What Is A Virtual Private Network?
Trying to up your digital security is no easy feat, especially with dozens of abbreviations flying your way. A common one you may be seeing is a VPN, but what is it, in the first place? As VPN experts, we can answer all that and more, letting you know how VPNs can protect you from hacking and other cyber threats.
What Is A VPN?
A VPN is a Virtual Private Network that encrypts web activity and device IP addresses. Using an encrypted tunnel, VPNs act as intermediaries between devices and public networks, protecting the user’s web activity from the network’s Internet Service Provider.
In this video, Security.org’s Chief Editor, Gabe Turner, breaks down what a VPN, or Virtual Private Network, really is.
Why Do You Need A VPN?
There are a number of reasons why someone would want a VPN in the first place; and, according to our research on VPN usage, the biggest reasons are general security and privacy for 49 and 40 percent of VPN users, respectively. But aside from those (very valid) concerns, VPNs can also provide access to content you wouldn’t be able to see otherwise.
With security breaches, hackings and surveillance, more and more people are concerned about privacy. In fact, over half of adults in the U.S have decided not to use certain products due to concerns about privacy, especially if they’ve been involved in a data By encrypting your web activity, VPNs greatly increase your privacy (so long as they aren’t logging it themselves, but more on that later).
While we can’t advocate for torrenting copyrighted materials, many people do so using a VPN to protect themselves from law enforcement. Also, they may be in an area where torrenting websites like BitTorrent are prohibited, so VPNs can provide a workaround.
Whether you’re in a country where your favorite streaming service is blocked or you simply want to see what’s up on Netflix Australia, VPNs let you replace your IP address with that of another country’s server. For us, that meant connecting to a VPN so we could watch the final season of The Good Place on Netflix U.K, as the U.S version didn’t have it at that time.
If you’re connected to a public Wi-Fi network, then you’re quite susceptible to hacking. But change your IP address and you’ve entered a new level of digital security.
Bypass Government Restrictions
Internet censorship is no joke, especially in countries like China or Russia. These countries restrict the websites you can go onto, but connecting to a VPN relieves you of these restrictions, leaving you with a free and open internet.
Access Work Networks
With modern technology, working from home has become more doable than ever before, but one issue that many remote employees will face is not being able to access office networks. However, VPNs with split tunneling allow them to be on their home’s Wi-Fi and their private office network at once, even lowering bandwidth to boot. To learn more about split tunneling, read our VPN buying guide.
How VPNs Work
Now that you know the what and the why, let’s talk about the how, starting with exactly what VPNs encrypt.
What VPNs Hide
The primary purpose of VPNs is to hide:
- Browsing history: From the websites you’ve visited to when you went on them, VPNs should completely hide all of your online activity.
- IP address: Aside from hiding the IP addresses of the websites you’ve suited, the best VPNs also hide your devices’ private IP addresses by replacing your IP address with one of their own.
- Location: By connecting to another location’s server, your geo-location will be hidden from your ISP.
Encryption is the bread and butter of any VPN. It basically means turning your IP addresses into inscrutable code. These days, most VPNs use AES-256, the current industry standard, but there are a few other acceptable methods, as well.
- Advanced Encryption Standard (AES): Used by financial institutions and the U.S military, AES is the most common encryption method that we see with VPNs. Measured in bits, 256-bit is preferable to 128 or 64-bit, both of which are outdated.
- Rivest, Shamir, Adleman SecurID (RSA): RSA typically comes in the form of two or multi-factor authentication, ensuring that the person logging on is who they say they are.
- Elliptic Curve Cryptography (ECC-256k1): An alternative to RSA, ECC-256k1 is the latest and greatest in cryptography, but RSA is still used more commonly.
- IP Security (IPSec): IPSec is a more secure method, often used in tandem with other protocols to increase security. IPSec has two modes, one of which encrypts only the data packet message and one that encrypts the entire data packet.
- Multi-hop: Multi-hop isn’t an encryption method per se; really, it just means that the data is encrypted more than once through multiple servers. We prefer VPNs with multi-hop, as they make it even more difficult to parse out what we’re doing online (which is mostly watching TikTok compilations, believe it or not).
- Secure Hash Algorithm 2 (SHA2): With irreversible and unique hashes, SHA2 is used for both encryption and authentication.
- Secure Shell (SSH): The SSH is another method that creates both the tunnel and the encryption; it doesn’t encrypt the data itself, just the tunnel the data goes through. The current industry strand is SSH2, not SSH1.
- Secure Socket Layer and Transport Layer Security (SSL/TLS): Many online retailers and VPNs use a handshake method, where two systems exchange encryption keys to authenticate sessions and create secure connections.
Internet protocols determine how data is transmitted, and for VPNs, that data refers to everything you’re doing online. Of course, we can’t include all of the protocols used here, but here are some of the more common ones.
- Diffie-Hellman Key Exchange (DH): The DH is a way of exchanging cryptographic keys that have the same “shared secret”.
- Generic Routing Encapsulation (GRE): GRE encapsulates data packets, only removing the encapsulation when it reaches the endpoint. However, this method doesn’t include encryption, so IPSec is a better option.
- Internet Key Exchange Version 2 (IKEv2): IKEv2 makes kill switches possible, as it’s the protocol that connects you back to the VPN after you’ve been disconnected.
- Internet Protocol Version 6 (IKEv6): IKEv6 is the newest version of IKE, as previous versions will run out of numerical IP addresses.
- Layer 2 Tunneling Protocol (L2TP): Often combined with IPSec, L2TP makes for a very secure VPN client, making the tunnel while IPSec handles the actual encryption.
- Point-to-Point Tunneling Protocol (PPTP): PPTP is another way of creating the tunnel that actually encrypts the data packets. Of course, it needs to be combined with an encryption method for actual security.
- Secure Socket Tunneling Protocol (SSTP): SSTP is made for Windows operating systems specifically, and is great for bypassing firewalls.
- User Datagram Protocol (UDP): UDP is responsible for actually sending the data packets, although they won’t necessarily be in order without additional protocols.
FYI: UDP is often used in conjunction with TCP, which puts the data packets in order.
- Transmission Control Protocol (TCP): TCP ensures that the data packages are in the right place and order by breaking data into smaller packets. Think of it as a Mom who checks that their kids have everything they need before they leave for school.
- Perfect Forward Secrecy (PFS): PFS ensures that encryption is happening whenever you’re connected to the VPN, even with various key changes. Everytime you reload a web page, PFS will make sure the encryption is on point.
What VPNs Protect Against
We don’t want to scare you, but going online in any forms comes with its fair share of risks. VPNs aren’t foolproof, of course, but they can help protect you against hacking, identity theft and other cyber attacks and tracking methods.
If you’re on a public Wi-Fi network, hacking into your computer is easy if your device IP address isn’t protected. But by replacing your IP address with one of their own, you can effectively avoid hackers, even when you’re just checking your bank account in line for coffee.
Once hackers gain access to your device, they will most likely scour it for your credentials, which they could use to steal your identity. In fact, according to our identity theft consumer shopping study, the amount of private records stolen every year is well over four billion. But by protecting your web traffic, you can reduce your chances of having your identity stolen.
Tracking and Targeted Ads
We’ve all had the creepy experience of talking or emailing about a product and then seeing it follow you around the internet for days on end. But by switching your IP address, you can confuse these cookies and avoid your data being used for targeted ads. Digital marketers estimate that the average person sees anywhere from 6,000 to 10,000 ads per so we want to keep your mind as clear as your browser.
VPN Pros and Cons
While VPNs certainly have their benefits, every rose has its thorn. Read on to see if a VPN is worth it for you personally.
- More privacy: By hiding your web activity in an encrypted tunnel, your traffic will be safe from your Internet Service Provider.
- Access to restricted sites: Especially if you live in a country with high levels of internet censorship like Russia, a VPN can be one of the only ways you can actually roam the internet freely.
- Streaming on other countries’ servers: Another reason people use VPNs is to unlock streaming services from other countries, like using Prime Video U.K when you’re hanging out in Texas. Different countries have different licensing agreements with streaming services, so you could access content you wouldn’t be able to access otherwise.
- Prevents hacking: Again, nothing can 100 percent guarantee that you won’t be hacked, but hiding your web activity and IP addresses is a great start, especially if you’re on a public Wi-Fi network.
- Protects against tracking/ targeted ads: Data privacy has become a huge issue, especially in the 2020 presidential election. While we won’t be paid for our data just yet, using a VPN can prevent it from being logged in the first place.
- Can cost money: While there are many free VPNs and VPNs with free trials, they typically have limits on things like data usage, servers available, or simultaneous connections. Most likely, you’ll have to cough up some money to use a VPN, typically anywhere from $5 to $10 a month.
- Streaming services may not work: Many streaming services like Netflix block VPNs’ IP addresses, although there are a number of VPNs that are still compatible. However, if you want to stream, make sure that the VPN you choose works with the service or services that you use.
- Other websites may block shared IP addresses: Unfortunately, streaming services aren’t the only type of website to block the IP addresses of VPNs. Some other websites may also dislike shared IP addresses, like email services. If that’s the case, you may need to pay extra for a dedicated IP address, meaning you’re the only one who’s on it.
- Slowdowns: Anytime you’re adding on extra internet protocols and encryption methods, a certain amount of slowdown is inevitable. However, we test each VPN we review for download speed, upload speed and latency to see which VPNs keep slowdowns to a minimum.
- May be illegal depending on the country: Not all countries allow VPNs. Belarus, China, Iran and other countries have banned so if you use a VPN while in those countries, you could risk arrest.
Tip: Many VPNs offer discounted rates if you sign up for long-term contracts, like one year or more. If you know you’ll need a VPN for a while, you can save money by signing up for longer than a month at a time.
Types of VPNs
While the actual service remains the same no matter why you’re using them, many VPNs have options specific to home, business or travel purposes.
While it’s not necessary if you’re on a home, password-protected network to use a VPN, people may want to for streaming, torrenting, and other anti-tracking purposes.
VPNs for business typically allow for more users and simultaneous connections. Many will also allow for split tunneling, which allows employees to be on their home network and their office’s private network at the same time. Most likely, the subscriptions will be discounted in bulk, the same way Costco discounts packets of eight deodorant sticks.
Finally, there are VPNs that are better used for travel, whether that’s for the location of their servers or the (lack of) blocking of their IP addresses. The best VPNs for travel differ based on what country you’re going to, as some VPNs have many servers in one country but none in others.
How To Choose A VPN
Now that you know what a VPN is, and a whole lot more information, here’s what to look for in a VPN.
Okay, but what features, exactly? Don’t worry, we won’t leave you hanging.
- Number of servers and countries: If you’re a worldwide traveler, you’ll want a VPN that goes everywhere you go, with a large number of servers to choose from internationally.
- IP addresses: We prefer dynamic IP addresses that change every time you log on, but some VPNs offer static addresses, often shared by thousands of users. But because these addresses are occasionally blocked, some VPNs give the option of dedicated IP addresses and in rare cases, even dedicated servers.
- Kill switch: If your internet connection is lost and your VPN fails, then it should have a kill switch, a failsafe option that shuts down all internet browsers with the VPN. Sure, you’ll have lost all your tabs, but at least your ISP won’t be able to see them, either!
- Torrenting: Some VPNs allow for torrenting while some do not; but if you’re torrenting copyrighted material, using a VPN is crucial.
- Split tunneling: Split tunneling is the ability to be connected to the VPN and a public network at the same time, saving bandwidth and increasing your browsing speeds. While it’s not a necessity, split tunneling is especially useful for remote workers, which accounted for almost 70 percent of Americans during the COVID-19
- Streaming access: A more legally sound method of watching entertainment is through streaming services, although some may frown upon watching on another country’s server rather than your own. However, some VPNs have worked around these restrictions, offering server switches for Netflix, Hulu, Prime Video and more.
- Multi-hop: More servers means more encryption, which ups your privacy even more than a single server would.
Privacy and Security
Most people use VPNs to increase their privacy online, but if the VPN itself is logging a ton of your information or worse, sharing it with third parties, what good does it do? We look at a number of areas to determine how private these networks really are.
- Headquarters location: We prefer VPNs that are based in countries that aren’t in Five Eyes, Nine Eyes, or 14 Eyes. These surveillance alliances could legally force companies to give their federal governments customer data, so we’d take the Cayman Islands over the U.S any day (at least when it comes to VPN headquarters).
- Encryption methods: We also look for VPNs that use AES-256, along with other secure encryption methods, detailed above.
- Company history and background: We’re not just security experts; we’re also journalists at heart, and we love digging into a company’s past to see what bones come up. While some companies come up relatively clean, some have had some pretty major security breaches of customer data in the past. While we don’t hold grudges, we need to make sure your information is safe, so taking past breaches into account is a necessity.
- WebRTC leaks: WebRTC is an umbrella term covering technologies behind how web browsers communicate with each other directly. Used in high-bandwidth activities like transferring files, video chatting or live streaming, WebRTC cuts out the middleman and creates faster speeds. However, it requires that the devices know each other’s private IP addresses, which someone using a VPN may not love. We check for WebRTC leaks on a tool on ExpressVPN’s website, making sure our private IP addresses are kept private even when using WebRTC.
Did You Know: Browsers like Chrome, Opera, Firefox and Microsoft Edge default to WebRTC, so if you use any of these, you’re at risk of your private IP address being exposed.
- DNS leaks: DNS stands for Domain Name Server, and it’s basically the name of a website that stands for an IP address. Of course, you want a VPN so that no one knows what websites you’re visiting, so we check for leaks using DNSLeakTest.com.
Apps and Browser Extensions
One more straightforward thing that you need to consider is if a VPN works with your devices and browsers. Make sure their apps and browser extensions are compatible with the devices you want to protect, whether that’s a Mac, Windows, Xbox, router or what have you.
Usage is where we come in, actually testing out VPNs to see how well they work in practice.
- Ease of setup and use: We want to make sure that a VPN is easy to use, so we test it out on different types of devices. VPNs should be both easy to set up and easy to connect to, and typically they are.
- Speed: We also test out a VPN’s speed compared with our browsing speeds with it disconnected. We want to make sure that there’s no huge delays in upload and download speeds and no huge increases in latency. Many VPNs offer free trials so you can test the speed out for yourself; we use a free speed test from Ookla, although there are other free tools available online.
Naturally, we put the bottom line way down at the bottom.
- Costs: VPNS typically cost around $5 to $10 a month, but there’s a huge range depending one what length you sign up for. We’ve seen prices as little as a dollar per month or all the way up to $15 per month; it depends on the contract length and the actual service you get. Let’s elaborate on that.
- Contract lengths: Typically, VPNs offer monthly options, annual options, and longer, two or even three-year options. These longer term lengths are usually heavily discounted, so it pays to make a commitment. We’ve even seen some VPNs with lifetime subscriptions that you only have to pay for once, so if you’re in it for the long haul, choose the longest term length available to unlock discounts.
- Number of connections and simultaneous connections: Some VPNs place limits on the number of devices you can connect overall, and the number of devices you can connect at the same time. Make sure your VPN covers all of your devices, especially if you’re part of a family or business.
- Data usage: While we haven’t seen any paid VPNs that put limits on data usage, many free VPNs do impose daily data limits. It’s hard to say exactly how much data you’ll use on a VPN, which is why most people will want to opt for a paid VPN versus a free one.
- Number of server switches: The case is the same for server switches; with paid options, you can switch servers as many times as you want, usually, while some free options limit you to one or a few servers.
- Free version: Again, although many VPN companies offer free versions, they often have limits on data usage, server switches, the number of devices you can connect, and more. However, if you want a VPN for a very limited usage, free options will be a godsend to you.
- Free trial: Instead of offering completely free subscriptions, some companies opt to offer free trials, where you can test out the premium VPN without your card being charged. Sometimes you don’t even have to put a card down! This is a great way to test out the VPN for yourself and see how it performs.
- Return policy: Many companies also offer money-back guarantees, so there’s usually little risk to buying a VPN subscription.
Alternatives to VPNs
Of course, VPNs aren’t the only ways that you can hide your web activity. You can also use a secure browser like Tor or a proxy server. Are they as good as VPNs? You’re about to find out.
Tor is a browser that will encrypt your web activity and IP address thrice, letting you swerve that pesky tracking and targeted advertising. However, it won’t protect any web-based apps that you use, so it’s only a good choice for browser usage only.
Proxy servers are another way to hide IP addresses but not web traffic, and they’re typically used for a single time. If you want to hide your web activity, proxy servers won’t do the trick.
VPNs are by far the most straightforward way you can maintain your online privacy, and the best part is, they only take a few minutes to set up and download. Whether you’re a journalist researching a controversial story or simply a tired streamer who just wants to finish that last season of The Office, VPNs are a safe and easy bet.
Frequently Asked Questions
Having reviewed about 30 VPNs and counting, we’re more than happy to answer any and all of your VPN-related questions.
What is a VPN and why do I need it?
A VPN is a Virtual Private Network and you need it to hide your IP address and web activity. It can also help you torrent, stream from another country’s server, bypass government restrictions, and connect to public and private networks simultaneously.
Can you be tracked if you use a VPN?
You shouldn’t be able to be tracked while using a VPN, as the VPN will hide your device IP address and domain names. However, if the VPN company you use logs your web activity or IP address, then you can be tracked, so long as the company is headquartered in a Five Eyes country like the United States. We recommend choosing a VPN with a strict logging policy based in a non-member country like the Seychelles Islands to avoid tracking.
Why shouldn’t you use a VPN?
There are a few reasons why you shouldn’t use a VPN, like the fact that you’ll probably have to pay money, some sites may or may not work, and your device may slow down a bit. But for most people, there are few drawbacks to using a VPN at least occasionally.
Are VPNs safe for online banking?
It depends on the VPN, but most are safe for online banking. Especially if you’re on a public Wi-Fi network, connecting to a VPN to bank online is much safer than not.