In this post, we will help you find a free VPN that offers fantastic privacy and security features. You can stay safe on the internet, without paying a penny! Additionally, you will learn about the critical WebRTC VPN vulnerability that affects most commercial VPNs, so you do not fall victim to DNS leaks.
To learn how a VPN works, you can read our post “How a VPN can protect your Privacy“.
Web Real-Time Communication (WebRTC) is a technology you should be very careful with if you use a VPN. It is an open-source standard of communication protocols and APIs for real-time communication. It enables you to not only access information from servers, but also from browsers of other users. WebRTC is therefore used for file transfer, video chat, text chat or desktop sharing software. It is supported by all major desktop browsers today, but also on Android, iOS, Chrome OS and others. The feature is always running, even if the website you visit does not need it.
In 2015, the website TorrentFreak discovered a serious security issue, which can compromise VPN tunnels and lead to DNS leaks. The attack is carried out with JavaScript and uses a STUN server (Session Traversal Utilities for NAT). That is a server that uses the STUN protocol to detect firewalls and Network Address Translation (NAT) routers. This can reveal your true IP address, regardless of using a VPN service.
A good defence against this vulnerability is the plug-in uBlock Origin. It is a very useful add-on, which you should always combine with your VPN. uBlock Origin prevents giving away local IP addresses via WebRTC.
The WebRTC protection has to be enabled: Open the plug-in’s setting, go to Dashboad→Settings→Privacy and tick the box Prevent WebRTC from leaking local IP addresses. It is very important to turn it on, since it does not secure your VPN by default.
You can get the plug-in for Firefox, Chrome and Brave. Other specific plug-ins for the same purposes are “WebRTC Leak Prevent” and “Easy WebRTC Block”.
Another option you have in Firefox is preventing the WebRTC vulnerability by changing the setting, instead of installing a plug-in: In the Firefox settings, change the value media.peerconnection.enabled to false. You can reach this advanced settings menu by typing about:config in the URL field and pressing Enter.
We hope to have explained the WebRTC VPN vulnerability sufficiently, but you can read a more detailed report on TorrentFreak.
The only valuable free VPN we can think of is the Swiss ProtonVPN.
Should you want to try a VPN service, before getting a subscription, this is an ideal choice. We can really recommend ProtonVPN, since it has a free version without data limit or ads. Their service is free, because they only allow normal web content and not P2P file sharing like BitTorrent, which what most people use a VPN for.
ProtonVPN is made by the same company as ProtonMail, they are very transparent. They openly share on their website that they are financially supported by the EU and the country Switzerland.
It is really completely free and quite secure. In fact, the developers say that it is their mission to make privacy accessible to anyone, so they will always offer a free version. They believe that privacy is a human right, an opinion that we share.
The speed of the connection is good to average, depending on how many free users are online. It is much faster than we would have ever expected from a free service.
We have a 100Mbps internet connection, our average speed is 80Mbps without a VPN. With ProtonVPN Free, we get up to 68Mbps and 40-50Mbps on average.
You can try the paid version for 7 days, it offers P2P traffic (e.g. BitTorrent) and higher speed. After that, you can either get a subscription or continue with the free version. Their cheapest subscription is priced at 4$/month. For many people, there is no need to upgrade. Again, the only feature some users will possibly miss in the free version is P2P traffic for BitTorrent, but torrenting is risky anyway, so that is fine for our purposes. ProtonVPN can be used on desktop or mobile.
While ProtonVPN’s client software is not directly open-source, they use open-source technologies for their network. Their software is based on OpenVPN, which is an open-source solution that establishes a tunnel with AES-256 encryption. Other providers that use OpenVPN will not use the full 256-bit encryption to offer a faster connection, but ProtonVPN focuses on privacy and security.
They also make use of the Internet Key Exchange (IKEv2) protocol (source). This VPN provides advanced protection from DNS leaks and the developers have taken care of the WebRTC VPN vulnerability that plagues many providers. With their “Kill Switch” feature, you can immediately block all connections if you lose contact with the VPN servers. That prevents accidentally sending unencrypted data.
If you want a VPN for P2P traffic (BitTorrent), you will probably have to get a subscription. We will not list more VPNs here, since our site does not specialise on VPNs. Who the best provider is changes every year, so we will recommend other websites that continuously test VPNs and give recommendations.
Never compare VPNs based on the price, but based on their privacy features!
We have recommended ProtonVPN, since it is completely free and we use it ourselves. We have a paid subscription, due to the larger choice of servers and since we can support the free VPN that way. We do not have any contracts or affiliations with the company that provides ProtonVPN, so feel free to choose another service. It is just the company that has the best free version at the moment and we really like their ProtonMail. Do your own research, maybe there is a much better provider we are not aware of.
To find an ideal VPN for your purposes, we refer you to the following webpages that compare providers: