How to Spot a Bad VPN in 2024: Guide to Avoiding Scams and Hacks

By Samuel Chapman

Last update: February 8, 2024

There are literally hundreds of choices of virtual private networks (VPNs) out there, and every single one of them claims to be the best. With so much glowing hyperbole about breakneck speeds, cheap plans and beginner-friendly apps, the average user winds up baffled, with no clue how to spot a bad VPN.

You may understand the benefits of VPN protection — safer browsing, IP addresses in other countries, and foiling invasive targeted ads. But I wouldn’t blame you if choosing between hundreds of similar services has you throwing up your hands in defeat. To make matters worse, the best VPNs are vastly outnumbered by services I wouldn’t recommend to my worst enemy.

The choice can be frustrating, but don’t give up. Your anonymity and privacy are worth it. If you know how to spot VPN scams, posers and companies that aren’t worth your money, you can maximize your odds of finding a VPN provider to stick with for life. In this article, I’ll go over all the signs of a bad VPN service.

How to Spot a Bad VPN

There are many factors that can make a VPN company a bad one. Some services are earnestly trying but just can’t get the infrastructure right. Some are slapped together as quick cash grabs or whipped up as afterthought features for another service. A VPN scam can lure you in with a free plan and make money by logging and selling your data or tout technical innovations that don’t work.

Despite the many paths that bad VPN services or fake providers can take, poor services share several common traits that make them easy to spot. Not every bad VPN provider will have all of these, but seeing any of them should spur you to investigate further before handing over any money.

Too Good to Be True

If you’ve read my What Is A VPN article, you’ll know what a VPN provider can and can’t do. A VPN service can hide your IP address, encrypt your passwords, change your virtual location and keep you safe on unsecured networks. However, it cannot protect you from all forms of online danger, any more than wearing a mask keeps you from getting punched in the face.

Marketing Claims: The best VPNs understand the limitations of their services and rein in their marketing to match. A trustworthy provider claims that its VPN can do only things it actually can do. An untrustworthy provider, on the other hand, touts wildly outsized benefits it manifestly can’t deliver.

If a VPN’s website says that it can protect you against any and all threats to your online security, respond with skepticism. A VPN can’t prevent social engineering attacks that trick you into handing over your credentials. It can’t prevent someone who knows your unmasked IP address from doxxing you. Pick a VPN that’s realistic about what it can offer you.

Speeds: By the same token, not all VPNs can be the world’s fastest. When a VPN claims to be the fastest, do some digging to see how it defines speed. Is it the fastest on average or in a certain location? Does it have the fastest download speed or the lowest latency? Did it run tests or is it just blowing smoke?

Secret Technology: Be especially skeptical if the VPN claims to have invented a secret technology that makes it run better than any other, employs an approach nobody else is using or provides its whole service completely for free. Hola VPN, one of the worst free VPN services around, makes all three of these claims — and lo and behold, it profits from selling user bandwidth.

Hola doesn’t have its own server network. Instead, each user’s traffic routes through another user’s device. This lets it offer a free service but ignores the obvious problem: You’re letting a complete stranger browse the internet with your IP address. What if they buy drugs or try to hire a hitman? There’s a very good reason nobody else uses this particular “innovation,” including other free VPNs.

Funding: In fact, be skeptical of any free VPN service that doesn’t tell you where its money is coming from. The services on my best free VPN list are open about how they fund their operations — usually through a premium service. My Proton VPN review highlights one of the clearest examples.

Vague Claims

As an exercise, let’s compare the feature pages on two VPN websites. Let’s start with ExpressVPN, the service I personally would choose — read why in my ExpressVPN review.

Notice how ExpressVPN clearly explains several specific things it can do for you and invites you to read more about each one. Now, let’s take a look at a similar page from CoverMe VPN.

This page is a masterclass in vagueness. Statements like “fastest VPN,” “great support” and “no restrictions” are meaningless. Every VPN offers “unlimited servers switching.” “Military grade encryption” refers to the same protocols every VPN uses, and “no logs policy” gives us no evidence of enforcement.

The lesson here is that good VPN services are happy to provide detail, whereas bad VPNs muddle the truth. Because they have nothing to offer, they’ll tout basic features like encryption or leak protection as though they’re special features you won’t get anywhere else. Think of it this way: Would you eat at a restaurant that made a huge deal out of not charging for the forks?

Unclear No-Logs Policy

Almost every VPN has a no-logs privacy policy, and most brag about how strict theirs is. Learning to read these documents closely is an essential skill. A solid privacy policy clearly lists every bit of data the VPN collects, along with the reason for collecting it. A bad privacy policy deflects with vague platitudes.

It’s not actually possible for a VPN to keep no logs at all. Providers need some information to run their server networks and connect user accounts with services. Many of the best have found ways to deal with that problem, like Mullvad anonymizing all accounts as a string of numbers instead of email addresses (learn more in my Mullvad review).

A reliable VPN uses its privacy policy to clearly delineate the data it gathers, how long it retains that data and whether there’s a risk to your privacy and security. A bad VPN like Hide Expert VPN (pictured above) tells you what it doesn’t collect but is vague about what it does collect.

For example, since Hide Expert does not “collect or store your personal information,” how does it distinguish one account from another? It claims to not “store the history of your online activities,” but does that include bug reports? What about the VPN servers themselves — how does the service ensure that an interloper can’t see requests sent by VPN users?

Vague, unfalsifiable claims are the last refuge of cruddy VPN providers. Whether it’s the features list or the privacy policy, if the provider can’t substantiate its claims, you should back away.

No Recent Activity

The top performers on the VPN market are constantly innovating. They know it’s a crowded field, so they work hard to offer something their competitors don’t. Take Surfshark — it’s only been around for five years, but it’s added a ton of features during that time. Check out my Surfshark review and my Incogni review (part of the Surfshark security brand) to see just how rapid its growth has been.

At the other end of the spectrum we’ve got VPN Master Pro, which sounds like a reality show where VPNs compete to impress judges.

VPN Master Pro has no news blog or announcements section on its website. Its “about us” section has no timeline or founding date, and it reads as if it were written by ChatGPT and run through Google Translate at least three times. The section about security audits doesn’t name the auditor or link to the report. That is enough red flags for a whole army of matadors.

VPN Master Pro is an extreme case, but it illustrates how a bad website is more than just an aesthetic issue. If this VPN had thousands of servers worldwide, it would say that on the site; since it doesn’t, you can assume there’s nothing to brag about. The same goes for the kill switch, split tunneling, live chat support and the ability to unblock Netflix.

Never give your money to a service that doesn’t have a clear development timeline, regular updates or a website that puts its best foot forward. A lack of activity on the user end is also a red flag — if most online references to a VPN are people asking what it is, avoid that service.

Finding a Good VPN

Sometimes I encounter people who complain that the same 10 or 15 VPNs top every website’s review list. They claim that this is evidence of a conspiracy by ExpressVPN, NordVPN and the like. But the truth is simpler: There really aren’t that many good VPNs. Far from a sinister plot, this critical consensus is a great way to start identifying the good ones.

You can trust my reviews. For example, when I list the best Netflix VPN, my only goal is to get you onto Netflix quickly and safely. But I also want to give you the tools to make that call yourself, so I’ll end with a quick rundown of what to look for.

Remember, a bad VPN:

• ❌ Makes vague, unsupported or impossible claims
• ❌ Has gaps in its privacy policy
• ❌ Has no recent website updates
• ❌ Offers a free service without explaining how it generates income
• ❌ Has poor or nonexistent online feedback

It then follows that a good VPN:

• ✔️ Regularly updates its apps and website
• ✔️ Is clear about what it can and cannot do
• ✔️ Readily provides information about every feature
• ✔️ Clearly states which user data it collects and why
• ✔️ Has received a lot of mostly positive attention

I’ve already mentioned ExpressVPN and Surfshark as good examples, but I want to mention NordVPN as well. My NordVPN review explains why it deserves to be high on any list.

Conclusion

There’s a lot of money to be made in the growing VPN industry, and where there’s money, there are scams. The worst part about bad VPNs is that they abuse your trust, taking your money while leaving you at the mercy of geolocation tracking and big tech data collection.

However, much like phishing scammers, bad VPNs tend not to put too much effort into their deceptions. As long as you know what to look for, you can stay out of the trap of bad VPNs. Pick a VPN with distinct, verifiable features and a clear privacy policy. Avoid VPNs that pack their websites with generalities and can’t back up their statements.

Don’t let low prices hoodwink you, either. There are plenty of highly rated VPNs that offer cheap plans, as my best cheap VPN roundup shows.

Have you ever used a new or an unknown VPN? Were you disappointed or pleasantly surprised? Share the story, and your favorite red or green flags, in the comments below. Thanks for reading!

FAQ: How to Avoid Bad VPNs

• How Do You Know if a VPN Is Safe or Not?

  The biggest signs of an unsafe VPN are a lack of updates on its website, the absence of an engaged community and vague, unsourced generalities.

• Which VPN Should You Avoid?

  In my opinion, Hola VPN is one of the worst VPNs on the market, from my testing. It lets other people use your device as a VPN server, potentially implicating you in cybercrimes.

• What Happens if You Use a Bad VPN?

  At best, you’ll have an unprotected internet connection, leaving you vulnerable to invasive ads and ISP spying. At worst, the VPN could sell your activity to advertisers or hackers, or in some cases even implicate you in a cybercrime.

• Are There Fake VPN Apps?

  Yes — some fake VPNs are actually trojans for malware or adware. It’s hard to list examples, as they tend to disappear quickly from app stores only to come back under new names. You should be able to dodge them if you practice common sense and verify any virtual private network before downloading it.