You already know a bit about VPNs and what they do. Perhaps you’ve heard they’re useful for unblocking Netflix or getting around internet restrictions at school or work, but you may want to develop a much better understanding of how they work before parting with any cash.
Until a few years ago, businesses used VPNs to allow employees to connect to the company network while working remotely.
After the Edward Snowden revelations of 2013, however, when we discovered that government bodies worldwide are snooping on their citizens’ internet use, people started thinking more seriously about their online privacy.
This and the practice of content providers using geo-blocking to stop access from certain countries have led to a meteoric rise in the popularity of consumer VPNs.
This guide explains the most important aspects of VPNs in theory and practice. There’s no way I can cover everything you might need to know.
If you’ve never used a VPN before, want to know a bit more about how they work, or wish to be armed with some extra knowledge before signing up for a subscription, you’ll get a good deal of information right here in this VPN guide. I won’t dumb it down, so get your thinking cap on.
I also address some popular misconceptions about VPNs and discuss when it’s a good idea to use them. By encrypting data and masking your IP address, VPNs can enhance your online privacy, bypass geo-restrictions, and protect you on untrusted networks.
While there may be a slight impact on your internet speed, a quality VPN service will minimize this effect.
VPN is an acronym for Virtual Private Network. To explain fully what a VPN is and what it does, let’s first look at how you connect to the internet normally.
When you connect to the internet, your device, such as a laptop or mobile, connects to a router via WiFi or an ethernet cable. The router is connected to a modem that, in turn, connects to the internet via your internet service provider (ISP).
Your device sends small clusters of information, called data packets, through these connections that contain instructions on what you want the internet to “do,” i.e., which website to visit, log-in details, etc.
The website then responds by sending data packets back to you that show the website and any content or details required.
Source and further reading: Cloudflare
These data packets can give away a lot of information about you to your ISP and the websites you visit, such as:
This information can track your behavior or location and restrict your access to content. Your ISP, ThePirateBay, may restrict content; for example, a well-known torrent-sharing website is blocked by all ISPs in the UK due to government regulations.
Websites themselves may also restrict it. Netflix is one of the most commonly used examples of restrictions because each country has a different library of available titles, which we’ll take a deeper look at in just a moment.
In order to overcome these geographic restrictions and enjoy a wider variety of titles, many users opt to use a Netflix VPN, a solution that effectively changes your virtual location.
Now, what a VPN does, on the other hand, is to create a secure VPN tunnel or also called a VPN gateway, between your device and the internet.
This means that all those data packets I mentioned earlier are encrypted and sent through your ISP to a remote server owned by the VPN company, where they are decrypted and sent on their way to the internet.
Packets coming back follow the same path. This means that even if the network you’re connected to is compromised and someone is monitoring the data packets you send and receive (known as packet sniffing), they will only see a load of jumbled-up letters and numbers (known as ciphertext).
Source and further reading: AT&T Cybersecurity
The main differences between a VPN connection and regular internet are:
However, one of the most popular uses of a VPN is to change your apparent location. That’s because you get the IP address of the VPN server, which could be anywhere on the planet.
Say you’re on vacation in Bali and want to take an evening off partying to enjoy some downtime with Netflix.
Still, the show you’re watching isn’t available on Netflix Indonesia; you can use a VPN to change your IP address (and, thus, your apparent server location) to your home country, where the show is available.
There are three main ways websites are blocked.
There are many good reasons to block access to certain websites, but this blocking is often done not to protect people but to control them.
YouTube, for example, has been blocked at one point or another in at least 25 countries, Facebook is completely blocked in China, and ThePirateBay is blocked in the UK.
For more information on the above, you can check out our guide to unblock YouTube in your country.
Many websites themselves limit their content to specific countries. Netflix and HBO, for example, offer different libraries depending on your country. Most people prefer the full Netflix catalog rather than a watered-down version.
They do this by checking the IP address of the connected device, which tells its location and offers the content they’ve decided for that region.
Now, if you use a VPN to change your IP address to one in a location where there is no blocking, you get to enjoy unrestricted access to the internet.
Using a VPN is simple. Most of the best VPN service providers have created products that are simple to set up and use.
Signing up to a VPN provider is typically uncomplicated, and many allow payment via cryptocurrency and only require an email address for people who want an additional level of anonymity.
The exact steps vary between providers but usually look something like this:
As I mentioned, most popular VPNs have apps for Windows, macOS, Linux, Android, and iOS, so you can download the right one and get connected within a few minutes.
Check out our companion guide on the best VPNs for Mac for further info.
Many companies also have apps or at least detailed setup guides for devices such as smart TVs, game consoles, and even tablets.
Not every device that can connect to the internet can have a VPN installed on it, but it is possible to run a secure VPN on a router (again, not all routers), which means every connected device gets the benefits.
Moreover, with a VPN router, you can choose which devices connect to the VPN and which to the regular internet.
There are many reasons to go for a paid VPN rather than a free one, which I’ll discuss later. One of which is the software provided by the service.
Up-to-date software is critical in the world of cybersecurity, as vulnerabilities that are patched will only be present in an update.
There are arguments for and against leaving a VPN running in the background.
Some people regard their online privacy with a higher degree of a concern than others, and people from countries where the internet is censored or monitored by the government, law enforcement, or ISPs, may want to keep their VPN on at all times to enjoy the internet in the democratic and free manner in which it was conceived.
Someone might have a VPN subscription mainly to access geo-blocked content such as Netflix or get a wider range of live sports by watching overseas TV channels.
Others might feel safer carrying the protection of a VPN for Android to help keep their data secure when they need to connect to an untrusted WiFi network such as a public WiFi.
Luckily, the best VPNs can always be left on without worry. If you want to do this, make sure your VPN has a killswitch so that the internet connection will be cut off in the event of VPN failure, and you won’t be left unprotected without realizing it.
Many inaccuracies are floating around the internet regarding what a VPN does and doesn’t do. Some of these are from VPN services, others from review sites whose staff lack appropriate knowledge.
As I said, I don’t trust anyone who says a VPN provides 100% anonymity, but there are a couple more misconceptions it’s worth pointing out here.
I see many people who should know better saying that you need to use a VPN to access any banking or financial website.
This is not true.
No reputable bank in the world allows non-secure connections. You can see that just by visiting your bank’s website and checking the address begins with HTTPS:// rather than HTTP:// – the s stands for secure, and it is.
Just like a VPN creates a tunnel between your device and the VPN server, a secure website uses an encrypted tunnel to keep your data safe from snooping and ensure that the website you’re visiting is authentic.
A VPN encrypts data you send and receive through the internet and allows you to choose your IP location; it has nothing to do with malware protection. VPNs do not protect you from viruses or other malware. It’s just not what they do.
Windows has malware protection preinstalled, but I recommend using premium real-time anti-malware such as BitDefender, MalwareBytes, or AVG. Additionally, it would help if you were using a firewall.
Windows and macOS have them preinstalled, but they may not be active, so it’s worth checking your settings.
User tracking is a massive business. Facebook ads are built on track, as are Google Ads. People think a VPN will stop them from being tracked online because someone has told them a VPN makes them anonymous, and therefore they believe marketing trackers won’t work.
Again, this is not true. Most web tracking is done via cookies, which you can block from your computer if you’re worried about, but you will lose some other web functionality.
You can block Google Analytics from tracking you using different means.
You should always use a VPN if you need to connect to an untrusted WiFi network, such as at a cafe or airport. This is because you don’t know if someone is monitoring the network.
If you’re on an open WiFi with no password, anyone connected could be capturing your data packets and snooping on your internet activity.
Most websites nowadays use TLS to encrypt data in transit between your device and the website, but not all, and any snooper would still be able to see which websites you visit, which could become the basis of a larger attack.
Another time you’ll want to use a VPN is when accessing content that’s blocked in your country, yet not illegal. Pornographic websites are blocked in several countries despite pornography itself being legal.
At the time of writing, the UK is about to roll out a porn-block that would require adults to register for a “porn-pass” with a valid ID to access any pornographic site.
I agree that children should be prevented from accessing such content, but this approach is typically heavy-handed by the current government.
Anyway, if you want to access those sites in the UK when the ban has been implemented, provided you’re of legal age, you can use a VPN to connect to the closest country with less draconian laws.
A quality VPN will provide security and can be left on at all times without any need to switch it off.
I haven’t yet found a VPN service that runs so perfectly that I can leave it all the time, although I have sometimes gone several days without switching it off, not noticing it’s even on.
Probably, a little bit, but it depends a lot on the particular VPN.
Some of the best services have a barely noticeable drop in speed, whereas others make internet use laborious and slow. Two things could cause your internet to become slower while using a VPN.
The first is VPN encryption. Encrypting and decrypting all the data passing between your device and the VPN server requires calculations to be constantly made that are in addition to everything that normally happens when you connect to the internet.
These calculations take time. The time depends on your device’s processing power, the VPN server you’re connecting to, and the quality of the VPN app.
The other things that can affect speeds are the quality, configuration, and distance of the server you’re connecting to and the number of other people connected. The weakest equipment and the available bandwidth limit the maximum data transfer speed.
So the quality, configuration, and number of people connecting to the server you’re connecting to will play a major role in actual VPN speed and the distance between you and the server, as there will be more parts to the chain when it’s further away.
Most of the time, any loss in speed is barely noticeable, provided you go with a reputable VPN provider that properly maintains its service.
To check your VPN connection speed, head over to https://testmy.net/, a free speed test website that’s very easy to use and has a good, if a little dated, graphical interface.
We’ve used the service quite a bit and published a TestMy.net review here.
Yes, a VPN uses more data, but only a small amount. It depends on the cryptographic functions applied to your data and how the packets are transmitted.
As encryption gets stronger, it creates longer ciphertext and uses more data. Some VPN providers offset this by compressing data before it’s encrypted, although that can lead to vulnerabilities.
Yes, using a VPN in most countries is perfectly legal, but it’s certainly not a carte blanche for breaking other laws.
Using a VPN is illegal in:
And governments in the following countries are taking steps to outlaw VPN use; however, the legal status is not certain:
However: What you use a VPN for is still confined by the laws of the country you’re physically in. We don’t condone illegal activity of any kind, and you should remember that even when you’re using a VPN, you’re not 100% anonymous.
While there are certain countries such as Iran, Saudi Arabia, the UK, Germany, UAE, Turkey, and many more whose leaders have a rather authoritarian outlook towards the internet, there is nothing inherently untoward about VPNs.
Check out our guide on how to find a VPN for Saudi Arabia for more info.
Basically – No.
There is no such thing as a truly anonymous VPN. A quality VPN will provide a degree of anonymity and privacy, but not 100%.
There is a very important distinction that I want to make here, which is between anonymity and privacy. While many think of them as the same, they’re quite different.
Privacy is curtains; anonymity is a mask.
You can expect that when your curtains are drawn in your living room, no one can look in, so your actions are private.
If you wear a mask when you go out, your actions aren’t private, but people won’t know who is performing them, giving you anonymity. Batman is anonymous.
A VPN provides privacy and anonymity but should not be relied upon to provide absolute anonymity or privacy.
There are ways to make your VPN account closer to being anonymous, but anyone claiming a certain VPN service is 100% anonymous or private is either lying or doesn’t hold the necessary knowledge on the subject to be worth listening to.
Masking your IP address is the main way a VPN hides your identity. By doing this, your location is unknown. There are other ways, however, to trace who you are.
Your device’s MAC address, as well as the accounts you’re logged into, can reveal you’re true identity. Your identity can also be revealed at any time by the VPN provider.
The amount of data they hold about you depends on how much they collect, making a careful analysis of VPN providers’ logging policies so important.
What a VPN does better is provide privacy. Because you connect to the VPN server through a secure tunnel, often using extremely strong encryption suites, your internet usage can be considered private.
If you’re logged into Chrome, then Google can still track everything you do. Additionally, your VPN provider could monitor your internet activity, another reason to go with a zero logs service.
This issue is confounded by the fact that practically all VPN services use proprietary closed-source software, meaning the source code of the software you use can’t be independently vetted by analysts.
The implication is that if a VPN company were forced or otherwise persuaded to add a back door for the NSA to access network traffic, we wouldn’t know about it.
For further reading on surveillance and tracking, see our internet surveillance guide. Either way, remember that you can achieve a degree of anonymity and good general privacy from a VPN, but nothing is 100%.
A high-quality paid VPN will outperform a free VPN in almost all cases. One of the main reasons behind this is that it costs money to run VPN servers, develop secure apps, and keep them updated.
So if the service is free, you should wonder who’s paying to keep it running and what they’re getting in return.
As the famous phrase goes,” If you are not paying for it, you’re not the customer; you’re the product being sold.”
This is true for some companies in the VPN industry. Here are a couple of notable examples:
Hola is probably the most famous free VPN service that funds its network by selling access to your computer and network to third parties by creating an exit node on your device!
From their website (as of May 1st, 2019):
That is just as sinister as it sounds and bad for a company that appears to be privacy-focused from the outside. But what does this mean?
So, Hola VPN is operated by a company called Luminati. By using Hola VPN, you agree that they can sell the use of your internet connection through your computer or even the mobile data of your mobile device!
Your computer will be used to send bot traffic for market research. Still, it could be used for illegal activity, and guess who would become the focus of the police or government attention – yes, you.
That’s the most insidious monetization of the free VPN service I know about. Still, several others place cookies in your browser to browse the internet so they can sell you as advertising targets.
Some free VPNs store a cookie on your browser or otherwise track your behavior, so their affiliates can target you with ads:
And many more.
Now, internet tracking is nothing new. Facebook, Google, Instagram, and many others, make vast amounts of money by allowing advertisers to target you based on your behavior and interests.
What is shocking about this is that people expect privacy when using a VPN (that P stands for Private, after all), which they don’t get and probably have no idea how these services are monetized.
They look like genuine VPN services when you’re on the website unless you read the lengthy terms and privacy policies.
VPNs aren’t that expensive (Check our NordVPN review to see one of the best with subscriptions from around $3/ month). I recommend not choosing a free one.
There are many VPN service providers these days, and they are certainly not all equally good.
Some are subsidiaries of major corporations, while others were put together after school by a kid who wanted to watch YouTube in class, neither of which are definitive indicators of quality.
We’ve reviewed around 40 VPN services and strive to develop more rigorous testing criteria with each review iteration. Please look at what we consider important criteria for selecting the best VPN to fit your needs further down this post.
The jurisdiction can be extremely important when choosing a VPN. Certain countries may require companies to log information about their users.
Similarly, if you’re doing any torrenting (which, of course, we don’t condone), you’ll want to make sure they’re not located in the USA, where they could be subpoenaed into handing over your details because of a DMCA request.
For maintaining a private and secure connection, you should be aware that there are various ways your VPN can encrypt your data.
These are called VPN protocols, and there are usually several different ones to choose from, depending on your requirements. Some of these are so good not even professional data forensics services will be able to decrypt them.
All our reviews have a section on security that cover the specific protocols offered by the VPN.
Most VPNs offer the following protocols:
OpenVPN is usually considered the “best” VPN protocol option due to its high level of protection, speed, compatibility on most devices, and the fact that it’s open-source and has been vetted by security researchers.
IKEv2 is another excellent option for those using a VPN service provider on their mobile while traveling, as it can quickly reestablish a connection when it gets cut off.
Other protocols can be insecure, so I don’t recommend them unless you know how to set up your VPN connection and understand the risks.
OpenVPN provides optimal security, compatibility, speed, and reliability for almost all users.
A VPN’s logging policy is one of the most scrutinized parts of the service, with good reason. This is where you’ll find out whether they store your data, including the websites you visit, the services you use, and what they do with that information.
As we saw with the free VPNs, some companies don’t care much for your privacy.
So what are we looking for in a logging policy? Ideally, no logs at all.
While many VPN services claim to have zero logs policies, they wouldn’t be able to run the service without holding any information about you or your computer.
So, the norm in the VPN industry is that zero logs mean no PII (personally identifiable information). But there is a caveat.
Most VPN services provide their customers with software to run the VPN on their device, known as a VPN client. This client is almost always closed source, proprietary software, so impossible for independent cybersecurity professionals to audit.
So we have to trust them. Well, not quite. We can judge VPN companies on their actions.
There have been several cases where VPN companies have been caught providing user data to the authorities.
On the other hand, several VPN companies have shown that they keep their users safe by not storing any PII.
NordVPN has been independently audited by PricewaterhouseCoopers AG and found to present no risk to users’ PII. The audit is available only to NordVPN customers.
VyprVPN has been publicly audited by Leviathan. While the audit initially identified PII in some logs, they confirmed that this has now been fixed, and VyprVPN presents no risk to users’ PII.
My favorite way for a VPN company to show that they protect their users is when they do so when faced with seizures or legal challenges.
ExpressVPN had its servers seized in Turkey, but the authorities could not obtain user data due to ExpressVPN’s no logs policy.
Private Internet Access was subpoenaed by the FBI to provide the IP address of a bomb hoax suspect but responded that they were unable to do so as they did not have the information.
Finally, Perfect Privacy had servers seized in Rotterdam in 2016, but no user data was compromised.
The speed of the VPN service ultimately relies upon the quality and number of servers. Be sure to read our VPN reviews before jumping into any subscriptions.
If one of your goals with a VPN is to access geo-restricted content (think Netflix/Hulu outside of the US), you’ll want to ensure that the company has servers in the country where these services are accessed.
If you use P2P for downloading, make sure the company has servers in a country that’s P2P-friendly (Switzerland, Spain, The Netherlands, and Hong Kong are a few), which leads us nicely to our next section.
Sometimes too many features can seem gimmicky, especially for VPNs. Too many features could lead to security vulnerabilities and require more frequent updates.
There is. However, a feature set is present in several excellent VPNs that improve the service.
While I’m not going to recommend that anyone uses P2P file-sharing networks to download pirated content or software, torrenting is an incredibly efficient way of sharing files with multiple users.
Whether it’s static content or live shows such as sports, if you want to use these services, make sure you use a good VPN that allows or ignores it.
Shared IPs make it almost (but not 100%) impossible to connect the activity with an individual, as many people can access the internet from the same VPN server simultaneously.
A VPN killswitch is a safety mechanism that shuts off access to the internet in the case of failure. If your VPN connection gets cut off for any reason, a killswitch will protect your real IP from exposure and stop unencrypted data from leaving your machine.
Many VPN clients have a killswitch, and we check whether or not one is present when we review a VPN. For more details, check our VPN killswitch guide.
A multi-hop, or double-VPN, the connection is when your traffic is encrypted multiple times and sent through multiple VPN servers.
A multi-hop VPN connection is unnecessary for most users and will slow down the service. For whistleblowers facing a global adversary, multi-hop connections may be necessary.
This makes certain vulnerabilities of VPN (remember I said it’s not 100% private), such as timing attacks, almost impossible to exploit.
Certain countries use a blanket firewall to block VPN traffic. In China, where VPNs are outlawed, and many websites are blocked, the only way to get a VPN to work is to package data, which looks like normal internet traffic.
VPN obfuscation still provides encryption, just disguised to look like normal HTTPS traffic.
Obfuscated servers generally have quite limited capacity, so unless you need to disguise the fact that you’re even using a VPN, you should keep them free for those who do.
Different VPN services provide different levels of support to their users. This could be an actual online chat to help you if you get stuck, ticket systems, or just FAQs on the website.
I prefer live chat as it means you get the answer immediately, but I’d rather use a ticket and get the right answer than end up chatting with someone who doesn’t know what they’re talking about.
Again, we test this in all our reviews, so ensure you read them.
Almost all commercial VPNs these days offer their VPN client. While I mentioned earlier that this could lead to privacy concerns, it goes a long way toward providing ease of use.
Most clients are simple to set up and generally have a nice GUI that makes sense.
Most people won’t care about this, but some will. I think it’s important for privacy-focused companies to offer at least Bitcoin payment options so that journalists and whistleblowers in authoritarian states such as Russia, Saudi Arabia, the UK, and the USA can protect themselves from government tyranny.
There’s so much more to VPNs than I could fit into this article, but I hope you’ve learned something and have a better understanding now of what you can and can’t do with a VPN. Here are a few key points I’d like to repeat quickly:
A VPN also has several different use cases. For example, you can play Roobet in the USA with a VPN. You also can use a VPN for Draftkings. A VPN service that works with Disney Plus will help you to unblock Disney Plus if it’s not available in your country.
That’s it. If you have any comments or suggestions, please drop them below. Stay safe.
Some people found answers to these questions helpful
What is a VPN and why do you need one?
A VPN (Virtual Private Network) is an application that allows you to connect to different servers, acting as an intermediary between your device and the internet. A VPN will also encrypt your internet traffic. You can use a VPN to unblock content not available in your country, bypass censorship, or increase your privacy online, among other things.
What are the differences between a VPN app and a VPN extension?
A VPN app is a software application you install on your device. It will re-route your entire internet traffic through a VPN server. A VPN extension is a browser extension (Firefox, Chrome, etc.) that needs to be added to your web browser. It will only route your web browser traffic through a VPN server.
What is the difference between a proxy server and a VPN?
A proxy server is a server through which you can re-route your traffic to mask your IP address. It’s a standalone, independent server, while a VPN is a collection of servers usually belonging to the same entity (the VPN service provider). Proxy servers are a notoriously high-security risk because it’s rarely possible to know the server’s owner. Using a proxy server can result in your traffic being fully intercepted.
Can your ISP see your browsing history if I use a VPN?
Your ISP cannot see your browsing history if you use a VPN. They may, however – in certain cases – know that you are using a VPN (but never the contents of your browsing activity).
Are you completely untraceable with a VPN?
Generally, no. A VPN does not make you completely untraceable. There are, however, several methods to become near-untraceable if you use a VPN. You will need to buy a VPN app with cryptocurrency such as Bitcoin. You will need to purchase the crypto anonymously, preferably with cash (never online with KYC verification or from an exchange) and use the VPN on a device you never used before for any other purpose at all. You will also need to avoid using that device and VPN connection for your regular internet activities (Gmail, Facebook, etc.); otherwise, your VPN IP can be tied to your online identity. The VPN itself won’t make you untraceable, but how you use it can achieve this.
Should a VPN be left on at all times?
Generally, no. But this depends on the reasons why you are using a VPN. If you are using a VPN to unblock streaming sites, for example, then it makes no sense to use the VPN app at all times.
Does a VPN hide torrenting from your ISP?
Yes, a VPN connection will prevent your ISP from knowing that you access and use torrenting applications.
Does a VPN work on your phone or tablet?
Yes. Most modern VPN apps work on phones and tablets as well.
Does a VPN make me fully anonymous online?
No, just using a VPN will not make you fully anonymous online. It’s more about how you use it that will enhance your anonymity. For example, if you connect to a VPN and login into your account, that VPN IP can now be tied to your personal Facebook account and identity.
Will your internet be slower with a VPN?
Your internet speed might become a bit slower if you use a VPN. If you use a premium VPN application, this decrease in speed can be negligible. A free VPN may significantly decrease your internet speed, however.