News

WARNING: Your Free VPN Google Chrome Extension Leaks Your Data!

Nothing is free. You pay for free stuff in another way, always.

As an independent internet user, we have the right to protect ourselves from cyber threats and spying. And, for this, we prefer using VPNs to hide. But, what if this trusted mate begins to ditch us? Recently, John Mason has studied around 17 different sources and concluded that a majority of these VPN extensions are leaking your data. Who knows, your free VPN Google Chrome Extension may also behave similarly!

Free VPN Google Chrome Extension Leaks Your Data
The latest research shows the top VPN service providers are leaking your data through their free VPN Google Chrome Extensions.

Free VPN Google Chrome Extension Leaks Your Data

Recently, shocking news jolted up the world of VPNs, as it was revealed that most VPN have virtually no control over their Chrome Extensions. In other words, they appeared to be ignorant towards customer privacy and data breach.

John Mason conducted a study where he took 17 different Free VPN Google Chrome extensions and looked for their privacy feature. He found that 10 out of the 17 VPNs were allegedly leaking the users’ data to the ISPs. Hence, making the users vulnerable to security breaches and data hacks.

John Mason is an ethical hacker and security researcher. He performed this research for 17 different VPN service providers that worked by free Chrome extensions. Almost all of them have had their separate premium versions too. He found that a majority of these VPNs leaked the users DNS queries to the ISPs.

DNS Query; DNS Prefetching; Data Leak – What’s The Story?

DNS Query is a request generated by your PC to the DNS Server over the internet regarding the websites you visit. When you use a VPN, it hides these DNS queries.

The recent problem of data leak arose because of a specific Chrome function, DNS Prefetching. It is a built-in Chrome feature where Google helps in faster loading of websites by prefetching website URLs that appear in various hyperlinks in the browser.

A VPN should ideally bypass this prefetching feature. But, the matter got reversed, and the tested free VPN extensions for Chrome began leaking the queries of DNS to the ISPs.

VPN Services Began Fixing The Issue

After Mason revealed his findings, many of the VPN service providers began working out on this issue. Some of them have even fixed it now. Here we share the names of all VPNs that were tested, found faulty, were fixed, or are still affected. See if your VPN is listed over here.

List of VPNs that were fixed:

  1. TunnelBear
  2. HotSpot Shield
  3. PureVPN
  4. Zenmate VPN
  5. VPN Unlimited
  6. DotVPN

List of VPNs still faulty:

  1. Hola VPN
  2. Opera VPN
  3. Setup VPN
  4. Betternet
  5. Touch VPN
  6. Hoxx VPN
  7. Ivacy VPN

List of VPNs that never leaked data:

  1. NordVPN
  2. ExpressVPN
  3. WindScribe
  4. Private Internet Access (PIA)
  5. CyberGhost
  6. Avira Phantom VPN

Hola VPN Refuses Any Fixes/Solutions

While all the other VPN services are trying to get their names off the list of faulty VPN extensions, Hola VPN has made a daring statement. It has refused to do any changes, claiming itself to be a mere ‘unblocker’. The VPN provider says in a private email,

“Hola is an unblocker. Its main goal is to allow people all over the world to watch content without any form of censorship or content manipulation. For users seeking not to ‘unblock’, but to keep their identity completely hidden, Hola is not the right unblocker to use.”

Should You Trust A Free VPN?

Well, when we see a service provider offering both free and paid services, we doubt what the difference is in there? What features make a particular version to be premium one, and why does their lacking make the other version available for free?

When a VPN service provider is not charging you money, ever wondered why it is ready to bear the loss? It actually takes you as its product then (this sounds similar, isn’t it? Yeah, something like Facebook ideology… Anyhow…).

You must have noticed that you are being barraged with ads while using free VPNs. It clearly hints towards the selling of your data to various partnering advertisers.

And now, the recent revelation about the leaking of DNS queries to the ISPs add more suspicion to the free VPNs.

Can I Check If My VPN Extension Is Leaking My Data?

Of course, you can. Thanks to John Mason that he has provided us with a procedure to test our VPNs. He has even offered to write to him if anyone notices any other free VPN Google Chrome extension to leak users’ data.

Here’s how you should go.

  1. Turn on your Chrome VPN extension.
  2. Browse to chrome://net-internals/#dns.
  3. Find “clear host cache” and click on it.
  4. Confirm the vulnerability by visiting any website.

How Can I Protect Myself From Data Leak?

If you doubt your free VPN Google Chrome extension leaks your data, you can certainly halt it from doing so. Just follow these steps to secure yourself.

  1. Browse to chrome://settings/ in your Chrome address bar.
  2. In ‘Search settings,’ type the word ‘Predict.’
  3. When you see the options, “Use a prediction service to help complete searches and URLs typed in the address bar” and “Use a prediction service to load pages more quickly,” disable both of them.

That is all. You are not safe from any potential data breach by your VPN. Still, have doubts? Why not try one of those VPNs that are mentioned on the safe list! I personally use and recommend ExpressVPN (it’s on the safe list, hurray!!!) if you ask me.

Abeerah Hashim
the authorAbeerah Hashim
Staff Writer
Abeerah is a passionate blogger/web writer for several years with particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about hacking, spying, and gaming has always enchanted her. When she is not writing, what else can be a better pastime for her than web surfing and staying updated about the tech world!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.