Key Takeaways: What Is a VPN? 2023 Guide
- A virtual private network (VPN) is a piece of software that masks your real IP address and transfers all your internet data through a VPN server with an encrypted connection.
- VPNs create a secure tunnel for your internet connection that can be used to protect yourself from surveillance and harassment, torrent freely, use public WiFi safely, access blocked websites and bypass censorship, and change your virtual location.
- When choosing a VPN, look for one with a clean privacy record, servers near your physical location, fast download speeds and affordable plans.
What is a VPN? Put simply, it’s a method of establishing a secure connection between your device and the internet. Information is exchanged between your computer and the website you’re visiting over the internet (a public network), but remains protected, as though it’s traveling through a tunnel. Hence the term “virtual private network” — not as secure as a true private network, but nearly as good.
That probably doesn’t answer your question, though. You may be here because you’ve heard a VPN can protect you on unsecured WiFi networks. Maybe you want to check out websites or streaming libraries in other countries. Alternatively, you may be sick of online ads that are disturbingly relevant to your life. A VPN can help with all this and more.
In this article, we’ll explain exactly what a VPN is and where a simple secure VPN tunnel sits in the greater online safety landscape. We’ll also detail the makings of the best VPNs. As you learn what a secure VPN does, you’ll also come to understand why you should use one. By the end, you’ll be well on your way to choosing the right reputable VPN provider for your own everyday use.
We rewrote this article and added more detailed explanations and recommendations.
What Is a VPN?
VPN stands for “virtual private network,” and VPN technology focuses on two key ingredients to keep VPN users’ data secure: encryption and a tunneling protocol.
Encryption is the science of altering a message so that nobody can read it without permission. Without getting too deep (our description of encryption has more if you’re interested), an encryption algorithm makes it theoretically impossible to see what data you’re sending on the internet, granting you near-total anonymity.
However, it’s not as simple as just encrypting the data and shooting it off into the void. Data packets are supposed to tell the network where to send them. If everything is encrypted, the data can’t go anywhere. That’s where the tunneling protocol comes in.
What Is a VPN Tunneling Protocol?
Imagine you’re sending a secret message via physical mail. You encrypt the contents of the message, but after sealing it in an envelope, you write the address on the outside in plain English. The mail carrier knows where it’s supposed to go, but they can’t read the letter. You’ve wrapped one illegible language in another, legible language.
A tunneling protocol does the same thing. It changes the form of a data packet so it can move from one network to another. Early examples include IPSec (Internet Protocol Security) and SSTP (Secure Socket Tunneling Protocol). Not all tunneling protocols include encryption, but VPNs almost always use protocols that do, like OpenVPN and WireGuard.
The first VPNs used tunneling protocols to connect a device to a network. If you worked on a secure network that was restricted to your office building, you could use a remote-access VPN to use the network without being on-site. Thanks to the tunneling protocol, the office network could recognize a friendly device, but nothing that went in or out could be compromised.
Soon, people began to realize that if users could access private destinations this way, they could also access public servers by taking a detour through one of those private networks.
If you get online through a secure tunnel, your internet service provider (ISP) and the websites you visit can only see the tunnel’s end at the private network, with your device remaining hidden from view. Companies began to market VPNs as a service to privacy-minded consumers.
In casual conversation, the term “VPN” is much more likely to refer to a VPN service: a network of servers with which any computer can form a secure tunnel. These servers are owned by a corporation called a VPN provider that rents access to users. All you have to do is get online and connect to a VPN server, and you’ll do business online as that server, borrowing its identity until you disconnect.
Most VPN providers have servers in multiple countries. Each offers an app called a VPN client that makes it extremely simple to connect to a server, and they often come with other features such as ad and malware blockers. However, it is possible to create a VPN connection manually without going through a client.
What Do VPNs Do?
Now that you know what’s happening when you connect to a VPN, the next question is why. The answer is that a VPN grants VPN users the most online privacy you can get without staying off the internet altogether.
Here’s what happens when you get online without a VPN. First, your computer sends a request to your router to view a website, which sends it on to your internet service provider (ISP). Your ISP finds the destination website’s domain name and sends it along. The website receives your request and shows you the page you’ve asked for.
What if you add a VPN into the mix? In that case, your router sends all requests to the VPN server through an encrypted tunnel. Even though you’re using your ISP’s bandwidth, it can’t see the content of your communications. Instead of your personal IP address — a digital identifier — any destination website sees the VPN server IP address instead and executes all requests on the VPN server’s behalf.
Your activity is visible, but your identity is not. No matter what you do online, from the websites you visit to the files you download, nobody can see that it’s you doing it. Meanwhile, if any hackers try to spy on you, all they’ll see is data encrypted by your VPN protocol.
How a VPN Service Works
In exchange for a subscription fee (usually; there are some excellent free VPNs), a VPN service gives you access to its network of servers. When you connect through a VPN app, it encrypts all your internet traffic with a secure tunneling protocol. Once you’ve subscribed, you can usually use the service on multiple devices (up to a limit).
This secure VPN connection gives you several benefits. Since nobody can connect your activity to your identity, it’s impossible for advertisers to build a profile on you or for data brokers to harvest your information, at least based on your browsing history.
Because of the encryption, hackers can’t see sensitive info like your passwords or bank info if you’re on an unsecured website. Additionally, nobody can use your IP address to find your real-world location.
Nor do the perks stop at security alone — you can also change your online location with a VPN. If your IP address is located in another country, websites interact with you as though you’re really in that country. This is easy to prove: just pick a VPN server in Mexico and watch all your ads suddenly switch to Spanish.
Changing your location with a remote server is useful for streaming. Video platforms restrict content by region due to copyright laws, so Netflix’s library is different in every country. By using a VPN for Netflix, you can explore the titles available in distant lands. You can also use VPN connections to watch platforms, such as Hulu, that are only available in one country.
Are VPNs Safe?
Sharp-eyed readers may have noticed by now that there’s a flaw in the VPN service model. Yes, your ISP, hackers and the NSA can’t see what you do online, but one party still can: the owners and operators of the VPN itself. The VPN team runs the servers that encrypt your data, using your unencrypted requests to do so.
For that reason, using a VPN is always a bit of a risk. Every time we review a VPN service, our reviewers pay special attention to whether the VPN misuses its power by spying on and recording user activity. This practice, often called “keeping logs,” means the VPN can be forced to comply with law enforcement subpoenas — or worse, that it’s selling your data for profit.
This isn’t hypothetical, either. Multiple well-regarded VPNs have been caught logging data after swearing they wouldn’t, with IPVanish among the most egregious. Free VPNs are particularly notorious for selling user data (they’ve got to make the money somehow), although those that fund themselves with premium plans tend to be more trustworthy.
Even if VPNs don’t compromise your security on purpose, many poorly built services are vulnerable to hacks and DNS leaks. If a VPN doesn’t hide your IP address, it’s not worth a dime of your money.
What Makes a VPN Trustworthy?
In spite of all the ways a VPN can go bad, there are still some services our team trusts. With a little due diligence, it’s easy to separate the wheat from the chaff. There are three main things we look for when rating a VPN’s privacy.
First, know how it stores information. All VPN servers log a few data points in the normal execution of their duties; the key question is whether that information is saved or deleted.
Trustworthy VPNs save logs on server RAM and delete it with every hourly reset. Shady services save it on permanent hard drives instead. You can tell the latter because they won’t mention anything about data storage.
One big aside: just saying you’ve had an audit isn’t enough. A high-quality VPN will also publish the audit results and explain how it responded. If the audit turned up security flaws, the VPN must have done something to fix them.
Third and finally, the best guarantee of a VPN’s reputation is often time. The media picks up fast on bad behavior by a tech company. The longer a service has existed without an explosive security breach or report of widespread anti-user activity, the better it looks in our eyes.
Should You Get a VPN?
By this point, we’ve covered what a VPN is, how it works and what it does for you. With high-profile privacy violations like the NSA’s PRISM program and the Five Eyes alliance constantly in the news, and data privacy under attack every day, a VPN is the best way to exercise your constitutional right to privacy online.
We recommend that everyone use a VPN, but there are certain people we urge even more strongly than others. Journalists can use a VPN in conjunction with encrypted messaging to protect their sources. Members of LGBTQ groups can protect themselves from harassment and doxxing. Citizens of repressive governments such as China can use the internet more freely.
In other words, if you have a pressing need to stay secret for any reason — from government persecution, to a persistent stalker — a VPN is non-optional. In cases like these, your choice of service becomes even more critical. In the rest of this section, we’ll list the benefits and drawbacks of a VPN service, so you can decide if you need one for yourself.
The Benefits of a VPN
We’ve already touched on several, including hiding your activity and changing your IP location, but let’s run down the full list once more in detail.
- Hide your browsing history: When you use a VPN, the list of sites you’ve visited looks like gibberish to everyone but the VPN itself. Your ISP can’t see a thing. This is crucial, given that rules to keep ISPs from selling user history were struck down in 2017 and never reimplemented.
- Prevent the government from spying on you: Put away your tinfoil hat. This is real. Even 10 years after Edward Snowden’s revelations, intelligence agencies are still buying data from tech companies to spy on regular citizens. A VPN can’t protect you from all wiretapping, but it ensures your ISP has nothing to give the authorities.
- Protect yourself from personal threats: Cyberbullying is rampant, and people online can get doxxed and stalked for the smallest offenses, from expressing political views to winning a video game. With a VPN, nobody can use your IP address to find you in real life.
- Use public WiFi securely: By public WiFi, we mean the unsecured public internet networks you often find in hotels, cafes and other establishments. They’re convenient, but they leave you vulnerable — some public networks are unencrypted, and some are even fake hotspots set up by cybercriminals. We don’t advise ever going on a public network without a VPN.
- Access networks remotely: VPNs can still be used for their original purpose of getting into secure systems from off-site. Some, such as NordVPN, have features specifically geared toward remote access (see our NordVPN review to learn about Meshnet).
- See geographically restricted content: If you want to stream a one-time event from another country, check out the different titles available on foreign Netflix or try a streaming platform exclusive to another country, use a VPN to unblock Netflix and other streaming sites.
- Search the world for shopping deals: Even after you account for currency, prices aren’t identical across countries. If you use a VPN to visit online stores with another country’s IP address, you stand a good chance of finding a great bargain.
Take note that these benefits only apply to the top tier of VPNs. As we’ll explain in the “how to choose a VPN” section below, not all of them are up to par.
Downsides of Using a VPN
As great as all that is, we want to caution you not to buy too much into the hype. Overzealous VPN services are fond of promising the moon, but there are some things these services can’t do. Here are some disadvantages inherent to VPN use, as well as some misunderstood elements of how they work:
- Slower browsing speeds: A VPN adds extra steps into your internet connection, and servers are often busy with other users. Using a VPN is guaranteed to slow your connection speeds down a little. That said, on the fastest VPNs, you won’t notice unless you’re connecting to a server on the other side of the planet.
- Can’t protect you from certain types of hacks: In particular, VPNs are useless against social engineering attacks, which rely on tricking you into giving up information willingly. The perpetrators of a social engineering attack don’t need your IP address if they’ve already got your bank account information.
- Can’t stop password theft: A VPN won’t help if you use an easily guessable password or if your password gets stolen in a mass data dump. Instead, use a password manager to generate strong passwords for your most sensitive accounts, and change them once per month.
- Can’t always hide a mobile device: If you have location services or GPS enabled on your phone, it’s possible to locate it using cell tower or satellite data — even if the phone’s IP address is masked.
- Banned on some websites: Sites with copyright-protected material, especially Netflix and other streaming services, know that VPNs can be used to circumvent their blocks. Many of them block all VPN traffic as a consequence. The best VPNs can get around the blocks, but not all will manage.
- The best ones cost money: We like a lot of free VPNs, especially Proton VPN and Windscribe, but all the trustworthy VPNs have strict limits on free privileges. To get the best service, you’ll eventually have to pay. You can use free VPN trials to help decide if you want to commit cash to a service, or try an affordable VPN.
For us, none of these are deal-breakers when you consider the benefits, but the ultimate decision falls to you.
How to Choose a VPN: What to Consider
First, understand what you want the VPN for. Some VPNs are generally better, but none is perfect for every use case. Our top choice is ExpressVPN (read our ExpressVPN review to see why), but it has no free plan and no dedicated IP addresses, so it won’t meet everybody’s needs.
Strong Security and Privacy
If you mainly want a VPN to stay anonymous online, pick one with a strong security record and no privacy concerns. If you want one to change your IP address for streaming or shopping, pick one that can unblock streaming sites and has a big server network. No matter what, look for fast download speeds, low latency and good customer support.
VPN Network and Servers
Whatever VPN you pick should have servers near your real-world location, as this ensures faster performance. If you live outside North America and Europe, make sure the nearby server is real and not virtual. The real location determines performance, and the sad fact is that Asia and the global south are frequently ignored by VPNs.
What if you want a VPN for torrenting? In that case, security is paramount (our “what is torrenting” guide explains why), but you’ll also want to look for something called split tunneling. This lets you protect the part of your web traffic that’s going through the torrenting client so it can run around the clock; in the meantime, you can use sites where a VPN might cause trouble.
If you live in a country that heavily censors the internet, you’ll also want a VPN service with an obfuscation protocol. Censorship programs like the Great Firewall of China can detect VPN protocols by closely examining the data packets; an obfuscation protocol scrambles the metadata so they can’t see anything.
Trials and Money-Back Guarantees
Once you have a few finalists, take advantage of 30-day free trials to test the VPNs in the real world. Try to get into your favorite streaming libraries. Use speedtest.net to see how fast your internet runs through the VPN. Try multiple servers when you test — there’s always the chance of one doing abnormally well or poorly due to outside circumstances.
For some specific suggestions to get you started, check out some of our VPN comparison lists. We recommend starting with our roundups of the best VPNs for mobile, best cheap VPNs or best free VPNs.
Final Thoughts: VPN Software
A VPN doesn’t make it impossible for anything bad to happen to you online, but it protects your activity from all sorts of snooping, keeps you safe on any WiFi network and hides your IP address. Many come with ad blockers. If that wasn’t enough, you can even use VPNs to sample the delights of, say, Uruguayan Netflix.
We hope we’ve helped convince you that VPNs are relatively simple pieces of technology and that they’re safe to trust — as long as a trustworthy company is operating them. Once you’ve found a VPN you can trust, share your favorite choice in the comments below. Thanks for reading.
FAQ: Guide to Using a Virtual Private Network
The easiest way is to download a VPN service from its website. Pick a well-reviewed provider with an app that works on your device of choice. You’ll probably have to pay a little before you can use the full service.
Yes, but choose carefully — free VPNs are more likely to make money by exploiting users. You can either use a reputable free VPN, like Proton VPN or Windscribe, or use the 30-day free trial of a premium service like ExpressVPN.
A VPN doesn’t prevent tracking, but it keeps you anonymous so trackers can’t invade your privacy. Cookies and other tracking methods will only reveal the VPN server’s IP address, not your real address.
Using a VPN is non-optional for some groups, like journalists, activists, victims of stalking or anybody who engages in P2P file sharing. For everyone else, a VPN is just strongly recommended, since going without one exposes you to all kinds of privacy risks.
Netflix tries to block VPNs because they can lead to copyright violations, but all it can really do is block VPN-associated IP addresses. The best Netflix VPNs stay ahead of the blocklists and aren’t stopped by the Netflix proxy error.
VPNs are completely legal in almost every country on the planet. Only a few countries have restricted them, including China, Russia and North Korea.
A VPN protects your online activity, but remember that not all VPNs are equal. Go for a VPN with a strong reputation and a tested no-logs policy.