A Virtual Private Network, or VPN in short, is an online service that creates a secure connection to another network over the internet. It hides your IP address and encrypts your traffic, effectively shielding you from your Internet Service Provider (ISP) and your government. VPNs are used to secure public wifi hotspots, unblock geo-restricted services such as Netflix, protect downloading torrents, avoid speed throttling, and much more.
Table of Contents
- What does a VPN do?
- How does a VPN work?
- VPN types
- What is a VPN protocol?
- VPNs and online security
- How to choose a VPN?
- Free VPN vs paid VPN – which one is better?
- How to set up a VPN?
- Should I use a VPN for torrenting?
- Is using a VPN for online streaming a good idea?
- What are the most popular VPNs on the market?
- VPN FAQ
What does a VPN do?
A VPN is a tool for security and privacy, but it can do way more than that. So if you ever asked yourself, “Why do I need a VPN?”, read on to find out. Here’s what a VPN does:
- Encryption. A VPN encrypts your traffic so that it becomes virtually undecipherable to third-parties. This means that your ISP or your government may see that you’re using a VPN, but they will have no way to tell what you are doing online.
- Hiding your IP. A VPN hides your IP, which gives away your location and, with a little help from your ISP, can be used by the government to track you.
- Access to Netflix. Streaming platforms, such as Netflix, Peacock, or Disney+, use geo-blocking. With a VPN, you’ll be able to watch your movies and shows outside the US.
- Protects torrenting. P2P is illegal in some countries, while others check for copyright infringement on a regular basis. A VPN will protect your torrenting and may also allow seeding via port forwarding.
- Bypasses firewalls. From the ones at your office to the one used in China, firewalls block certain websites from users. Thanks to a VPN, you can visit Facebook, YouTube, Google, and other popular sites wherever you may be.
Finally, a VPN will protect your connection to public wifi and help avoid bandwidth throttling. Some Virtual Private Networks even offer their own anti-malware solutions.
What does a VPN hide?
As you’ve probably seen in the section below, VPNs hides your real IP address. It also encrypts your traffic using a military-grade cipher. But how does that translate into real-world scenarios? Let’s take a look.
- Browsing history. Both your ISP and your web browser track what you do on the web. Most often that knowledge is used for profit. Even more, browsing history can also be linked with your IP address. With a VPN, you effectively hide not only your browsing history but also your IP and your traffic.
- Location. Your IP gives away your approximate location. With a VPN, it becomes hard to track the places you’ve visited that might be used to tailor ads targeted right at you. What’s more, hiding your location enables you to access geo-block content, such as Netflix and other streaming platforms.
- Web activity. If you’re using a VPN provider that doesn’t log your web activity, you can be sure that neither your ISP nor your government know what you’re doing online. All they have is that you use a VPN, which is probably legal in your country.
How does a VPN work?
Without a VPN, your connection request goes straight to the ISP, which in turn forwards it to your desired online resource. In this case, some of your traffic will be unencrypted, and your ISP will know everything that you do on the internet. Last but not least, your IP address is visible and gives away your approximate location.
A VPN works by sending your connection request to the VPN client, which encrypts all data and hides your IP address. So when your request reaches your ISP, it can only see that you’ve connected to a VPN server. And when it reaches your desired online resource, it can only see the IP address of the VPN server and has no way to tell where is the source of this traffic.
This process, illustrated above, involves creating what is known as a VPN tunnel. This uses special tunneling protocols to “wrap” packets of data in a layer of encryption so that any interceptor would be unable to make any sense of it. Most VPNs use military-grade encryption, which means that it’s virtually impossible to break the cipher using a brute force attack.
You can classify VPNs in a few different ways – by device type or where they are most commonly used (at home, at work, for entertainment, etc.). In the end, they are not fundamentally different from each other. VPN is a connection method, rather than an app or device.
With that said, let’s look at two VPN types – remote-access and site-to-site. Consumers mainly use the former while the latter is aimed at businesses.
If you’re looking for a VPN for yourself, most likely you will end up with a remote-access VPN. It’s the most popular VPN type that got its name because it connects you to a remote server. Remote-access VPN hides your IP and encrypts the traffic, making it inaccessible to third-parties.
The majority of commercial B2C services are remote-access VPNs. Our website also focuses on these consumer-oriented providers. Since they’re not aimed at IT professionals, these VPNs can be easily installed and used by anyone without prior knowledge.
Some remote-access VPNs also offer business plans for small teams. However, they are unsuitable for large-scale business needs.
Site-to-site VPNs can be sorted into extranet and intranet-based VPNs. The intranet is used when organizations have more than one branch office and wish to establish a secure intranet connection via a Wide Area Network (WAN). Extranet enables companies to extend their Local Area Network (LAN) to another company, which they trust (for example, a supplier). In this case, they share resources without getting into each other’s separate intranets.
VPNs of this type are hard to implement and require many resources. That’s why you will probably encounter one only in a large business setting.
What is a VPN protocol?
Also known as security protocols or tunneling protocols, VPN protocols help establish a connection between two networks. They vary greatly in security, speed, and compatibility. Most VPN providers will offer you at least two tunneling protocols to choose from on desktop computers. When it comes to mobile, it’s more often the provider that decides which security protocol you’ll be using on your Android or iPhone.
Below you will find a list of most common VPN protocols and their short descriptions. For a more in-depth look, check out our dedicated page on tunneling protocols.
Deemed to be the next-gen tunneling protocol, WireGuard is relatively new. However, some providers like NordVPN or Private Internet Access have already implemented it. In the next few years, WireGuard should be available on most premium VPNs, because its speed and safety are unparalleled. What’s more, this open-source protocol is easy to implement and audit.
Arguably the most popular tunneling protocol, OpenVPN, is supported by virtually every VPN. It’s open-source, very secure, and supports all major platforms. OpenVPN works with either UDP or TCP network protocols where the former is faster, but the latter is more stable. Unfortunately, it’s hard to configure and audit while also being easy to detect by Deep Packet Inspection (DPI).
Another common protocol, especially on mobile devices, IKEv2, brings security and speed. It’s usually implemented together with IPSec protocol, where IKEv2 does the transport part, and IPSec ensures safety. This protocol has native support on iOS, so expect to see it on the mobile versions of most VPNs. IKEv2’s biggest drawback is that it’s not open-source and cannot be audited.
Just like IKEv2, it’s made out of two protocols and is most often used on iOS mobile devices. L2TP/IPSec is still quite common but already outdated, so you should avoid using it whenever possible. That’s because Snowden leaks have confirmed that the US government may have hacked L2TP/IPSec.
SSTP is a less popular protocol, mostly because it was created by Microsoft and works only on Windows, with some exceptions. It’s hard to block by using DPI and can pass firewalls pretty easily. However, there are some concerns that Microsoft may have a backdoor for accessing SSTP traffic.
PPTP is a rare, totally outdated, and not secure protocol that you shouldn’t be using. Just like SSTP, it was developed by Microsoft. The problem is that this happened back when Windows 95 was the latest OS. Although its quite fast, this comes at the cost of safety, which is simply too high.
VPNs and online security
Using insecure VPNs is almost as bad as having no VPN at all. In fact, it could be far worse. If users feel protected when they actually are not, they might let their guard down and share information that puts them at risk.
Here are some of the risks that poorly run VPNs can expose users to:
- IP and DNS leaks
- Your online activity data sold to marketers
- Exposure to malware
- Out of date (and easy to hack) encryption
Despite people knowing about these risks, many VPNs remain vulnerable to IPv6, DNS, and WebRTC leaks – you name it. All of these VPN security vulnerabilities leave users wide open to hacking attempts or government surveillance.
Then there’s the integrity of the VPN providers themselves. Even though they protect individuals against outside actors, VPNs have privileged access to the data and identity of their customers, which can be used for nefarious purposes.
A significant proportion of VPN users rely on them for protection in rather sensitive situations. Perhaps they’re journalists or political activists, hiding from the malicious gaze of government agencies. Or perhaps they’re simply torrenting and would rather not get hit with fines. Whatever the case may be, using a faulty VPN can result in a nasty surprise.
Can a VPN protect me from hackers?
A VPN can protect you from hackers, but just like any other online security solution, it doesn’t give a 100% guarantee. That being said, a solid VPN will make hacker’s work much harder, and that’s the least you can do for your safety.
For starters, a VPN encrypts your traffic using a military-grade cipher, which severy impedes any hacker. Furthermore, DNS and IP leak protection means that getting your real IP address will be quite a challenge. Finally, services like NordVPN and Surfshark provide a multi-hop feature which routes your traffic via not one but two servers.
Want to learn more about how a VPN can protect you from hackers? Head right to our dedicated article!
Do VPN providers see my online activity?
When you’re using a VPN, your ISP cannot see what you do online because your traffic is encrypted. But can a VPN provider see your online activity? Well, it depends on the VPN you’re using.
Technically, all of them can see your traffic, so this is a matter of ethics. Usually, VPN providers claim to have a no-logs policy, meaning that they don’t monitor and don’t store your session’s logs. However, not all of them practice what they preach. For instance, in 2017, PureVPN admitted handing over logs of a suspected cyberstalker to the FBI.
Then there’s the legal system of each country. Some like Australia have strict data retention laws, requiring VPNs to store logs for two years. That’s why best VPNs try to register themselves in privacy-friendly countries like Switzerland, which are also not in the Fourteen Eyes intelligence alliance.
How to choose a VPN?
Choosing the best VPN depends on your priorities. Some providers are more secure, others are really fast, while some excel at streaming and torrenting. There are even some that manage to offer all that without breaking your bank. That being said, some VPNs offer free versions that might be the right fit for you.
In any case, the most important thing when choosing a VPN is its security and privacy features. Here’s what you should look at:
- Military-grade encryption (AES 256-bit)
- Tunneling protocols (WireGuard, OpenVPN, IKEv2/IPSec)
- Kill switch
- Tor over VPN
- Provider’s location
- Logging policy
- Anonymous sign-up
Below I will cover the most important elements of choosing a VPN in more detail.
Outside of the tunneling protocols and military-grade AES 256-bit encryption, users should look at additional security features. These, among others, include the kill switch, multi-hop, and Tor over VPN.
What is a kill switch?
This is a feature dealing with one type of situation – what happens when your VPN connection breaks? Your computer continues using your normal connection, which reveals your IP and your location. A kill switch stops all traffic when your VPN connection is disrupted.
There are two general kill switch categories – network kill switches and app kill switches. The first will stop all traffic, and the second will stop all traffic from your chosen apps. It’s a critical feature that every respectable VPN should have.
A kill switch can be crucial for torrenters if P2P is illegal in their country. Imagine if you’re downloading a file, and suddenly your VPN connection drops. Your real IP is automatically exposed, and that might be enough to start a prosecution.
What is multi-hop?
VPN providers like to brand this feature – Double VPN (NordVPN), Secure Core (ProtonVPN), etc. This is quite rare, but not unheard of. Multi-hop is basically the function that allows you to string together several (usually 2) VPN connections. The VPN client connects to one server, and then, instead of going straight to the destination, it first goes to another VPN server.
This makes it even more difficult to trace where the request came from. However, it’s still possible. A common misunderstanding is that multi-hop encrypts your data twice – this is wrong because it gets decrypted at the VPN server and then re-encrypted. Either way, multi-hop is the sign of a security-centric VPN. One thing to mention is that this will be a heavy burden on the user’s connection, resulting in slower speeds.
What is Tor over VPN?
Tor over VPN combines Tor network with a VPN for a higher level of security and privacy. Tor, short for “The Onion Router,” is a browser and free online network, whose purpose is to preserve user’s anonymity. It consists of volunteer routers or relays – anyone can become one.
Instead of your computer contacting a server, the traffic is sent on a journey through several (or several hundred) of these relays. The traffic is encrypted – levels of encryption are added or removed at each relay (depending on which way the traffic is going). This makes it very difficult for observers to know what you are doing online. Tor is not perfect in terms of security, but combining it with a VPN makes it more or less unbeatable. The downside is that the speed of such a connection will likely be even worse than multi-hop.
VPN’s location is important due to the legal and institutional context in which the company must function. Some countries like the UK have draconian data retention laws, requiring to collect and store data about their users. Others like the US don’t have data retention laws but have agencies like the NSA that carry out wide-ranging surveillance operations.
Then we have countries that belong to the Fourteen Eyes intelligence alliance. Thanks to Edward Snowden, this group is known for spying on each other’s citizens and sharing collected information, among other things.
Finally, the likes of China, Russia, Iran, Saudi Arabia, the United Arab Emirates, or North Korea are arguably the worst countries to run a VPN service out of. You can almost be sure that their governments know all there is to know about the VPN users.
On the other end of the equation are countries like Switzerland that have rigorous privacy protection in place. That includes off-shore havens like the British Virgin Islands or Panama as well.
Having said that, we can group all VPNs and their privacy policies into these categories:
- Court-proven no-logs policy. These VPNs really have a no-logs policy and can be trusted. Examples include ExpressVPN and Private Internet Access.
- Independently-audited no-logs policy. Some VPNs like NordVPN or Surfshark invest in having their no-logs policies audited by a third-party, which is a sign that they’re serious about your privacy.
- Minimal logging. Some providers like PrivateVPN claim to do minimal logging, and we’re inclined to trust them for the time being because they rank high in other areas, such as security.
- More than minimal logging. These services, such as TunnelBear, should be approached cautiously because they care less about your privacy.
- Extensive logging. Finally, we have services that collect as much data as possible and probably sell it to third-parties. That’s why they have no problem with handing over your information to authorities if needed.
The other two important aspects of VPN privacy are the website and the sign-up process.
Most VPN websites rely on third-party services to improve efficiency. Therefore, users should be exposed to as few third-parties as possible. Furthermore, they should demand that VPNs disclose their data only to third-parties with sound privacy policies.
When it comes to signing up, some services require personal data that includes names and addresses. Meanwhile, others will only ask for an email, which can be a throwaway account. Additionally, anonymous payment methods, such as cryptocurrencies and gift cards, are also important.
Free VPN vs paid VPN – which one is better?
While paid VPNs are generally better, it’s hard to tell whether a free VPN wouldn’t be enough for you. It all comes down to your online hobbies and habits – chances are you don’t need to pay to get what you need. On the other hand, the majority of premium VPNs come with a month-long money-back guarantee, meaning that you won’t have to pay for something you don’t like.
Are there any problems or risks with using a free VPN?
In general, using a free VPN is riskier, although it depends on its type. There are two types of free VPN services:
- Completely free (funded by ads and other means)
- Paid service with a free version (funded by paying customers)
“If it’s free, you are the product” – this applies to the first type of free VPNs. Usually, this means ads, but it can also mean that the VPN is tracking your online activity and selling that data. Some might say, “so what?” but for many, that’s defeating the entire purpose of using a VPN.
The second free VPN type is less risky, but there’s a different issue. Because the business model of these VPN services is to sell subscriptions, the free versions are usually very limited.
The most common limitations are:
- How much data you can download/upload
- Simultaneous connections
- Customer support
Finally, some shady free VPNs might inject your device with malware, steal your bandwidth, or sell your data on the black market to hackers and fraudsters. That’s why I recommend choosing from the top free VPNs.
Are paid VPNs better, and why?
Paid VPNs are not ideal, but they are generally a lot more powerful and trustworthy. For starters, they don’t come with the free VPN limitations, such as security, privacy, speed, or customer support. They don’t show ads, don’t sell your data, and actually put effort into keeping you safe online. This includes offering a reliable kill switch and leak protection – something that many free VPNs lack.
What’s more, free VPNs won’t be able to unblock Netflix and other streaming platforms. They might not support torrenting as well. Therefore, if you want to access your favorite movies and shows in addition to allowing P2P traffic, a paid VPN is the way to go. The best part is that you will be able to get your money back most of the time if the service didn’t live up to your expectations.
How to set up a VPN?
Most VPNs are easy to set up and use. In fact, all you need to do is pay, sign up for the service, install the app, log in, and start using it. Even if there’s no dedicated client for a particular device, most likely, you can manually configure it using a step-by-step guide.
If, for some reason, you don’t want to use the VPN app, you can download OpenVPN software and the configuration files from your provider’s website. Of course, you will be able to use only the OpenVPN tunneling protocol.
After you log in, you will be able to choose the fastest server or any other that’s available. Just have in mind that not all servers may be suitable for streaming or torrenting. Most providers mark specialized servers either in the app or on their website.
Finally, before you connect, make sure that the kill switch is on. Some VPN services have it turned off by default even though it’s crucial for keeping your IP address hidden in case the VPN fails.
Want to learn more? Read our ultimate guide on setting up a VPN.
Should I use a VPN for torrenting?
You should use a VPN for torrenting, even if it’s legal in your country. For starters, not only your ISP but also leechers can see your IP address and determine your location. This can result in a cyberattack against you or the government sending you a legal notice.
However, when you use a VPN, your traffic is encrypted, and third-parties see only the IP address of the server that you’re connected to. There’s also no way to tell what you’re actually downloading or seeding because data deciphering using brute force would take eons.
Is using a VPN for online streaming a good idea?
Using a VPN for streaming Netflix and other content platforms is a good idea. First and foremost, a good streaming VPN greatly expands your selection. Furthermore, a VPN can unblock Netflix libraries from different continents, in addition to streaming services that are unavailable in your country. These include Disney+, Amazon Prime, BBC iPlayer, and Hulu, among others.
That being said, you need a paid VPN to watch Netflix and other platforms. Free VPNs are easily blocked and often prove to be too slow to stream in HD quality.
To sum up, as long as Netflix libraries will offer different content and new streaming services will be popping up, using a VPN for streaming will be a good idea.
How do I use a VPN with Netflix?
After you install the VPN on your device, the only thing left to do is to choose a server in a country that has your desired Netflix library. You can change your Netflix region in three steps:
- Connect to a server in your country of choice
- Check if your IP has changed to that of your chosen country
- Go to the Netflix website or app and log in
To learn which countries have the biggest Netflix libraries and which Netflix VPN to choose, head straight to our article on how to change Netflix region.
Is there a good reason to use a VPN with Firestick?
The main reason why you should use a VPN with Firestick is geoblocking. All streaming platforms, including Netflix and others, allow you to access their libraries only in certain countries. Chances are neither of these streaming platforms is available in your region.
With a VPN, you can access Netflix, Amazon Prime, Disney+, Hulu, and others from anywhere and watch any library that you want. However, you should have in mind that most services don’t support Amazon Fire 1st generation devices. To learn more, read our article on the best VPNs for Fire Stick devices.
Popcorn Time without a VPN is a risk
Contrary to Netflix and other streaming platforms, using Popcorn Time without a VPN is dangerous. That’s because this free streaming service is based on P2P, which makes tracking your IP address really easy. This is especially important if torrenting is illegal in your country.
What’s more, if your ISP is throttling torrenting speed, you may have trouble watching anything in HD. Finally, a VPN will help you unblock georestricted content, significantly increasing the range of movies and shows available to you.
Not all VPNs are good for Popcorn Time. Therefore, I recommend you to check out our list of best Popcorn Time VPNs first.
What are the most popular VPNs on the market?
The most popular VPNs are not always among the best. Some of them gain audiences only because they’re free. That’s why the list below is a combination of quality and popularity, which, I believe, is the best way to show which providers are worth your time.
- NordVPN – starts at $3.49/month
- Surfshark – starts at $1.94/month
- VyprVPN – starts at $2.5/month
- PrivateVPN – starts at $1.89/month
- Private Internet Access – starts at $2.69/month
All of these services have a money-back guarantee, which allows you to test them without any risk.
Can you be tracked if you use a VPN?
Technically, you can be tracked if you use a VPN. Even using multi-hop or Tor over VPN cannot guarantee that you won’t be caught.
However, it can be done only by an organization that has a government-level power. And even then, doing so would require time and resources that simply won’t be allocated unless you’re a sought-after criminal or a political journalist in a country with restricted press freedom.
Is a VPN legal?
The answer depends on the country that you’re in. In most of the world, using a VPN is perfectly legal. However, there are some jurisdictions, such as Iran or Iraq, where VPNs are strictly prohibited. Then there’s a group of countries where it’s legal but regulated. This includes China, Russia, and Saudi Arabia, among others.
Want to see if VPN is legal in your country? Check out our list of 197 countries.
How do you get a VPN?
Getting a VPN is really simple. If you’re going for a free VPN, you simply have to visit its website and download the app. This can be done for your mobile device in Google Store and App Store too. You will probably need to sign up as well, which will require your email. Most of the time, it can be a throwaway account.
If you’ve chosen a paid VPN, you will have to add a payment method, unless there’s a free trial available. One thing to note is that you probably won’t get a money-back guarantee if you paid using cryptocurrencies or gift cards.
Is VPN safe for online banking?
Even without a VPN, online banking is pretty safe. However, you can make it even safer by adding an extra layer of security. A VPN will encrypt your traffic and hide your IP address before it reaches the bank server, which means that any third-party that might be snooping will have a tough time figuring things out. This can be very helpful if you’re connecting from insecure wifi in a coffee shop or an airport.
How much does a VPN cost?
You can get a VPN for around $10/month. However, if you decide on a long-term plan (two years or more), the price can go as low as $2 per month. The annual offers stay around six dollars.
Of course, one should look not only at a price but also at the quality of the VPN itself. Some services are both really cheap and really good. At the same time, there are really good but costly providers.
Which type of VPN is the best?
The answer depends on the type of client. If you’re looking for a VPN that would unblock Netflix and hide your IP, getting a remote-access VPN is your best bet. However, if you’re a CEO looking for a way to give remote access to your company’s resources, a site-to-site VPN is the only way to go. You can read about both VPN types in the dedicated section above.
Should I use a VPN on my phone?
Even though phones are less susceptible to hacking, you should still use a VPN on your smartphone. There are plenty of apps and websites that like to track you and gather as much data as possible. Encrypting your traffic and hiding your IP address will help your security and privacy.
What’s more, a VPN can give you access to geoblocked entertainment content and government-restricted websites. It may even help against bandwidth throttling should your ISP decide on such limitations.
Does a VPN hide your activity?
VPN is probably the best way to hide your activity online. It encrypts your traffic using military-grade encryption, which is nearly impossible to decipher. Furthermore, a VPN hides your IP address from your government, your ISP, and other snoopers.
That being said, there’s no such tool that could guarantee your activities will remain hidden. If the government is really interested in you, it can do what’s necessary to track you down, although that wouldn’t be easy. Therefore, if you’re not a criminal or a revolutionist, you have nothing to worry about.
Can I use a VPN on any device?
You can use a VPN on most popular devices and operating systems, including Windows, macOS, Linux, Android, and iOS. Quite often, you can find dedicated apps for Android TV and Amazon Fire TV & Fire Stick as well. When it comes to routers, only a few providers offer an app, but you can manually configure most VPNs on them by following instructions.
Does the VPN log user data?
Best VPNs log only minimal user data required to keep their accounts running. However, some allow you to create an anonymous profile with a throwaway email that’s paid with cryptocurrencies or gift cards. Of course, some VPNs log more than minimum and are also located in countries with data retention laws. Finally, most free VPNs try to log as much as possible so they can sell that data to third-parties.