A VPN (Virtual Private Network) is an online service that allows users to turn a public connection into a private one. This is useful for shielding customers against external surveillance while surfing the web, streaming videos, or downloading torrents. Aside from anonymity, it’s also great for accessing geo-restricted content, avoiding censorship or speed throttling, and much more.
VPNs are becoming more popular among everyday users by the month. It’s hardly a surprise: universal VPN services such as NordVPN (best for security) and Surfshark VPN (most bang for your buck) meet the needs of a growing number of people.
Yet what is a VPN exactly, and how does it work? That’s what we’re here to find out.
How does a VPN work?
Using a consumer-focused VPN is extremely simple. The first step is to download and install a VPN client. Using the client software, you can establish a connection with the VPN network, and your browsing will instantly be shielded.
VPN services typically have lots of servers around the globe and handle thousands of simultaneous connections. When connected to a VPN, instead of data being routed via your Internet Service Provider (ISP) to the target destination, it is transferred via a network of servers maintained by the VPN provider. When it reaches the target, it seems that the data has originated from these servers, instead of your own computer. Additionally, your ISP can only see you connecting to a VPN server IP, rather than the final destination.
The process involves creating what is known as a VPN tunnel. This uses special tunneling protocols to “wrap” packets of data in a layer of encryption so that any interceptor would be unable to make any sense of it.
The best VPN services in 2020
The VPN market is saturated with great (and not-so-great) VPN tools. These VPNs are great for anything you can think of – security and privacy, streaming, torrenting, gaming, and more:
Operating out of the British Virgin Islands and boasting a server list containing 1000+ entries in 60 countries, Surfshark VPN has demonstrated its integrity more than once. It has a full suite of security features, has custom apps for all the important platforms, and offers 24/7 live chat support. Surfshark has proven time and again that it’s a leak-free, privacy-friendly product.
The Romanian CyberGhost shines when it comes to ease of use and intuitive design. This VPN is ideal for newcomers and those who don’t need dozens of advanced features. Nevertheless, CyberGhost is very secure and has a huge network containing 6200+ servers in 90+ countries. It’s as good for anonymity as it is for fun.
For an extensive list of our favorite VPNs, check out this Best VPN Services list.
Should I use a VPN?
You should consider using a VPN for any of the reasons below:
- Masking your identity from outsiders. What is a VPN if not a privacy-restorer? VPNs have obvious benefits for privacy because they hide your IP and encrypt your data.
- Getting around government censorship. By obscuring what websites you’re visiting, VPNs can trick censors.
- Encrypting data. VPNs encrypt any data that you send via the network, providing a much deeper level of security than standard browsing.
- Saving money. Companies charge different rates to people in different countries. Therefore, changing your IP can get you a better deal.
- Expanding content choice. Services like Netflix don’t offer the same TV shows and movies in every country or region, so your favorite movie could be unavailable. Using a VPN removes these limitations.
- Protecting work data. Businesses use VPNs to facilitate secure remote working, giving their employees the kind of flexibility and agility the modern economy demands.
- Secure torrenting. Many countries, particularly in the West, have been clamping down on copyright violations, many of which occur over P2P (such as torrents). A VPN will protect you from the copyright police.
- Improved connection speed. This may sound counter-intuitive, but VPNs can actually improve your connection if your ISP is throttling your speed (particularly for certain activities, such as P2P).
- Protection on unsecured wifi hotspots. Cafes and airports are notorious hunting grounds for hackers, who can place themselves between you and the router, intercepting all your data. Data encryption solves this.
Any of the above is a good reason to use a VPN service. However, there is really one overarching theme standing over all these disparate bullet points – anonymity, privacy, and freedom in a digital world, where much of everything happens out of sight and takes the form of binary numbers. From talking to loved ones, to voting, to entertainment, all of it is just data, and all of it travels through entities that don’t necessarily have your best interests at heart.
You could classify VPN tools a few different ways – by device type or where they are most commonly used (at home, at work, for entertainment, etc.). In the end, these are not fundamentally different from each other. VPN is a connection method, rather than an app or device.
With that said, here are some of the different types of VPNs.
VPNs come in two major forms: software VPNs and hardware VPNs.
Software VPNs are based on software that runs inside your OS. This software runs the encryption and authentication processes required to guard your privacy.
So, what is a VPN connection?
VPN services use tunneling protocols to create an encrypted “tunnel,” which protects your traffic as it flows from your device to the VPN server. This connection between your device and the VPN server is what we call a VPN connection.
Software VPN solutions (like NordVPN) are a convenient option for people who aren’t well-versed in working with router firmware and flashing apps onto external hardware. The best clients are both extremely easy to set up and highly effective.
Instead of buying a separate piece (or even pieces) of hardware, the users of a software VPN can just install an application and be up and running within moments.
We can further divide Software VPNs by the sort of device or platform they were created for. In that sense, they can be Mobile VPNs, Desktop VPNs, or VPN browser extensions.
Mobile VPNs are simply VPN apps for iOS, Android, Windows Phone, Blackberry, and other mobile operating systems. Like computer-based VPNs, they work by creating a “tunnel” between your phone and the VPN server you use to access the internet.
The differences between these clients and their Desktop brethren are dictated by the device: their interfaces are adapted for touchscreens, their features are tailored for the types of activities people normally engage in on their mobile devices, etc.
Because of the way cell phones work, mobile VPNs need to be a bit more sophisticated than other forms. For instance, they may need to deal with transitions from mobile data to wifi as you move around town. This is why tunneling protocols such as IKEv2 are often favored over OpenVPN.
Smartphone resources tend to be more limited than computer resources, so VPN tools have to be efficiently coded and have the smallest possible memory footprint.
For all of these reasons, it makes sense to take care when choosing a VPN on mobile devices. We’ll look a little more at how to make your decision in a moment, but first let’s run through a few very good reasons to install a VPN on your mobile device.
These are software VPNs for desktop operating systems, such as Windows, macOS, Linux, Chromebooks, and other, rarer OS types.
There are significant differences between these apps because different operating systems have different needs. For example, as an inherently less-secure OS, Windows requires VPN apps to include DNS leak protection.
Hardware VPN usually refers to a VPN service that runs on a network router.
With a hardware VPN, everything the VPN needs to do is handled by a standalone piece of tech (also running VPN software of some sort). This device will deal with the authentication procedures and encryption processes that lie at the heart of any VPN and may also provide a special firewall for extra safety. VPNs require a lot of computational power and, depending on the load, some routers may require an additional processor to run smoothly.
A site-to-site VPN is a direct VPN connection between two endpoints. For us to understand how site-to-site VPN works, we need to consider two offices (office A and B) located in different towns. The employee in office A needs to access a database, which is stored on a server that is in office B. Both offices are connected with peer VPNs. The two peers are connected via the internet.
VPN A must initiate a connection request to VPN B. If the security configurations and policy permits, VPN A authenticates VPN B. VPN A then uses a tunneling protocol to establish a secure tunnel. The employee can now access the database in office B as if he was physically present. The firewall strictly monitors the flow of data within the tunnel.
Site-to-site VPNs can be sorted into either extranet or intranet-based VPNs. The intranet is used when organizations have more than one branch office and wish to establish a secure intranet connection via a WAN. Extranet enables companies to extend their LAN to another company, which they trust (for example a supplier). In this case, they share resources without getting into each other’s separate intranets.
Hardware VPN for business?
If anything, hardware VPN solutions are more popular among professional users. Due to their adaptability and reliability, they often represent the most efficient and effective enterprise-wide solution for network security.
Of these two considerations, adaptability is probably the more important one. When you manage a business network, the composition of that network can change daily. New users might bring in laptops, workstations might come on or offline – it’s a recipe for confusion.
Implementing VPN hardware for business makes sense because it (largely) takes human error out of the equation, and makes life easier for the staff.
Moreover, there are significant cost considerations for businesses to think about. Implementing VPN hardware can work out much cheaper than installing a reliable VPN solution on every computer.
Estimates vary, but one expert has calculated the cost of setting up a VPN hardware device for a workforce of 1,000 people at around $8,000 per year. That includes initial setup costs, and also factors in ongoing maintenance. So it’s not a huge outlay for larger companies.
Hardware VPN for home use?
While it’s certainly possible to set up VPN hardware in your own home, this requires both more effort and more money.
Yet there are quite a few advantages:
- With VPN hardware, device management is easier. All of your devices can be protected via a central router, allowing users to add Amazon Fire Sticks, PlayStation 4 consoles, computers, and tablets onto a single VPN-protected network. That definitely beats installing clients on all devices that require protection.
- A hardware VPN client will always be active, or at least it will be active for as long as your router is turned on. So there’s no need to remember activating your client. It just slips into gear and protects you automatically – a neat fail-safe.
- VPN hardware makes it safer to use smart devices on your home network.
Paid vs Free – which is better?
There are two general types of free VPN services:
- Completely free (funded by ads and other means)
- Paid service with free version (funded by paying customers)
About the first type there is a good saying that goes “If it’s free, you are the product.” Usually, this means ads, but it can also mean the VPN service is tracking your online activity and selling that data (for strategic marketing or more nefarious purposes). Some might say “so what?” but for many that’s defeating the entire purpose of using a VPN.
The second other category is a lot safer to use, but there’s a different issue. Because the business model of these VPN services is to sell subscriptions, the free version is usually very limited. The most common limitations are:
- How much data you can download/upload
- Server switches
Paid VPNs are not ideal, but they are generally a lot more powerful and trustworthy.
Using insecure VPNs is almost as bad as having no VPN at all. In fact, it could be far worse. If users feel protected when they actually are not, they might let their guard down and share information or data which puts them at risk.
Here are some of the risks badly run VPNs can expose users to:
- Leak IP or DNS data
- Sell your online activity data to marketers
- Expose users to malware
- Use out of date (and easy to hack) encryption
Despite people knowing about the risks for years, many VPNs remain vulnerable to IPv6 leaks, connection drop leaks, WebRTC leaks – you name it. All of these VPN security vulnerabilities leave users wide open to hacking attempts or government surveillance.
Then there’s the integrity of the VPN service providers themselves. Even though they protect individuals against outside actors, VPNs have privileged access to the data and identity of their customers, which can be used for nefarious purposes.
A significant proportion of VPN users rely on them for protection in rather sensitive situations. Perhaps they’re journalists or political activists, hiding from the malicious gaze of government agencies. Or perhaps they’re simply torrenting and would rather not get hit with fines. Whatever the case may be, using a faulty VPN can cause a nasty surprise.
All data within the VPN tunnel is encrypted. The stronger the encryption – the more secure the user will be. When we talk about encryption within the context of VPNs, we usually mean three separate variables:
- Data encryption. This is the most-mentioned aspect of encryption. The most common cipher at the top of the VPN market is AES-256, which is often referred to as “military-grade” encryption by VPN service providers. However, there are other popular ciphers in use as well. One of these is AES-128, another is ChaCha20 – both are very secure alternatives. Less secure data encryption ciphers are variants of Blowfish or DES, which are sometimes also seen.
- Handshake. This is basically the algorithm used to initiate encrypted communication between devices. Common examples include RSA-2048 or RSA-4096, Diffie-Hellman key exchange, and others.
- Authentication. This refers to hash algorithms used to authenticate encrypted messages. Common examples include SHA-256, as well as the insecure SHA-1 and MD5.
The importance of strong encryption cannot be overstated, particularly if your data is very valuable/sensitive.
Security features of VPNs
Outside of the tunneling protocols and encryption standards, users should look at additional security features. These include the kill switch, leak protection measures, and other goodies. Here is a comprehensive list of security features offered by various VPN services:
- Kill switch. This is a feature dealing with one type of situation – what happens when your VPN connection breaks? Regularly, your computer would continue using your normal connection, which would reveal whatever you were trying to hide by using a VPN. A Kill switch will stop all traffic when your VPN connection is disrupted. There are two general kill switch categories – network kill switches and app kill switches. The first will stop all traffic, the second will stop all traffic from certain apps (which you get to make a list of). This is a very important feature which any respectable VPN must have.
- DNS leak protection. When you enter a URL into your browser address bar, your browser will have to look up the IP address of the host (e.g. amazon.com). To do this, it will send a request to a Domain Name System server (DNS server), which acts as a sort of internet phonebook. Normally, your computer uses the DNS server supplied by your Internet Service Provider (ISP). When you use a VPN, all traffic, including the DNS requests, should go through the VPN. This prevents your ISP from knowing the sites you visit. Unfortunately, due to various reasons (especially on Windows), DNS requests will go outside the VPN tunnel, which means your ISP will know what websites you are visiting. VPN providers usually have some sort of inbuilt DNS leak protection feature on their apps to prevent this from happening.
- IPv6 leak protection. If your IP address is IPv6, but your VPN can’t handle IPv6 requests, your IPv6 address may leak. To protect against such situations, VPNs either block IPv6 or support the standard.
- Multi-hop. VPN providers like to brand this feature – Double VPN (NordVPN), Secure Core (ProtonVPN), etc. This is quite rare, but not unheard of. Multi-hop is basically the function that allows you to string together several (usually 2) VPN connections – the VPN connects to one VPN server, and then instead of going straight to the host it first goes to another VPN server. This makes it even more difficult to trace where the request came from, however, it’s probably not entirely impervious. A common misunderstanding is that multi-hop encrypts your data twice – this is wrong, because it gets decrypted at the VPN server and then re-encrypted. Either way, multi-hop is the sign of a security-centric VPN. One thing to mention is probably that this will be a heavy burden on the user’s connection and speeds will suffer.
- Tor over VPN. Combining the Tor network with VPN for a higher level of security/privacy. Tor, short for “The Onion Router”, is a browser and free online network, whose purpose is to preserve the user’s anonymity. The network consists of volunteer routers or relays – anyone can become one. Instead of your computer contacting a server, the traffic is sent on a journey through several (or several hundred) of these relays. The traffic is encrypted – levels of encryption are added or removed at each relay (depending on which way the traffic is going). This makes it very difficult for observers to know what you are doing online. Tor is not ideal in terms of security, but combining it with VPN makes it more or less ideal. The speed of this will likely be worse even than multi-hop.
- Malware protection. Some VPN services have an integrated web browser safety feature, usually combining malware protection and an ad blocker. Like most malware protection tools, this will check the websites you’re visiting against a blacklist of known malicious websites. It will also block third-party trackers. Unfortunately, these features are usually a lot less effective than browser extensions like Ghostery.
- Stealth mode/protocol. Countries intent on censoring what people can see online may employ advanced measures to prevent VPN use. For example, it is a well-documented fact that China uses Deep Packet Inspection (DPI) to seek out OpenVPN traffic on a network and then proceeds to block it. Because of this, many of the top VPN services have begun using various methods to lessen the effectiveness of DPI. The basic idea behind these is to make VPN traffic “look like” HTTPS traffic or something entirely unrecognizable. The usual tools to achieve this are XOR-patched OpenVPN, Stunnel, and Obfsproxy.
- Split tunneling. Not strictly a security feature, but ends up making the service most secure. Split tunneling allows the user to create lists of domains or apps (or devices if you’ve set the VPN up on your router) which should only be accessed through the VPN, and others, which should not.
The service provider’s location is important due to the legal and institutional context in which the company must function. For example, some countries have draconian data retention laws, requiring telecommunications companies (sometimes including VPNs) to collect and store data about their user base. This is the case with a country like the UK and is reflected in the Privacy Policies of VPN services such as Hide My Ass.
Alternatively, there are countries like the United States of America, which don’t have data retention laws, but do have other privacy-damaging realities. For example, US intelligence agencies like the NSA are carrying out wide-ranging surveillance operations on all citizens and beyond the country’s borders. Furthermore, law enforcement has extensive legal powers to obtain information in the name of national security.
Then there is the ubiquitous statement about countries belonging to the 5 Eyes, 9 Eyes, and 14 Eyes country groups. This intelligence-sharing country group is infamous (due to the Edward Snowden revelations) for spying on each other’s citizens and sharing information between each other, among other things.
Finally, there’s arguably the worst group of countries to run a VPN service out of – repressive, censorious regimes. If a VPN service is run out of a country like China, Russia, Iran, Saudi Arabia, the United Arab Emirates, North Korea, Zimbabwe, Venezuela, Belarus, and so on – you can be almost sure that the government of that country knows all there is to know about the VPN’s users.
On the other end of the equation are that have rigorous privacy protection in place. These are countries like Switzerland or Iceland, as well as off-shore havens like the British Virgin Islands or Panama.
It’s certainly tough to interpret the legalese in these documents but it is advisable for those who intend to engage in sensitive activities.
Other privacy aspects
It is worth mentioning two more angles to consider: the website and the sign-up process.
Like most contemporary websites, VPN websites rely on third-party services to improve efficiency. This always constitutes a more or less significant breach of privacy, because third-party services require information about site visitors to function properly. Therefore, users should expect to be exposed to as few third-parties through VPN websites as possible. Furthermore, they should demand that VPNs expose them only to third-parties with sound privacy policies.
Users may also be giving up too much of their privacy during the sign-up process. Some services require personal data for sign-up, including names and addresses. Meanwhile, others will only ask for an email address or not even that. Additionally, there are also differences in terms of available payment methods. Users who desire to remain anonymous should go for VPNs that allow Bitcoin or gift card payments.
What makes a bad VPN?
Bad: Turbo VPN
Turbo VPN is owned by a Chinese company, which already disqualifies it from being called secure or privacy-friendly. In addition, it has no kill switch and no customer support to speak of. Unlike using the “good” examples in this section, Turbo VPN will significantly hamper your connection speed. There are also only apps for Android and iOS available – tough luck if you are using a desktop computer.
Bad: Hola VPN
A free P2P VPN service run out of the US, Hola VPN uses your idle bandwidth instead of regular VPN servers. The service has been involved in several scandals, including one where Hola VPN’s sister company, Luminati, sold user bandwidth to scammers, as a consequence of which it was used in a cyberattack. Hold VPN has also had DNS and WebRTC leaks, and little is known about its security features – what encryption (if any) it offers, what tunneling protocols are used, etc.
How to start using a VPN today
VPNs used to be a thing for large corporations with dedicated IT teams that can set it all up for you. Since then, VPNs have entered the mainstream. They’re easy to use and require very little setup. In fact, all you need to do is pay, sign up for the service, install the app, and start using it.
The rising popularity of VPNs has meant the growth in the number of tools as well as the differences in quality between the top and bottom. Research is now more important than ever!
Before you jump right in and buy a subscription, read a few reviews to get some idea on the possibilities and prices. If you know what it is you need a VPN service for, then perhaps looking through some of our top 10 VPN list will put you on the right track.
What else can I do to protect myself?
Using a VPN is just one of the steps towards security and anonymity online. Here are some of the other tools you should consider adding to your arsenal:
- Password manager. You probably have dozens of user accounts and keeping track of passwords can be a chore. Yet using the same few passwords everywhere is very dangerous – a data breach in one place can lead to your accounts getting hacked elsewhere. There are also very good reasons for using long and difficult passwords, which makes the issue even worse. Enter password managers – these tools will store all your passwords in an encrypted database, so you only have to remember one password.
- Secure email provider. Mainstream email providers like Google have all sorts of privacy issues, from exposure to various third-parties to the lack of end-to-end encryption. Thankfully the market doesn’t lack for secure alternatives, such as Protonmail or Tutanota.
- Firewalls and VPNs don’t always go together, but they should. Most of the time, conflicts with firewalls can be easily worked around, and it’s worth taking the time to do so. For instance, this could be as simple as adding an exception to Windows Defender, but you may need to toggle the “Do not use HTTPS protocol checking” option on the Windows Control Panel.
- Anti-virus software. As usual, it’s essential to add a layer of anti-virus protection because VPNs don’t do much for protection against malware.
- Browser extensions: HTTPS Everywhere, anti-tracker tool (Ghostery, uBlock Origin, DuckDuckGo, etc.).
Finally, be sure to keep your software up to date. Hackers work hard to find ever new vulnerabilities and software developers toil to patch them – don’t make them work in vain!