A VPN, or virtual private network, is a tool you can use to protect your identity online, change your virtual location, evade censorship, check out foreign streaming services and more. They mostly take the form of commercially available subscription apps, often so simple to operate that all you need to do is press a button to turn them on and off.
While using a VPN is easy in practice, there’s a lot going on under the hood. Knowing what’s really happening can help you decide which VPN is right for you, then use it more effectively once you’ve got it. In this guide, I’m going to delve into what a VPN really is, how it works and what you might need one for.
If this article convinces you that you need a VPN — and I hope it does! — I curate a collection of the best VPN deals that I update at least once a week. Head over there to get your VPN shopping started.
What is a VPN?
The name “virtual private network” comes from the initial use of the technology to access restricted networks from off-site — if you work remotely, you probably still use a VPN this way. Those are corporate VPNs, though, from providers like Cisco. Here, we’re talking about commercial VPNs sold for individual use.
These services came about when people realized that if you connected to the public internet through a VPN, every server you contacted would see the VPN server instead of your personal computer. The VPN effectively becomes a mask that interacts with the web on your behalf. That’s the simple principle underlying every commercial VPN you’ve seen advertised.
Sam Chapman for Engadget
VPNs like Proton VPN and ExpressVPN operate servers in various locations around the world. When you use their apps, you’ve got access to all the servers in their network. After you connect, communications between your device and your chosen server are encrypted so nobody can trace your activities back to you. This is called tunneling, and is the main difference between a full VPN and a simple proxy server.
How does a VPN work?
Questions like the above can get into the weeds fast, so I’ll be oversimplifying here. VPNs handle encryption in two steps. First, they establish a secure tunnel to your computer or phone, then they send information through it.
The first step — establishing the connection — is called a handshake. It uses asymmetric encryption, where each party has a public and a private key. In a handshake, two parties use public keys to confirm that they are who they say they are, then exchange the keys they’ll use for simpler symmetric encryption.
Sam Chapman for Engadget
Once the handshake has confirmed the path between your device and the VPN server, the tunnel is complete. From then on until you disconnect, every packet of data you send will be encrypted before it leaves your device and not decrypted until it reaches the VPN. The same is true in the other direction. Website requests and other data sent between the VPN and your internet service provider (ISP) will not be encrypted, but that’s OK — without the information on the first step, it’s impossible to identify you behind the VPN.
This is a complicated process, but VPNs use sets of instructions called VPN protocols to run through it near-instantly. A VPN protocol covers encryption and transit using several sets of ciphers. The most common protocols these days are OpenVPN, WireGuard and IKEv2/IPSec, though many VPN services have their own proprietary protocols as selling points.
What are the benefits of using a VPN?
Although the above process happens mostly in the background, it does tax your internet connection a little. The best VPNs keep impacts to a minimum, but you may notice a drop in speed, plus higher latencies when connecting to servers far away. So, what benefits do you get in exchange for all that?
Anonymity
The first and biggest boon is near-total anonymity. In 2021, the Federal Trade Commission (FTC) put out a comprehensive report on everything your ISP knows about you — confirming that nearly every ISP gets a second profit stream from selling information on your online activities. In essence, they’re making you pay them for the right to hose your own privacy. But a VPN lets you strike back.
Since you connect to the VPN server before your ISP ever clocks you (let alone your destination websites), your computer and modem broadcast no information about who you really are. Anyone can see what you’re doing, but they’ll only see the VPN server doing it. And hiding your IP address is vital — lots of people (not just ISPs) can deduce a shocking amount about you with no other information, including your real location.
Prevent ISP speed throttling
Speed isn’t normally one of the benefits of a VPN, but in some specific cases, you might get faster internet. ISPs occasionally throttle the speeds of certain users they perceive as using too much bandwidth. This can happen to you, whether or not the charge is accurate. Using a VPN can get around the slowdown, since the ISP can’t identify you to throttle you. Just note you still can’t go faster than your unprotected internet speed.
Public Wi-Fi safety
A VPN can also keep you safe when using public Wi-Fi. On an unsecured Wi-Fi network — the sort you often find in cafes, hotel lobbies and other public buildings — hackers can spy on you through various vulnerabilities, or even set up fake networks (called “rogue hotspots”) to capture your information. If your connection with the network is encrypted, the criminal’s window of opportunity slams shut.
Get around content blocks and firewalls
The other most important thing a VPN can do is to change your virtual location. IP addresses are keyed to specific locations — some to countries or regions, and some to networks as small as one building. Authorities can use this to restrict internet access on the networks they control. This can vary in scale, from your school or workplace blocking certain content, all the way up to the nation-level firewalls in China, Saudi Arabia and other countries.
Remember, though, that your internet goes to the VPN before it goes anywhere else. If your school’s internet blocks some sites, you could get on a VPN server and the school’s firewall won’t know you’re connecting from inside. This even works with countries (though not always). By connecting to a server outside the sphere of oppression, you can organize activism online even when the government doesn’t want you to.
Sam Chapman for Engadget
Of course, you can also use this trick for fun by checking out other countries’ streaming libraries, viewing local exclusive events or protecting you while you download a torrent file. The key takeaway is that VPNs are versatile, and can be used for casual entertainment, life-and-death anonymity or both at once.
Will a VPN keep me completely safe online?
VPNs are a huge positive for individual privacy rights, but just having one doesn’t mean you can ignore your online safety. It’s better to think of VPNs as one part of a comprehensive strategy.
A VPN keeps you anonymous, prevents you from being tracked and changes your location to bypass censorship. However, it can’t directly protect you from downloading malware, falling for a phishing scam, oversharing information on social media, using an easily guessed password or getting your phone stolen in real life.
There’s one key difference between threats a VPN can prevent and those it can’t: A VPN only protects you from being spied on without your consent. If all you’re doing is browsing on a network, a VPN keeps you concealed. But today’s malefactors have all sorts of tricks to get you to give your consent. Websites spam message windows until you click “allow cookies.” Hackers send phishing emails and make you click links that download malware. And so on.
Can VPNs be trusted?
There’s also one other critical point. Even if a VPN keeps you completely anonymous, the VPN itself can still tie your identity to what you do online. That’s why VPNs all claim to have “strict no-logging policies” or something similar — they’re promising not to abuse their access.
Naturally, some do anyway. A VPN can be sued if it breaks its own privacy policy, but many escape liability by leaving just enough leeway that they technically aren’t in violation. The best way to determine if you can trust a VPN is to look at its history. How long has it been operating? Has it ever mishandled or profited off customer data in that time? On the other hand, has it ever been raided by police who then found nothing, bolstering its claim to not keep logs?
An excerpt from the privacy policy of Private Internet Access. (Sam Chapman for Engadget)
Some of the most trustworthy VPNs take technical steps to guarantee that they aren’t logging user activity. Many use RAM-only or diskless servers that automatically delete any logs. Proton VPN goes even farther, using full-disk encryption to render any logs unreadable (even if they did exist). These services back their claims up with independent audits from reliable firms.
Bottom line: A VPN is no substitute for common sense, threat awareness and a suite of strong security tools. It’ll work best alongside a password manager, virus scanner and two-factor authentication.
Are VPNs legal?
VPNs are legal in every free country on Earth. While the UK recently suggested that a VPN ban was “on the table” to enforce its age verification laws, and the US states of Wisconsin and Michigan are considering bans in various forms, no democracy has yet outlawed VPN usage.
The countries that do ban VPNs are the ones you’d probably expect — those with deep-rooted internet censorship regimes that VPN use might threaten. Belarus, Iraq, Myanmar, North Korea and Turkmenistan have made all VPNs illegal. In China, Russia, the United Arab Emirates, Oman, Uganda and Iran, only state-approved VPNs are permitted, and services that get approved tend to have government backdoors.
Other countries heavily restrict VPNs without banning them altogether, including Turkey and Pakistan. In India, VPNs are legal, but the law requires them to keep logs of user activities. The law’s passage in 2022 led many VPNs to pull their servers from India and replace them with virtual locations.
Finally, there are countries like Egypt where using a VPN is legal, but you’ll face extra penalties if you’re caught using one to commit a crime. Also, it should go without saying, but VPNs don’t make crime legal. If something is illegal without a VPN, it’s illegal with a VPN, even if VPNs themselves are allowed in your state and country.
Are VPNs free?
Some of them are, but many of them are dangerous. If you’ve just been faced with a new threat to your online freedom — like, say, the UK’s new age restriction laws — it can be tempting to jump to a free VPN to solve the problem quickly.
But free VPNs are easy to hack together, and app stores rarely probe them for violations before listing them. I frequently see free VPNs that either don’t work, track you for ad sales or even sneak malware onto your computer. Another big problem is that many of these shovelware VPNs are all secretly run by the same monolithic entities.
Sam Chapman for Engadget
The best free VPNs are free plans offered by paid services. With subscription fees supporting the free tier, you don’t need to worry that the real money comes from selling your information to advertisers. Proton VPN, hide.me, Windscribe, TunnelBear and PrivadoVPN all fall into this category. None of them show you ads, but they’re all restricted in other ways, whether by the amount you can use the VPN per month, the speeds you’ll get or the servers you can access.
Do I need a VPN?
If you use the internet — which you must, if you’re reading this — you’ll benefit from a VPN. To determine what you’ll need it for, though, ask yourself the following questions. If you answer yes to any of them, think about subscribing to a VPN to address the problem in question.
-
Do you feel strongly about whether your ISP and other third parties can see what you do online and use that information for profit?
-
Do you live in a place where the law prevents you from freely using the internet and/or forbids certain platforms?
-
Have online freedoms been temporarily suspended in your country because of unrest?
-
Are you planning to travel to a country with restrictive internet laws?
-
Do you normally use the internet on a network that restricts access to certain sites?
-
Do you use the internet for any tasks that would risk your own safety or someone else’s if exposed?
-
Do you often get online through public Wi-Fi networks or networks without passwords?
-
Are you concerned that your ISP is throttling your internet speeds?
-
Do you want to watch TV shows and movies that aren’t available in your country on the streaming services you’re subscribed to?
-
Do you want to watch events that are limited to specific regions, such as local sports?
-
Do you enjoy looking in various regions for better deals on products you want?
-
Are you an online gamer concerned about doxxing and/or DDoS attacks from sore losers?
Different VPNs have features that make them better at various tasks from the lists above. However, the providers on my best VPN list are good at just about everything. Proton VPN is my favorite for its balance of speed, design and anonymity, but ExpressVPN is another excellent choice if you’re willing to pay more for fantastic ease of use. Surfshark is the fastest VPN I’ve tested this year, while NordVPN has a great set of features.
