NordVPN NordVPN was compromised and an internal private key has been leaked. This allows others to set up bogus VPN servers imitating official NordVPN servers. An unknown party had full remote control of the server for a period of time, and they could have used that to scoop up data from some users regardless of whether or not anything is stored on the server. Techcrunch 14 October 2019

Facebook VPN Named Facebook Research VPN, working similar to Facebooks's Onavo VPN Facebook paid people to install a "Facebook Research" VPN that is similar to Facebook's Onavo VPN app. The VPN app gets roots network access of the user’s phone and lets Facebook spy on all web activity. With the installation of Facebook's VPN app the company can log web browsing activity, scan what apps are used and even decrypt and analyze encrypted traffic. Facebook admitted it was running the VPN to gather data on usage habits. Private messages in social media apps

Chats from instant messaging apps (including photos and videos)

Emails

Web searches

Web browsing activity

Location information Techcrunch 13 January 2019

Safe Wi-Fi Verizon’s VPN The first draft of Verizon's privacy policy states that personal information may be used for marketing purposes. Motherboard 12 August 2018

IP Vanish A StackPath / j2 Global owned company User logs of US-based VPN service IP Vanish were provided to authorities who were investigating a criminal case. Full name

Email address

Username

Reset password

Connection time Restore Privacy 11 June 2018

Onavo (Facebook's VPN) Onavo collects device data from users (Wi-Fi data and cellular data usage). Onavo VPN was developed by Facebook to examine phone user's app usage and mobile browsing data. Onavo VPN itself noted it collects the “time you spend using apps, mobile and Wi-Fi data you use per app, the websites you visit, and your country, device and network type.” Security research 10 March 2018

PureVPN PureVPN was caught logging user data and provided this data to the FBI. Leaks source IP address

Keeps time stamp logs (users’ connection time) FBI affidavit 8 October 2017 9

Hotspot Shield Hotspot Shield VPN collects large amount of user data and intercepts and redirects web traffic to advertising companies. The VPN service claims to keep no logs of personal user information or online activity while identifying user locations and serving advertisements. FTC complaint 6 August 2017 7

Betternet VPN Tracking users’ activities by various tracking libraries

Gives third parties access to users’ computers

Contains malware and adware Academic paper 4 January 2017 5

Hola VPN Hola VPN sold users' bandwidth for commercial purposes and botnets. Hola's users have been unwitting mercenaries in botnet-for-hire attacks. Bandwith of Hola's users was used to target sites in denial-of-service attacks. Torrentfreak blog 3 May 2015

Proxy.sh Proxy.sh announced on it's company blog that the VPN provider monitored and analyzed the traffic on one of its U.S.-hosted VPN servers. Proxy.sh, a VPN with a strict no-logs policy, decided to track some of its VPN network traffic after receiving an abuse complaint about hacking activities on a VPN node based in the United States. Torrentfreak blog 2 September 2013