Planet VPN urges caution over free cybersecurity tools

Planet VPN has issued guidance on how users should assess free cybersecurity tools after scrutiny of a VPN browser extension accused of collecting and selling user data.

The case highlights how some free privacy and security products monetise user information, including queries entered into artificial intelligence chatbots such as ChatGPT, Gemini, Claude and Copilot.

It also reflects a broader tension in the cybersecurity market. Free tools can provide basic protection to consumers who might otherwise have none, but some providers rely on advertising or data-sharing models that undermine the privacy claims at the centre of their products.

Planet VPN urged users not to assume a paid service is automatically safer than a free one. Instead, it said consumers should examine a provider's update record, reputation, transparency around data handling and the wording of its privacy policy before installing software.

Konstantin Levinzon, co-founder of Planet VPN, said concern about free products was justified.

"Considering the fact that a number of free cybersecurity service providers have tried to profit from their users, consumers are right to be suspicious and should treat free cybersecurity tools with caution," Levinzon said.

He argued, however, that cost alone should not determine whether a service can be trusted.

"However, we believe that as cyberincidents increase every year, basic cybersecurity has to remain free, and there are far more important factors to consider than just the free vs paid debate," Levinzon said.

Update records

One of the main checks Planet VPN recommended is a product's update history. Regular software updates can indicate that a provider is fixing vulnerabilities and maintaining its service, while long gaps or irregular releases may suggest neglect or unresolved security problems.

Users can often verify this through official product pages, app store listings or public code repositories. In practice, update records may be one of the few visible signals available to ordinary users trying to judge whether a service is actively maintained.

Trust signals

Reputation and transparency were also highlighted as key indicators. Independent reviews, user feedback, industry certifications and discussions on specialist forums can help consumers build a picture of how a service operates and whether complaints about privacy or security have surfaced elsewhere.

For VPN providers in particular, disclosure around data storage, encryption practices and responses to vulnerabilities remains crucial. Many services make broad privacy claims, but fewer explain in detail what information they collect, where it is stored and under what circumstances it might be shared.

Levinzon outlined what users should expect from a provider.

"A reliable VPN provider, be it free or paid, should not share, store, or collect data like browsing history, IP addresses, and ensure that your online activity remains private. Users should also make sure that their provider is based outside of the 5/9/14 Eyes alliances, which include countries like the US, UK, Australia and Canada, as these agreements permit surveillance and data sharing among member states," Levinzon said.

Policy wording

Another area Planet VPN highlighted is the privacy policy, which many users accept without close review. Vague wording on data retention, data use or third-party sharing can mask practices that conflict with a service's public messaging.

The issue has become more sensitive as AI tools are used more widely for work and personal tasks. If software operating in the browser captures data entered into chatbot services, the potential exposure can extend beyond browsing history to include business information, personal conversations and draft documents.

Planet VPN said advertising in free security products was not inherently unacceptable, provided users were clearly told what was being shared and gave permission for it.

"It is natural for free cybersecurity service providers to display ads in order to generate revenue for infrastructure and service quality improvements. However, they should explicitly state that only non-personalized, aggregated data is shared with ad platforms-and only with the user's explicit consent," Levinzon said.

Planet VPN said it has attracted more than 30 million users worldwide and operates from Romania, which it described as being outside the 5/9/14 Eyes surveillance alliances.