Free online tools: how they really work, who pays, and what's broken
The truth about free online tools - from decent ones to malware campaigns. Learn the funding models, risks, and how to spot the safe ones.
Everyone uses free online tools. PDF compressors, image resizers, YouTube downloaders, the list is endless. They're convenient, instant, and you don't need to install anything. But here's the thing: it's a wild west out there. While many tools are genuinely helpful, others are... let's say, less noble in their intentions.
And some? They're literally malware campaigns cosplaying as productivity tools. It's like trick-or-treating where half the candy is actually USB drives full of ransomware. (Too dark? Maybe. But also not wrong.)
Let's rip off the mask and see what's really going on. I'll show you how these tools work, who's footing the bill, where the traps are hiding, and which ones won't steal your lunch money. And yes, I'll explain how we built Unwrite - because we deliberately avoided all the sketchy patterns that make parts of this industry such a mess.
Categories of tools you'll bump into
PDF - merge, split, compress, convert, OCR, sign, lock/unlock.
Image - convert formats, resize, compress, remove backgrounds, favicons, colour pickers.
Video & audio - trim, merge, convert formats, extract MP3s, screen record.
Writing - grammar, plagiarism, counters, diff tools, lorem ipsum.
General utilities - URL shorteners, QR codes, file sharing, temp emails, archive extractors.
That's the battlefield. All useful. All popular. But safety levels vary from "totally fine" to "why is my computer suddenly mining Bitcoin?"
Funding models: nothing is really free
Here's the brutal truth: "free" means someone else is paying. That's either advertisers, a parent company trying to funnel you into their subscription vortex, or - plot twist - it's actually you. You're paying with your data, your time, or those five minutes you spent clicking seventeen fake download buttons before finding the real one.
| Model | What you see | What funds it | Risks |
|---|---|---|---|
| Ads | Pop-ups, banners, three different "Download" buttons | Ad networks | Fake buttons, malware-laced ads |
| Freemium | Free for small jobs, pay for bulk/HD/no watermark | Subscriptions | Transparent, usually safe |
| Lead gen | Tool asks for your email | Sales teams | Your inbox is the product |
| Affiliate | "Top free tools" lists with sketchy installers | Referral kickbacks | Junkware bundles |
| Data resale | Lots of trackers, vague policies | Data brokers | You're the product |
| Ecosystem funnel | Big brand gives tools free to upsell you later | Parent company | Clear trade-off |
Take Adobe Acrobat Online. They let you merge and compress PDFs for free. The catch? You're now in their ecosystem like a fly in expensive amber. But hey, at least they're upfront about it - that's almost refreshing in this industry.
On the flip side, 90% of converter sites are just click farms in disguise. They couldn't care less about your quarterly report - they're too busy counting the seventeen ad clicks you made while hunting for the actual download button. (Spoiler: it's always the smallest, greyest one hiding behind a pop-up for "hot singles in your area")
Where your files really go
- Server-side: you upload the file, they process it on their servers, then you download. If they delete it quickly (Adobe says they do), fine. If they don't say, assume it sits there.
- Runs in your browser: the file never leaves your device, processed by WebAssembly/JS locally. That's how Squoosh, Photopea, PDFTool - and Unwrite - all work. No uploads, no retention, no "oops, we were hacked and your files leaked."
The nightmare scenarios you're flirting with
- 1Fake download buttons - Those massive, pulsating green "DOWNLOAD NOW!!!" buttons? Yeah, clicking those is like playing Russian roulette with your computer. Best case: you get a toolbar. Worst case: your PC starts mining cryptocurrency for some teenager in Belarus.
- 2Trojanised installers - recent case: a fake "AppSuite PDF Editor" pushed via Google Ads that was really the TamperedChef malware. It sat dormant for weeks then stole credentials.
- 3Malicious extensions - "PDF Toolbox" looked innocent, had 2M+ users, but secretly injected arbitrary code on every page you visited. Google later yanked it along with 30+ others.
- 4Adtech overload - sites riddled with third-party trackers and pop-ups. Even if they don't hand you malware, the UX is awful and the data collection is unjustifiable.
The good ones
Not everything is bad. A few projects get it right:
- Squoosh - Google's open-source image compressor. Works fully offline.
- PDFTool - does PDF edits in-browser, no uploads, funded by light ads/donations.
- Photopea - Photoshop clone in the browser. Runs locally after first load, premium removes ads.
- Unwrite - AI text clean-up, PDF editing, text compare, favicon generator. Every free tool runs in your browser - none run server-side. No ads, no trackers, no fake download buttons. Paid e-commerce tools are in development, but not live yet. The design is deliberate: if nothing leaves your device, entire classes of risk don't exist.
Good news: plenty of online tools are genuinely great! The bad news: finding them is like panning for gold in a muddy river. The good ones exist, they're just swimming in a sea of sketchy alternatives.
Here's our hot take: if a tool won't tell you exactly how it works and where your files go, it's hiding something. Period. Transparency isn't a "nice to have" - it's the bare minimum.
Quick comparisons
| Dimension | Typical free tool | Unwrite |
|---|---|---|
| Processing | Often uploads to server | Always runs in your browser |
| Ads | Common, sometimes deceptive | None |
| Data retention | Vague or "1 hour" | Nothing uploaded |
| Attack surface | Ad networks, CDNs, installers, extensions | Minimal |
| UX | Cluttered with banners and pop-ups | Clean, task-first |
| Funding | Ads, freemium, lead gen | Free local tools now, optional paid later |
How to not get burned
- Prefer tools that run entirely in your browser. Test offline - if it still works, you're safe.
- If you must upload, look for a clear deletion policy. "Deleted after 1 hour" is the baseline.
- Never install desktop apps for tasks that should be browser-native.
- Avoid extensions demanding "read and change all data on all websites."
- Treat ad-heavy utility sites as hostile unless proven otherwise.
That's the free tool jungle we're all navigating - a wild mix of genuinely useful apps, ad-choked nightmares, and straight-up digital traps. Our advice? Be smart about it. Stick to tools that run locally in your browser, read those privacy policies (yes, really), and if something feels sketchy, it probably is. The good tools are out there - you just need to know how to spot them.
That's exactly why we built Unwrite the way we did: no uploads, no ads, no BS.
We looked at this landscape and thought: "What if we just... didn't do any of that?" Radical idea, we know. Everything runs in your browser. Your files never touch our servers because - shocking concept - they're YOUR files. No trackers, no "premium" upsells hiding basic features, no fake download buttons that install a crypto miner.
Just tools that work. Tools that respect you. Tools that don't treat you like a walking credit card with poor impulse control.
The internet doesn't have to be a minefield. With the right approach, free tools can be both powerful AND trustworthy. We're proving it, one tool at a time.