I know that I should avoid free VPNs because they sell our data. But I’m wondering what kind of data they’re selling?
Also, if we connect to a free OpenVPN server, what would they sell?
Your data. Everything you do while using it.
Your data is not as valuable as your residential ip address. Many of the free VPN services provide you with free VPN access in exchange for charging others a premium to come out of your home ip address.
People want residential ip addresses for a number of reasons
- A remote worker who wants to look like they are in a suburb when they are really on the beach in a lower cost of living county.
- A security researcher that is testing a service that might block access from AWS, Google, or azure or other virtual private server providers
- A malware author that wants to obfuscate their location in a manner that doesn’t look suspicious.
Bascally what you do online, what websites you visit, how often, how much time you spend on there. If a website is not using SSL, then they can see everything you do there.
If I connect to an openvpn server and watch a Netflix movie that’s unavailable in my country, what would it be able to sell?
Can you please give some examples?
99% of commercial VPN providers are not providing any type of residential IP address… especially not your own.
You will connect from your residential IP to the VPN providers server, and any activity you do externally will show as it’s coming from that commercial VPN server IP.
If you want to use your home country residential IP from outside the country, you need to install a private VPN server in your home. If you’re doing this working for an employer with a company owned laptop, there’s many different ways you can do this wrong and get caught.
Based on my researches, it will sell your browsing history — not the one that is on your browser already, but the websites you visit using the free VPN.
You have enough information to do your own research. Also, commercial VPN products are cheap. Chasing “free” will cost you more than it benefits you.
If you type credit card info they can get that. Anything you do they see.
No. If you are connected to an https site, they cannot see any of your transaction data. Only the endpoint IP you are connected to and the volume of traffic.
The only way they would see inside the tunnel is using MiTM attack, and that’s not a vpn, that’s straight malware.