include PCs, servers, routers, phones, and other electronic devices like shop tills or CCTV cameras. A big range of devices can be made to be a part of a botnet.
There can be legal and above board uses for a botnet. The SETI project, for example – the Search for Extraterrestrial Intelligence – has a project called SETI@Home where interested users give consent for their computers to be used to help to perform the complex calculations that are required for sifting through large amounts of astronomical data. Similarly, the Folding@Home project lets users sign up to donate their computing power to the analysis of protein folding patterns which could lead to new treatments for cancers or diseases like Alzheimer’s. In these cases, people agree to let their computer processors to be used for centralised calculations when they are not being used.
How Bad Guys Use Botnets
However, most botnets are not philanthropically minded projects for sharing calculations. The majority of botnets are set up by criminal organisations and they are formed of the machines of unwitting and unwilling users. A device can become infected by malware which makes the device give over its processing power to the controller, called the botmaster. The botmast controls a vast number of machines which are used for their processing power, usually without the device’s owners even being aware that their machines have been compromised.
Botnets are used for a variety of unsavoury tasks, such as distributed denial of service attacks, where many devices hit a website at the same time in order to bring the site down, or spamming, where the computers are used to send out spam email messages. Other common uses of botnets include click fraud, where adverts are repeatedly clicked by scripts to defraud money from advertisers, and cryptocurrency mining. Most disturbing of all, botnets can be used to serve illegal material, which could mean the devices of unsuspecting users could be used to serve child pornography or other illegal content.
Free VPNs Make Their Users Part Of A Botnet
You can see why botnets are something that users would very much want to avoid. Traditionally, most botnets have targeted unused machines like older servers which are not frequently used but which remain powered on and connected to the internet. But recently there has been a worrying trend of free VPNs which have turned their users in a botnet.
The most well known example of a free VPN that acted as a botnet is Hola. Hola was an extremely popular free VPN service from Israel that at its height had nearly 50 million users worldwide. But in 2015, it was revealed that Hola had been selling their users’ bandwidth to cover the costs of its free service – and that this bandwidth was able to buy for botnets. Hola users had been unknowingly giving their devices over to botnets that were being used for all of the shady purposes we mentioned above.
One of the operators of message board 8chan revealed that Hola users’ devices had been used to attack his website. He explained:
“When a user installs Hola, he becomes a VPN endpoint, and other users of the Hola network may exit through his internet connection and take on his IP. This is what makes it free: Hola does not pay for the bandwidth that its VPN uses at all, and there is no user opt out for this.”
Later, the news got even worse for Hola, when an advisory notice about the produce was posted, saying:
“The Hola Unblocker Windows client, Firefox addon, Chrome extension and Android application contain multiple vulnerabilities which allow a remote or local attacker to gain code execution and potentially escalate privileges on a user’s system.”
The Hola debacle was just one example of the ways that free VPN users can be hoodwinked and ma have their devices taken over and used as part of a botnet. This problem arises with lots of free VPNs as if these services are not making their money from user subscriptions, they must make money in other ways – and these ways can include selling access to their users’ machines to shady organisations which run botnets.
How To Choose A Reputable VPN
All of this might have you worried about using a VPN. You want to be absolutely sure that when you use you VPN, it will keep you safe and it will not be made a part of a botnet. Below we’ll recommend some VPNs which are known to be safe and trustworthy and which will never make you a part of a botnet. These trustworthy VPNs have all of the key features that you need for the best and safest VPN experience:
- Strong encryption. To make sure that your connection cannot be hacked or cracked, you want strong 256-bit encryption.
- A no logging policy. To make sure that your data will never be sold to another company, the best way to be sure is or there to be no record of your internet use. That’s why a good VPN should have a no logging policy so that they never save your data.
- Fast connections. Slow internet is the worst, and a bad VPN can be painfully slow to use. The VPNs that we recommend all have super fast connections.
- No bandwidth limitations. Another way that free VPNs make money is by having a limited amount of free bandwidth, then charging users if they go over that low threshold. We prefer the certainty of a paid VPN service that has no bandwidth limitations and which you can use without limits.
- Support for different operating systems. With one paid VPN subscription you can protect all of your devices, like you phone, tablet, and computer. So look for VPNs with software support for all of the platforms that you use.
To find a trustworthy VPN that will never make you part of a botnet, try one of our recommended providers:
Our Recommended Safe VPNs
Serious internet users agree that one of the most popular and trustworthy VPN services is ExpressVPN. It has super fast connections which make it a pleasure to use, and it also offers exceptional reliability with servers around the world. A subscription offers you access to network of more than 1000 servers in 145 different locations in 94 countries.
Importantly, ExpressVPN meets all of our security requirements with strong 256-bit encryption and a no logging policy to protect your privacy. This provider has a sterling reputation so you can be sure that your data will never be sold, and your device will never be co-opted to be part of a botnet. The software is available for Windows, Mac OS, Android, iOS, and Linux, and has helpful advanced features like a speed test and a DNS leak.
If you don’t want your VPN to slow you down but you don’t want to compromise on security, then you should try IPVanish. It has some of the fastest connections of any of the VPNs that we’ve tried as well as a large network of 850 servers in 60 different countries.
The vital security features include strong 256-bit encryption and a no logging policy, so you can be sure that your data won’t be recorded or sold to others. The software has a lot of extra advanced features like a kill switch, auto reconnect, leak protection for IPv6 and DNS, periodic IP address change, and manually configurable DNS. You can install it on Windows, Mac OS, Android, Linux, Windows Phone, or iOS.
When you want the highest possible level of security with military grade encryption, then we recommend that you try NordVPN. For a start, the service has the essential security features of strong 256-bit encryption and a no logging policy. But there is a unique extra feature of NordVPN, which is double encryption. Double encryption means that when data leaves your device it is encrypted and sent to a server elsewhere in the world. At this first server, the data is encrypted again and sent to a second server, where it is decrypted and sent to its destination.
This double encryption means that it is essentially impossible to crack, so this VPN is ideal for those who want absolute peace of mind with their security. The server network has more than 1000 servers in over 60 different countries, and the software has a helpful map interface. The software is available for Windows, Mac OS, Linux, iOS, Chrome OS, Android, iOS and Windows Phone, as well as browser extensions for Firefox and Chrome.
If you need to use a VPN on networks which have VPN blocking features, then the must-have service for you is VyprVPN. Some networks are designed to detect and reject traffic that looks like it is from a VPN, such as many of the networks in China. However, VyprVPN can be used even on these restricted networks thanks to its special Chameleon protocol which encrypts both your data and your metadata – and so tricks VPN detection and lets you use the VPN even on restricted networks.
VyprVPN also has good security with 256-bit encryption and a no logging policy, with a server network of more than 700 servers in 70 different countries. The software is available for Windows, Mac, Android, and iOS.
If you’re looking for a very simple VPN solution that also includes a ton of extra security features, then you can’t beat PureVPN. With strong 256-bit encryption and a no logging policy, the VPN will work to keep you safe and to protect your privacy. The network of servers includes more than 750 servers in 140 different countries.
Here’s the great thing about PureVPN though: with your subscription, as well as the VPN you will also get a bundle of extra security software. This software includes anti virus and anti malware protection, plus an anti spam filter to keep your email free of unwanted messages. There is also app filtering, DDoS protection, a kill switch, the option for a dedicated IP, and a NAT firewall. You can install the easy to use security software package on Windows, Mac OS, Android, iOS, and Android TV devices, plus browser extensions are available for the Chrome and Firefox browsers.
There are many problems with free VPNs, including slow connections, poor reliability, and limitations on bandwidth usage. But one of the most concerning problems is that users may be made a part of a botnet without even knowing it. This happened with the free VPN Hola, which was discovered to be selling its users’ bandwidth to all sorts of shady organisations, making the users part of a botnet.
To avoid this happening to you, you should stay away from free VPNs. Instead, use a trustworthy paid VPN like one of the ones that we have recommended. These paid VPNs will keep you safe and protect your privacy without ever making you part of a botnet.
Have you had security problems with free VPNs? Or do you prefer to stick to using a safe paid VPN service? Tell us about your experiences in the comments below.