Report: 50 VPNs share data on their users with Facebook
Is your VPN running the Facebook pixel, thus putting a dent in your privacy? We tested almost 300 — check out the results and see if it’s time you had a word with your provider. Share
It’s a no-brainer that the vast majority of people who make regular use of a VPN, do so mainly out of a concern for their privacy.
However, recent discoveries related to Facebook’s data collection and ad targeting practices have shown that your sensitive info isn’t necessarily out of anyone’s reach — and the issue can be traced as far back as your VPN provider’s website.
We felt the pressing need to delve deeper into this very serious matter. So we took it upon ourselves to test over 280 VPNs and whether their relationship with Facebook poses a risk to users’ privacy — this report will highlight the results and implications of our research.
Spoiler alert: they are rather alarming.
We tested all 286 VPNs out there and found that 50 are sharing data with Facebook — many of them among the leading providers on the market (we didn't exclude from the test any "favored" VPN - see complete list).
Our research process involved individual checks for traces of the so-called "Facebook pixel” on each VPN’s website. We double-checked by visiting both the signup page and the homepage.
We then made a list of the VPNs who used the pixel at the time of our investigation.
The tests revealed a troubling tendency: a total of 50 VPN services make use of the Facebook remarketing pixel on their respective website. Examples include household names like VyprVPN, HMA, and Hola, among many others.
You can find the full list of the VPNs found to have the Facebook pixel at the end of this article.
What’s so bad about using the Facebook pixel? In layman terms, this tool’s purpose here is to help with persuading users in purchasing a VPN via targeted Facebook ads. This means that potential customers who have visited a VPN provider’s website will be "graced” by an advertisement that will be shown only to them — assuming the website runs the remarketing pixel.
While the morality of such marketing practices can certainly be debated, there is another glaring issue that has to do with user privacy — the very thing many are looking to preserve with a VPN.
By putting said pixel on their site, a VPN provider practically starts funneling user data to Facebook. When used in tandem with other Facebook services, like exclusion marketing or lookalike audiences, this brings to light two more major concerns.
The first one revolves around the very probable scenario of Facebook predicting which users have bought a VPN. Building a custom audience by excluding those who have already made a purchase is an oft-used practice — needless to say, VPN subscribers don’t want that information readily available to anyone, let alone Facebook.
The second glaring issue stems from Facebook’s ability to build a lookalike audience that would have a whole lot in common with the data gathered on the VPN websites. Since the social media platform is used by a host of privacy-friendly solutions to keep in touch with their communities, a simple cross-check can yield a great deal of potential users who haven’t even visited a pixel-running website.
For instance, Facebook can find out that the majority of people visiting VPN homepages also like DuckGoGo or The Tor Project — therefore obtaining the foundation for a lookalike audience in Facebook users who also follow these pages, but may not be part of the acquired data from the pixel.
Facebook's ad promoting the use of the pixel
The Big Caveat
All of this leads to one hugely important (and, frankly, frightening) question: what happens to all this data if Facebook were to hand it over, whether willingly or by force?
While it’s reasonable enough to believe that Facebook isn’t outright selling data, they do have copious amounts of it — and the use it on a daily basis to make their ads better, which translates to "more invasive” for users.
But the bigger problem here is the absolute defeat of privacy when Uncle Sam knocks on Facebook’s door. In other words, if the US government forced the California-based social media giant to present a list of people that have a VPN (or are likely to have one), there would be no option but to fully comply, even if the users in question weren’t in the United States.
Time to Take Action — Contact Your VPN Today
In any case, giving away information to what is considered one of the biggest enemies of online privacy is a massive risk, and that’s putting it mildly. Sharing data with Facebook, whether directly or not, is unacceptable for any VPN user that takes their security seriously.
It doesn’t take an expert to notice the massively unfavorable situation many VPN users are dealing with here. Running the Facebook pixel on websites is now without a doubt harmful for the privacy-conscious, and it has to go.
Many top-shelf providers are affected — we aren’t going to hide the fact that six of our top ten most recommended VPNs also made the list, including, PrivateVPN, IPVanish, and SaferVPN.
Since we’re very familiar with these providers and know the extent to which they go to protect their users, we urge them to take action and remove the Facebook pixel from their sites.
In general, our intention is to emphasize that we are not making any accusations against any VPN service regarding wrongdoing. However, given the transparency of the problems at hand, the only way forward is to commence addressing them.
And to all VPN users reading this article, we ask you to join in on the effort and share this article with your provider and friends alike. It’s time for a reminder that you value your privacy, and it’s your VPN’s duty to defend it at all costs.
Here’s the full list of VPNs that implement the Facebook remarketing pixel, according to our research:
- Anonine VPN
- Astrill VPN
- Avira Phantom VPN
- CactusVPN - Update. CactusVPN removed the Pixel after this research was presented to them. Well done CactusVPN.
- CyberGhost VPN - Update. CyberGhost removed the Pixel 2o minutes after this research was presented to them. Well done CG.
- Geosurf VPN
- Ghost Path
- Goose VPN - Update. GooseVPN removed the Pixel right after the research was presented to them. Well done GooseVPN.
- Hide My IP VPN
- HMA VPN
- Hola VPN
- Hotspot Shield - Update. HotspotShield removed the Pixel shortly after this research was presented to them. Well done HSS.
- IPVanish VPN - Update. IPVanish removed the Pixel 9 minutes after this research was presented to them. Well done IPV.
- Ivacy VPN
- Kaspersky Secure Connection
- My Expat Network
- My Private Network VPN
- Norton Wifi Privacy
- Opera VPN
- OverPlay VPN
- PrivateVPN - Update. PrivateVPN removed the Pixel 10 minutes after this research was presented to them. Well done PrivateVPN.
- ProxyServer VPN
- PureVPN - Update. PureVPN removed the Pixel right after this research was presented to them. Well done PureVPN.
- SaferVPN - Update. SaferVPN removed the Pixel right after this research was presented to them. Well done SaferVPN.
- Shellfire VPN
- SumRando VPN
- Unlocator VPN
- VPN Unlimited
- VyprVPN - Update. VyprVPN removed the Pixel right after this research was presented to them. Well done VyprVPN.
- Zenmate VPN - Update. Zenmate removed the Pixel 12 minutes after this research was presented to them. Well done Zenmate.