Free VPNs are still popular: NordVPN 2025 survey shows why that's a problem

What we asked and who we asked

Every year we conduct a survey to understand how people use VPNs and how their habits change over time. The latest survey included participants from more than a dozen countries, with responses from the US, the UK, Canada, and Australia giving us a closer look at some of the biggest markets. We asked whether people use a VPN, whether they chose a free or paid service, and what their main reasons for opting for a VPN was. Fieldwork for this edition took place in August 2025.

The top reason to use a VPN in 2025: Privacy

People turn on a VPN to protect their digital privacy. In the majority of the markets we looked at, “protect the privacy of my data and activities on the internet” ranks ahead of device and account security as the leading motive for using a VPN. Together, privacy and security account for the biggest share of VPN use, far outweighing other reasons such as accessing specific content. In the US, 42% of VPN users cite privacy as their main reason, compared with 40% in Canada, 39% in the UK, and 34% in Australia.

These results show how perceptions of VPNs have evolved. What was once viewed as a niche tool is now seen as a reliable way to protect personal data and reduce online tracking. For many users, turning on a VPN has become something they do every day to keep their online activity private.

Paid VPN use grows in the US as other markets show small declines

More Americans are paying for their VPNs than they did last year. In 2024, paid and free services were neck and neck at 42% each. A year later, the paid share jumped to 52%, while the free share remained virtually unchanged. Overall adoption went down a couple of points, going from 33 to 31%, but within that number the survey shows a substantial move toward paid VPNs.

Outside the US, about a third of VPN users continue to rely on free services. In the UK, paid VPN use dipped from 56 to 53%, while free use rose from 35 to 38%. Canada and Australia saw similar patterns — paid VPN use fell a few points but still represents just over half of all VPN users, while free services account for about a third.

The pull of “free” is still there, even as more people decide that digital privacy and security are worth paying for.

Why “free” can cost you your privacy

A free VPN still needs revenue. If the service isn’t charging you, it may earn money from your data, your attention, or both. That trade-off often manifests as weaker security, limited features, or aggressive upselling. Yes, you do get some level of protection with free VPNs, but you also take on:

• Data monetization. Many free apps track usage or browsing patterns to serve ads or insights. That’s the opposite of private.
• Weaker security defaults. Some free services skip modern protocols, use outdated encryption, or lack perfect forward secrecy (PFS). As a result, your traffic may be easier to analyze or intercept.
• Missing essentials. Audited no-logs policies, RAM-only servers, and a reliable kill switch aren’t guaranteed in free tiers. If these are absent, small glitches can expose your activity.
• Higher leak risk. Thin server networks and poor app design raise the chance of IP, DNS, or WebRTC leaks. One leak undermines the point of using a VPN.
• Performance caps. Strict data limits, slow lanes, and busy servers make connections unreliable. Many free apps push you to upgrade rather than protect you well.
• Opaque ownership. If a provider hides who owns it, where it’s based, or how it manages data, you can’t judge its incentives or legal obligations.

A safe VPN should feature the following: audited no-logs, RAM-only servers, modern protocols (WireGuard®, OpenVPN, IKEv2/IPSec), a dependable kill switch feature, and clear ownership with transparent policies. If a service can’t show most of these, we say it shouldn’t earn your trust.

The opportunity: Many plan to start using a VPN this year

Among non-users, intent to start using a VPN sits in the mid-teens across the US, the UK, Canada, and Australia. That’s a large pool of first-time users about to choose between free and paid VPN options.

Awareness of VPNs has also continued to grow year over year, suggesting that more people now recognize the need to protect their data online.

The main draw of a VPN service is privacy and security. And when people look for stronger protection online, they typically choose providers that show how they deliver it — not those that simply say they "offer a VPN."

How to choose the right VPN

Before you trust a VPN app with your data, look for proof, not promises. Use these three tests as a quick screen — if a service can’t pass them, keep looking.

Test 1: Privacy proof

You want evidence, not slogans. That means a no-logs policy that has been independently examined, servers that run on RAM only so data isn’t stored long term, and clear limits on what information the apps collect.

What to look for: Check if the provider’s privacy claims have been independently reviewed or audited by a third party. Look for confirmation of “RAM-only” or “diskless” infrastructure, and review what data the service collects and whether you can opt out of telemetry.

Test 2: Security proof

A good VPN should support modern protocols and use strong encryption in order to protect your internet traffic. Regular app updates are another must, because they include security fixes and ensure the app keeps pace with changes in operating systems. Built-in protections like malware and tracker blocking or a system-level kill switch add an extra layer of safety.

What to look for: Open the app and confirm that it supports modern VPN protocols such as WireGuard, OpenVPN, or IKEv2/IPSec. Check that a kill switch is available in the settings, and make sure the provider maintains its apps actively and responds to security issues as soon as they arise.

Test 3: Transparency proof

Trust demands daylight. You should be able to see who owns the service, where it’s based, and how it responds to data requests from authorities. Providers that open themselves up to outside assessments are the ones taking accountability seriously.

What to look for: Visit the About page to identify ownership and headquarters, read the transparency report to see what requests the provider receives and how it responds, and look for third-party reviews like audits, bug bounties, and even independent research.

Reading the signs

Beyond tests, there’s also the technical side — the feature profile, the update record, and even small design choices — that can sway your decision. Green flags to look for include obfuscation, split tunneling, and double VPN. Clear setup guides and responsive customer support are also strong signals that the provider puts users first.

Red flags, as you might expect, point in the opposite direction. A service that skips public audits or transparency reports is asking you to take its promises on faith. Claims of complete privacy should also make you pause because once you’re online, total privacy becomes unattainable. Companies that hide who owns them or where they operate are harder to hold accountable, so just avoid those. And VPN apps that request permissions they don’t need introduce risks you shouldn’t have to take.

Research methodology

The survey was conducted in August 2025 by external agencies on behalf of NordVPN. The sample included roughly 1,000 residents per country, with some markets slightly below that number. Respondents were internet users between the ages of 18 and 74, with quotas for age, gender, and region to ensure a nationally representative sample.