A Virtual Private Network, or VPN in short, is an online service that creates a secure connection to another network over the internet. It hides your IP address and encrypts your traffic, effectively shielding you from your Internet Service Provider (ISP) and your government. VPNs are used to secure public wi-fi hotspots, unblock geo-restricted services such as Netflix, protect downloading torrents, avoid speed throttling, and much more.
What does a VPN do?
A VPN is a tool for security and privacy, but it can do way more than that. So if you ever asked yourself, “Why do I need a VPN?”, read on to find out.
For starters, it hides your IP which gives away your location and, with a little help from your ISP, can be used by the government to track you. Online websites and services use your IP to block resources, such as streaming platforms. If torrenting is illegal in your country, the IP will also give away that you’re using P2P. Finally, hackers can compromise your system if they have an IP address to work with.
Additionally, a VPN encrypts your traffic so that it becomes virtually undecipherable to third-parties. This means that your IPS or your government may see that you’re using a VPN but they will have no way to tell what you are doing online.
Finally, a VPN will protect your connection to public wifi, help avoid bandwidth throttling, and fight internet censorship. Some Virtual Private Networks even offer their own anti-malware solutions.
How does a VPN work?
Without a VPN, your connection request goes straight to the ISP which in turn forwards it to your desired online resource. In this case, some of your traffic will be unencrypted and your ISP will know everything that you do on the internet. Last but not least, your IP address is visible and gives away your approximate location.
With a VPN, your connection request goes to your VPN client which encrypts all data and hides your IP address. So when your request reaches your ISP, it can only see that you’ve connected to a VPN server. And when it reaches your desired online resource, it can only see the IP address of the VPN server and has no way to tell where is the original source of this traffic.
This process involves creating what is known as a VPN tunnel. This uses special tunneling protocols to “wrap” packets of data in a layer of encryption so that any interceptor would be unable to make any sense of it.
You could classify VPNs in a few different ways – by device type or where they are most commonly used (at home, at work, for entertainment, etc.). In the end, these are not fundamentally different from each other. VPN is a connection method, rather than an app or device.
With that said, let’s look at two VPN types – remote-access and site-to-site. The former is mainly used by consumers while the latter is aimed at businesses.
Remote access VPN
If you’re looking for a VPN for yourself, most likely you will end up with a remote access VPN. It’s the most popular VPN type that got its name because it connects you to a remote server. It hides your IP and encrypts the traffic, making it inaccessible to third-parties.
The majority of commercial B2C services are remote access VPNs. Our website also focuses on these consumer-oriented providers. Since they’re not aimed at IT professionals, these VPNs can be easily installed and used by anyone without prior knowledge.
Some VPNs also offer business plans for small teams. However, they are unsuitable for large-scale business needs.
Site-to-site VPNs can be sorted into either extranet or intranet-based VPNs. The intranet is used when organizations have more than one branch office and wish to establish a secure intranet connection via a Wide Area Network (WAN). Extranet enables companies to extend their Local Area Network (LAN) to another company, which they trust (for example, a supplier). In this case, they share resources without getting into each other’s separate intranets.
VPNs of this type are hard to implement and require many resources. That’s why you will probably encounter one only in a large business setting.
What is a VPN protocol?
Also known as security protocols or tunneling protocols, VPN protocols help establish a connection between two networks. They vary greatly in security, speed, and compatibility. Most VPN providers will offer you at least two tunneling protocols to choose from on desktop computers. When it comes to mobile, it’s more often the provider who decides which security protocol you’ll be using on your Android or iPhone.
Below you will find a list of most common VPN protocols and their short descriptions. For a more in-depth look, check out our dedicated page on tunneling protocols.
Deemed to be the next-gen tunneling protocol, WireGuard is relatively new. However, some providers like NordVPN or Private Internet Access have already implemented it. In the next few years, WireGuard should be available on most premium VPNs, because its speed and safety are unparalleled. What’s more, this open-source protocol is easy to implement and audit.
Arguably the most popular tunneling protocol, OpenVPN is supported by virtually every VPN. It’s open-source, very secure, and supports all major platforms. OpenVPN works with either UDP or TCP network protocols where the former is faster but the latter is more stable. Unfortunately, it’s hard to configure and audit while being easy to detect by Deep Packet Inspection (DPI).
Another common protocol, especially on mobile devices, IKEv2 brings security and speed. It’s usually implemented together with IPSec protocol, where IKEv2 does the transport part and IPSec ensures safety. This protocol has native support on iOS, so expect to see it on the mobile versions of most VPNs. IKEv2’s biggest drawback is that it’s not open-source and cannot be audited.
Just like IKEv2, it’s made out of two protocols and is most often used on iOS mobile devices. L2TP/IPSec is still quite common but already outdated, so you should avoid using it whenever possible. That’s because Snowden leaks have confirmed that L2TP/IPSec may have been hacked by the US government.
SSTP is a less popular protocol, mostly because it was created by Microsoft and works only on Windows, with some exceptions. It’s hard to block by using DPI and can pass firewalls pretty easily. However, there are some concerns that Microsoft may have a backdoor for accessing SSTP traffic.
PPTP is a rare, totally outdated, and not secure protocol that you shouldn’t be using. Just like SSTP, it was developed by Microsoft. The problem is that this happened back when Windows 95 was the latest OS. Although its quite fast, this comes at the cost of safety which is simply too high.
VPNs and online security
Using insecure VPNs is almost as bad as having no VPN at all. In fact, it could be far worse. If users feel protected when they actually are not, they might let their guard down and share information or data which puts them at risk.
Here are some of the risks badly run VPNs can expose users to:
- IP and DNS leaks
- Your online activity data sold to marketers
- Exposure to malware
- Out of date (and easy to hack) encryption
Despite people knowing about these risks, many VPNs remain vulnerable to IPv6 leaks, connection drop leaks, WebRTC leaks – you name it. All of these VPN security vulnerabilities leave users wide open to hacking attempts or government surveillance.
Then there’s the integrity of the VPN service providers themselves. Even though they protect individuals against outside actors, VPNs have privileged access to the data and identity of their customers, which can be used for nefarious purposes.
A significant proportion of VPN users rely on them for protection in rather sensitive situations. Perhaps they’re journalists or political activists, hiding from the malicious gaze of government agencies. Or perhaps they’re simply torrenting and would rather not get hit with fines. Whatever the case may be, using a faulty VPN can cause a nasty surprise.
Can a VPN protect me from hackers?
A VPN can protect you from hackers, but just like any other online security solution, it doesn’t give a 100% guarantee. That being said, a solid VPN will make hacker’s work much harder and that’s the least you can do.
For starters, a VPN encrypts your traffic using a military-grade cipher, which severy impedes any hacker. Furthermore, DNS and IP leak protection means that getting your real IP address will be quite a challenge. Finally, services like NordVPN and Surfshark provide multi-hop feature which routes your traffic via not one but two servers.
Want to learn more on how a VPN can protect you from hackers? Head right to our dedicated article!
Do VPN providers see my online activity?
When you’re using a VPN, your ISP cannot see what you do online because your traffic is encrypted. But can a VPN provider see your online activity? Well, it depends on the VPN you’re using.
Technically, all of them can see your traffic, so this is a matter of ethics. Usually, VPN providers claim to have a no-logs policy, meaning that they don’t monitor and don’t store your session’s logs. However, not all of them practice what they preach. For instance, in 2017, PureVPN admitted handing over logs of a suspected cyberstalker to the FBI.
Then there’s the legal system of each country. Some like Australia have strict data retention laws, requiring VPNs to store logs for two years. That’s why best VPNs try to register themselves in privacy-friendly countries like Switzerland which are also not in the Fourteen Eyes intelligence alliance.
How to choose a VPN?
Choosing the best VPN depends on your priorities. Some providers are more secure, others are really fast, while some excel at streaming and torrenting. There are even some that manage to offer all that without breaking your bank. That being said, some VPNs offer free versions that might be the right fit.
In any case, the most important thing when choosing a VPN is its security and privacy features. You should check what kind of encryption and tunneling protocols are available. Next, make sure your VPN has a kill switch which is a crucial feature. Other security features like multi-hop or Tor over VPN are nice to have but not necessary unless you will be dealing with especially sensitive material.
Below I will cover the most important elements of choosing a VPN in more detail.
Outside of the tunneling protocols and military-grade AES 256-bit encryption, users should look at additional security features. These, among others, include the kill switch, multi-hop, and Tor over VPN.
What is a kill switch?
This is a feature dealing with one type of situation – what happens when your VPN connection breaks? Regularly, your computer would continue using your normal connection, which would reveal your IP and your location. A kill switch will stop all traffic when your VPN connection is disrupted.
There are two general kill switch categories – network kill switches and app kill switches. The first will stop all traffic, the second will stop all traffic from your chosen apps. This is a very important feature that every respectable VPN should have.
A kill switch can be especially important for torrenters if P2P is illegal in their country. Imagine if you’re downloading a file and suddenly your VPN connection drops. Your real IP is automatically exposed and that might be enough to start a prosecution.
What is multi-hop?
VPN providers like to brand this feature – Double VPN (NordVPN), Secure Core (ProtonVPN), etc. This is quite rare, but not unheard of. Multi-hop is basically the function that allows you to string together several (usually 2) VPN connections. The VPN client connects to one server, and then instead of going straight to the destination it first goes to another VPN server.
This makes it even more difficult to trace where the request came from. However, it’s probably not entirely impervious. A common misunderstanding is that multi-hop encrypts your data twice – this is wrong because it gets decrypted at the VPN server and then re-encrypted. Either way, multi-hop is the sign of a security-centric VPN. One thing to mention is probably that this will be a heavy burden on the user’s connection and speeds will suffer.
What is Tor over VPN?
Tor over VPN combines Tor network with a VPN for a higher level of security and privacy. Tor, short for “The Onion Router”, is a browser and free online network, whose purpose is to preserve user’s anonymity. The network consists of volunteer routers or relays – anyone can become one.
Instead of your computer contacting a server, the traffic is sent on a journey through several (or several hundred) of these relays. The traffic is encrypted – levels of encryption are added or removed at each relay (depending on which way the traffic is going). This makes it very difficult for observers to know what you are doing online. Tor is not ideal in terms of security, but combining it with a VPN makes it more or less ideal. The downside is that the speed of such a connection will likely be worse even than multi-hop.
The service provider’s location is important due to the legal and institutional context in which the company must function. For example, some countries have draconian data retention laws, requiring telecommunications companies (sometimes including VPNs) to collect and store data about their user base. This is the case with a country like the UK and is reflected in the Privacy Policies of VPN services such as Hide My Ass.
Alternatively, there are countries like the United States of America, which don’t have data retention laws, but do have other privacy-damaging realities. For example, US intelligence agencies like the NSA are carrying out wide-ranging surveillance operations on all citizens and beyond the country’s borders. Furthermore, law enforcement has extensive legal powers to obtain information in the name of national security.
Then there is the ubiquitous statement about countries belonging to the 5 Eyes, 9 Eyes, and 14 Eyes country groups. This intelligence-sharing country group is infamous (due to the Edward Snowden revelations) for spying on each other’s citizens and sharing information between each other, among other things.
Finally, there’s arguably the worst group of countries to run a VPN service out of – repressive, censorious regimes. If a VPN service is run out of a country like China, Russia, Iran, Saudi Arabia, the United Arab Emirates, North Korea, Zimbabwe, Venezuela, Belarus, and so on – you can be almost sure that the government of that country knows all there is to know about the VPN’s users.
On the other end of the equation are that have rigorous privacy protection in place. These are countries like Switzerland or Iceland, as well as off-shore havens like the British Virgin Islands or Panama.
It’s certainly tough to interpret the legalese in these documents but it is advisable for those who intend to engage in sensitive activities.
Other privacy aspects
It is worth mentioning two more angles to consider: the website and the sign-up process.
Like most contemporary websites, VPN websites rely on third-party services to improve efficiency. This always constitutes a more or less significant breach of privacy, because third-party services require information about site visitors to function properly. Therefore, users should expect to be exposed to as few third-parties through VPN websites as possible. Furthermore, they should demand that VPNs expose them only to third-parties with sound privacy policies.
Users may also be giving up too much of their privacy during the sign-up process. Some services require personal data for sign-up, including names and addresses. Meanwhile, others will only ask for an email address or not even that. Additionally, there are also differences in terms of available payment methods. Users who desire to remain anonymous should go for VPNs that allow Bitcoin or gift card payments.
Paid vs Free – which is better?
There are two general types of free VPN services:
- Completely free (funded by ads and other means)
- Paid service with free version (funded by paying customers)
About the first type there is a good saying that goes “If it’s free, you are the product.” Usually, this means ads, but it can also mean the VPN service is tracking your online activity and selling that data (for strategic marketing or more nefarious purposes). Some might say “so what?” but for many that’s defeating the entire purpose of using a VPN.
The second other category is a lot safer to use, but there’s a different issue. Because the business model of these VPN services is to sell subscriptions, the free version is usually very limited. The most common limitations are:
- How much data you can download/upload
- Server switches
Paid VPNs are not ideal, but they are generally a lot more powerful and trustworthy.
What makes a bad VPN?
Bad: Turbo VPN
Turbo VPN is owned by a Chinese company, which already disqualifies it from being called secure or privacy-friendly. In addition, it has no kill switch and no customer support to speak of. Unlike using the “good” examples in this section, Turbo VPN will significantly hamper your connection speed. There are also only apps for Android and iOS available – tough luck if you are using a desktop computer.
Bad: Hola VPN
A free P2P VPN service run out of the US, Hola VPN uses your idle bandwidth instead of regular VPN servers. The service has been involved in several scandals, including one where Hola VPN’s sister company, Luminati, sold user bandwidth to scammers, as a consequence of which it was used in a cyberattack. Hold VPN has also had DNS and WebRTC leaks, and little is known about its security features – what encryption (if any) it offers, what tunneling protocols are used, etc.
Should I use a VPN?
You should consider using a VPN for any of the reasons below:
- Masking your identity from outsiders. What is a VPN if not a privacy-restorer? VPNs have obvious benefits for privacy because they hide your IP and encrypt your data.
- Getting around government censorship. By obscuring what websites you’re visiting, VPNs can trick censors.
- Encrypting data. VPNs encrypt any data that you send via the network, providing a much deeper level of security than standard browsing.
- Saving money. Companies charge different rates to people in different countries. Therefore, changing your IP can get you a better deal.
- Expanding content choice. Services like Netflix don’t offer the same TV shows and movies in every country or region, so your favorite movie could be unavailable. Using a VPN removes these limitations.
- Protecting work data. Businesses use VPNs to facilitate secure remote working, giving their employees the kind of flexibility and agility the modern economy demands.
- Secure torrenting. Many countries, particularly in the West, have been clamping down on copyright violations, many of which occur over P2P (such as torrents). A VPN will protect you from the copyright police.
- Improved connection speed. This may sound counter-intuitive, but VPNs can actually improve your connection if your ISP is throttling your speed (particularly for certain activities, such as P2P).
- Protection on unsecured wifi hotspots. Cafes and airports are notorious hunting grounds for hackers, who can place themselves between you and the router, intercepting all your data. Data encryption solves this.
Any of the above is a good reason to use a VPN service. However, there is really one overarching theme standing over all these disparate bullet points – anonymity, privacy, and freedom in a digital world, where much of everything happens out of sight and takes the form of binary numbers. From talking to loved ones, to voting, to entertainment, all of it is just data, and all of it travels through entities that don’t necessarily have your best interests at heart.
How to start using a VPN today
VPNs used to be a thing for large corporations with dedicated IT teams that can set it all up for you. Since then, VPNs have entered the mainstream. They’re easy to use and require very little setup. In fact, all you need to do is pay, sign up for the service, install the app, and start using it.
The rising popularity of VPNs has meant the growth in the number of tools as well as the differences in quality between the top and bottom. Research is now more important than ever!
Before you jump right in and buy a subscription, read a few reviews to get some idea on the possibilities and prices. If you know what it is you need a VPN service for, then perhaps looking through some of our top 10 VPN list will put you on the right track.
What else can I do to protect myself?
Using a VPN is just one of the steps towards security and anonymity online. Here are some of the other tools you should consider adding to your arsenal:
- Password manager. You probably have dozens of user accounts and keeping track of passwords can be a chore. Yet using the same few passwords everywhere is very dangerous – a data breach in one place can lead to your accounts getting hacked elsewhere. There are also very good reasons for using long and difficult passwords, which makes the issue even worse. Enter password managers – these tools will store all your passwords in an encrypted database, so you only have to remember one password.
- Secure email provider. Mainstream email providers like Google have all sorts of privacy issues, from exposure to various third-parties to the lack of end-to-end encryption. Thankfully the market doesn’t lack for secure alternatives, such as Protonmail or Tutanota.
- Firewalls and VPNs don’t always go together, but they should. Most of the time, conflicts with firewalls can be easily worked around, and it’s worth taking the time to do so. For instance, this could be as simple as adding an exception to Windows Defender, but you may need to toggle the “Do not use HTTPS protocol checking” option on the Windows Control Panel.
- Anti-virus software. As usual, it’s essential to add a layer of anti-virus protection because VPNs don’t do much for protection against malware.
- Browser extensions: HTTPS Everywhere, anti-tracker tool (Ghostery, uBlock Origin, DuckDuckGo, etc.).
Finally, be sure to keep your software up to date. Hackers work hard to find ever new vulnerabilities and software developers toil to patch them – don’t make them work in vain!