VPNs can seem complicated at first, but are actually easy to use.
We’re going to demystify them, what they can do for you, why you really should use them, and how they all work under the hood.
Plus, we’ll give you some recommendations along the way to help you pick the best VPN for your needs.
- Here is our list of best VPN services.
The Beginner’s Guide to Understanding VPNs
- What is a VPN
- How Does a VPN Work
- How Secure is a VPN
- Is it Legal to Use a VPN
- Does a VPN Make Me Fully Anonymous Online
- VPN Logging Policies
- Free VPN versus Paid VPN
- Can I Use a VPN for Torrenting
- Can I Use a VPN to Watch Netflix and Hulu
- Does a VPN Work on Android and iOS
- Does a VPN Work on Kodi/SmartTV
- How Do I Install a VPN on My Router
- VPN & Tor — How to Use Them Together
- IP Leaks and Kill Switches
- When to Use a VPN
- When Not to Use a VPN
What is a VPN?
A VPN (Virtual Private Network) is a service that lets you access the web safely and privately by routing your connection through a server and hiding your online actions.
But how does it exactly work?
How Does a VPN Work?
Here’s how a VPN works for you, the user. You start the VPN client (software) from your VPN service. This software encrypts your data, even before your Internet Service Provider or the coffee shop WiFi provider sees it. The data then goes to the VPN, and from the VPN server to your online destination — anything from your bank website to a video sharing website to a search engine. The online destination sees your data as coming from the VPN server and its location, and not from your computer and your location.
When you connect to the web without a VPN, here’s how your connection looks:
Though it’s the standard, this sort of connection has some flaws. All of your data is out there in the open, and any interested party can peek at what you’re sending.
The internet is a collection of servers responsible for storing websites and serving them to anyone who wants to view them. Those servers talk with each other all the time, including sharing your data with each other to ultimately let you browse a page. Great for you to be able to surf, but not great for privacy.
Going online is like taking a commercial airline flight. The ticket agent, baggage handlers, security personnel, and flight attendants all need pieces of data to get you routed between cities. A similar exchange of information happens on the web.
If it’s just a fun website that you’re looking at then no need to worry. It doesn’t matter if someone sees your data. But if it’s online banking, business email, or anything else that’s a bit more sensitive — it’s a different story.
Now, here’s how the same connection looks with a VPN enabled:
When you use a VPN service, your data is encrypted (because you’re using their app), goes in encrypted form to your ISP then to the VPN server. The VPN server is the third party that connects to the web on your behalf. This solves the privacy and security problem for us in a couple of ways:
- The destination site sees the VPN server as the traffic origin, not you.
- No one can (easily) identify you or your computer as the source of the data, nor what you’re doing (what websites you’re visiting, what data you’re transferring, etc.).
- Your data is encrypted, so even if someone does look at what you’re sending, they only see encrypted information and not raw data.
As you would imagine, such a scenario is much safer than connecting to the web the traditional way. But how secure is it exactly? Let’s find out:
How Secure is a VPN?
VPN security causes debate among IT pros and others in the industry, and no two services are identical in their offerings or security. There are two main factors:
- The limitations of the type of VPN technology used by a provider.
- Legal and policy limitations affecting what can be done with that technology. The laws of the country where the server and the company providing the VPN are located and the company’s own policies affect how the company implements this technology in their service.
Let’s take a closer look at these factors.
VPN protocols define how the service handles data transmission over a VPN. The most common protocols are PPTP, L2TP, SSTP, IKEV2, and OpenVPN. Here’s a brief overview:
- PPTP (Point-To-Point Tunneling Protocol). This is one of the oldest protocols in use, originally designed by Microsoft. Pros: works on old computers, is a part of the Windows operating system, and it’s easy to set up. Cons: by today’s standards, it’s barely secure. Avoid a provider if this is the only protocol offered.
- L2TP/IPsec (Layer 2 Tunneling Protocol). This is a combination of PPTP and Cisco’s L2F protocol. The concept of this protocol is sound — it uses keys to establish a secure connection on each end of your data tunnel — but the execution isn’t very safe. The addition of the IPsec protocol improves security a bit, but there are reports of NSA’s alleged ability to break this protocol and see what’s being transmitted. No matter if those are actually true, the fact that there’s a debate at all is perhaps enough to avoid this as well.
- SSTP (Secure Socket Tunneling Protocol). This is another Microsoft-built protocol. The connection is established with some SSL/TLS encryption (the de facto standard for web encryption these days). SSL’s and TLS’s strength is built on symmetric-key cryptography; a setup in which only the two parties involved in the transfer can decode the data within. Overall, SSTP is a very secure solution.
- IKEv2 (Internet Key Exchange, Version 2). This is yet another Microsoft-built protocol. It’s an iteration of Microsoft’s previous protocols and a much more secure one at that. It provides you with some of the best security.
- OpenVPN. This takes what’s best in the above protocols and does away with most of the flaws. It’s based on SSL/TLS and it’s an open source project, which means that it’s constantly being improved by hundreds of developers. It secures the connection by using keys that are known only by the two participating parties on either end of the transmission. Overall, it’s the most versatile and secure protocol out there.
Generally speaking, most VPNs allow you to select the protocol you use. The more secure protocol you connect through (OpenVPN, IKEv2), the more secure your whole session will be.
Unfortunately, not all devices will allow you to use all these protocols. Since most of them were built by Microsoft, you’ll be able to use them on all Windows PCs. For Apple devices, you will come across some limitations. For example, L2TP/IPsec is the default protocol for iPhone. And Android … well, Android has some problems of its own, which we’ll get to later on.
In brief, encryption works by:
- Starting with plain data
- Applying a key (secret code) to transform the data
- Ending with encrypted data
The encrypted data is only readable by someone with the original key used to encrypt the data.
Modern encryption algorithms work on this principle, with the second step being very complex and worthy of doctoral- level research. What you need to look for is your data being encrypted with the AES algorithm of at least 128 bits. Many of the top VPNs out there go a step above that and offer AES-256 encryption, including NordVPN (review), SurfShark (review) and ExpressVPN (review).
Your VPN can be super secure, but it all comes down to the connection protocol the encryption mechanism used to handle your information.
Legal Constraints and Company Vision
(Note: None of this is legal advice. Read for entertainment purposes only.)
All good VPN companies will do everything they can to protect your data, your privacy, and your overall security on the web. Keep in mind that they’re still subject to the law in the jurisdiction they’re in, which can affect their service.
Depending on the local law of the country where the VPN was established, the company may be forced by court order to share whatever records they have regarding your activity — and there can be international agreements between countries to share information in these cases. If you do enough research, you may find a VPN established in a country that doesn’t have any such agreements in place with your country.
So in the end, you are only secure with a VPN if it’s not only willing and technically capable of keeping your information safe and private, but also if it’s legally allowed to do it. Let’s tackle this topic a bit more broadly and focus on answering the general question:
Is it Legal to Use a VPN?
In a word, yes. But not always.
First off, VPN as a concept is somewhat new in “legal years,” so not all jurisdictions have managed to keep up. This means that the rules are murky and can be interpreted in many ways.
In overall, VPNs seem to be okay to use in most countries, especially in the US, Canada, the UK, the rest of Western Europe. (Important! What matters here is your physical location when using the VPN.)
Generally, VPNs are often not okay in China, Turkey, Iraq, United Arab Emirates, Belarus, Oman, Russia, Iran, North Korea, and Turkmenistan.
To learn more about the legality of VPN in your country, find the laws of your local government, and review this in-depth resource of ours answering if a VPN is legal in your country — we go through over 190 countries and tell you what’s up.
Does a VPN Make Me Fully Anonymous Online?
In a word, no. But the extent to which it does is still impressive.
Without a VPN, your connection is fully open, and your ISP, the cafe WiFi router, any server along the way, or a person with the right tools can look at your data. Using a VPN solves many of those problems by encrypting your transmission and making it appear as if it’s the server itself that’s making the connection and not you.
Investigate the following to help determine the extent of your anonymity.
- Does the service keep logs?
- The jurisdiction under which the VPN is established. In some cases, they might be legally forced to keep records. What happens when a government comes asking questions?
- Does the service keep payment records? Do those records include identifying information?
- Is there sufficient encryption and a secure connection protocol?
Not every VPN will protect you the same. If you make your choice wisely, you can address the concerns described above. Here’s our comparison of the top VPNs in the market to help you out.
VPN Logging Policies
The logs a VPN keeps significantly affects the level of anonymity and privacy you have with their service. The logs a provider may keep include:
- user activity
- IP addresses
- connection/disconnection timestamps
- devices used
- payment logs
Any such logs make you a tiny bit less anonymous since your IP can be connected to a given browsing session that you had. Of course, tying this to you personally is very difficult but still kind of doable if some agency is deliberate enough.
Overall, the fewer logs your provider keeps the better, with “no logs” the ideal.
We’ve done the research for you. Here’s our big roundup of over 100 VPNs and their logging policy. Check it out when picking your service.
Free VPN versus Paid VPN
Running a good VPN service costs serious money — robust servers, data transfer, infrastructure, employees, and so on. If the service is offered for free, consider what compromises may have been made. Are they logging activity for their own reasons? Are they displaying their own ads? Is your data being sold to a third party?
Paying for a VPN isn’t a huge investment. We’ve tested some great solutions for as little as $3-5 per month, which doesn’t seem a lot in exchange for peace of mind and improved online privacy.
How Much Does a VPN Cost?
The average out of 70 popular VPNs is $4.99 a month, which tells you a lot about what sort of an expense this usually is. VPNs that cost more than $10 are uncommon, and there’s not a lot of reason to buy them since there are more affordable solutions out there.
Most services give out big discounts if you’re willing to subscribe for one or two years up front, instead of renewing your subscription monthly. For example, Private Internet Access — a VPN that we very much enjoy — costs $6.95 if paid monthly, but $39.95 when paid annually (which translates to $3.33 per month – that’s over 50% off).
Can I Use a VPN for Torrenting?
In general, yes, but that depends on the specific service you’re using and also the kind of things that you are torrenting.
Torrenting is a common name for a specific protocol used to transfer data and files over the web, but not the actual types of files. Although it gets a lot of bad press overall, it is perfectly okay and legal if you’re transferring files that you have the rights to. Piracy, on the other hand, is completely illegal regardless of the tools that you use to do it.
Then, there’s the VPN’s own policy regarding torrenting and how it’s handled. Most of the quality VPN solutions in the market will allow torrenting. According to our research, you can torrent with all popular VPNs – NordVPN, ExpressVPN, SurfShark, VyprVPN and PIA.
When it comes to the security aspect of torrenting, it all comes down to the VPN’s policies regarding things like logging or sharing your user data. In general, if a VPN doesn’t keep logs overall they also don’t keep them for your torrent activity.
Another aspect worth considering when choosing a VPN for torrenting is the download speeds that the service can offer. Of course, this sort of information can be hard to come by; most of the time you only find out after you buy the VPN. We did some testing of our own and based on it, we can recommend these VPNs for their good download speeds: ExpressVPN, VyprVPN, PIA, and NordVPN.
Can I Use a VPN to Watch Netflix and Hulu?
Yes. But like with most things on this list, it all comes down to the specific VPN that you use.
The problem with Netflix overall is that even though it’s now available in over 130 countries, not all shows are distributed equally.
Due to complicated licensing agreements that were established before Netflix’s big international rollout, various TV stations retain the rights to even some of Netflix’s own shows, which effectively prevents Netflix from legally making those shows available on their platform.
Complicated legal stuff, but VPNs can help here.
The way Netflix and Hulu block some of their content in parts of the globe is based on location filters. Meaning that if you’re in a country that’s banned, you’re banned.
VPNs make this easy to fix. Since you can select the server that you want to connect with, all you need to do to unlock certain Netflix shows is connect to a server in a country where that show is available. That’s all. We have a comprehensive post on how to watch Netflix via a VPN + the best VPNs that allow you to do that.
Does a VPN Work on Android and iOS?
Again, that’s a yes.
Many of the top VPN services out there also let you download mobile apps for either Android or iOS.
Here are our best VPNs for Android: ExpressVPN, NordVPN and SurfShark.
Both platforms let you set up a VPN connection rather easily. For instance, on iPhone, you can do that in Settings → General → VPN.
With all that being said, be careful if you’re tempted by any of the free VPN apps for either Android or iOS. There’s research by a team of specialists (from CSIRO’s Data61, the University of New South Wales, the International Computer Science Institute and the University of California Berkeley), going through more than 280 free Android apps that use Android VPN permissions. The research reveals that 38% of those apps include malware, 84% leak users’ traffic and 75% use tracking libraries. So there’s that. We also did our own VPN permissions test here.
Does a VPN Work on Kodi/SmartTV?
Your smart TVs and Kodi boxes are yet more things that require a live internet hookup to provide you with their goodies. And with that, a VPN can help you keep those streams private so that only you and the service itself know what you’re watching.
There are two ways in which you can enable a VPN connection on your smart TV:
- configure it on the device itself,
- configure it right on your router – effectively protect your whole home network and everything that’s connected to it (we will cover this in the next section below).
Let’s focus on the former here. In overall, many of the quality VPNs come with the ability to configure them right on your smart TV. For example, NordVPN — which is one of our recommended VPNs — comes with an app for Android TV, and also with detailed instructions for Kodi/OpenELEC and Apple TV. Other VPNs in the market provide you with similar options.
Some of the networks that support smart TV devices and boxes: ExpressVPN, SurfShark, NordVPN.
ExpressVPN has a great guide on how to set up their VPN with Kodi.
How Do I Install a VPN on My Router?
Installing a VPN on your home router is the best way to make sure everything that’s connected to that router is put through a safe VPN connection. In that scenario, you no longer need to install individual apps on your mobile devices, laptops, smart TVs or anything else with web access.
First, make sure that your router is compatible with VPNs. This can be done on the website of the manufacturer that produced the router. Often, most DD-WRT and Tomato-boosted FlashRouters are compatible with VPNs.
The specific steps involved in setting things up differ from service to service. Your specific provider likely has a dedicated section on their website devoted to explaining how to carry through with the process. For example, here’s how to do this if you’re with ExpressVPN and here’s PIA. We also have an example demonstration of how it’s done on most DD-WRT routers on this page (near the bottom).
Installation is simple and involves you logging in to your router and then filling out a couple of standard forms — nothing you won’t be able to handle.
VPN & Tor — How to Use Them Together
Even though Tor and VPN are fundamentally different, they can still be used together for maximum security and online privacy.
- Tor gives you the ability to access the web by routing your connection through a number of random nodes, while also encrypting that connection at every stage.
- VPN gives you access to one server at a time.
The nature of it is a bit different in principle, and therefore we can’t say things like “Tor or VPN is better than the other.” We talked about the differences between Tor and VPN in detail on this site already, feel free to visit that post to get the full picture.
One of the good things about Tor is that you can use it 100% free and there are no built-in limitations to that free version. All you need to do is grab the official Tor web browser. Once you have it, you just need to fire it up like your standard Chrome or Firefox browser, click the connect button, and you’re up and running.
How to combine your VPN and Tor:
- Enable your VPN connection normally. From this point on, everything that involves communicating with the web goes through your VPN.
- Open your Tor browser and connect with Tor.
At this stage, you have the VPN connection and the Tor web browser running at the same time. The main downside with such a setup is that it’s going to be much slower than your standard, VPN-only connection. Tor on its own slows down your experience noticeably, and when combined with a VPN, the results can be even more dramatic. On the plus side, it gives you super privacy, which is a huge plus.
IP Leaks and Kill Switches
A kill switch is a feature that automatically kills your internet access if the encrypted, safe connection should ever drop. If there’s any connectivity issue at all, the kill switch will trigger and block all activity until the secure connection returns.
If your VPN doesn’t have a kill switch and a connectivity issue arises, it’s probable your device might attempt to restore the standard, unprotected connection, thus exposing what you’ve been doing up until that point.
According to our research, the following VPNs have a kill switch: ExpressVPN, PIA, NordVPN, SurfShark.
IP leaks are a known vulnerability with some setups people use to access the web. It’s not entirely a VPN problem at its core.
IP leaks can happen when your VPN fails to hide your actual IP as you’re browsing the web. For example, you want to access a geo-restricted show on Netflix, so you change the server to an approved country and reload the page. Then you realize that the content is still blocked. This means that your real IP might have just been leaked.
The best VPNs all have some clever scripts programmed into their apps to minimize this risk. As I mentioned, your IP leaking is not always the VPN’s fault. Sometimes the configuration of your computer and the many apps within are to blame. Even the browser you use and the add-ons installed in it can cause IP leaks.
When to Use a VPN
There are a number of good reasons to use a VPN:
- It encrypts your activity on the web.
- It hides your activity from anyone who might be interested in it.
- It hides your location, enabling you to access geo-blocked content (e.g. on Netflix and other sites).
- Makes you more anonymous on the web.
- Helps you keep the connection protected when using a public WiFi hotspot.
Overall, use a VPN if your web privacy, security, and anonymity are important to you. Roughly $3-5 a month is a small price to pay for all of that.
When Not to Use a VPN
As predictable as this may sound, we really see no good reason not to use a VPN if you’re taking your online security and privacy seriously (here are 7 main reasons why to use a VPN).
VPNs are incredibly useful as another layer of security on top of SSL protocols on websites, having a good antivirus program, not downloading shady software, not sharing too much private information on social media, and so on. Overall, they’re your next step towards using the web more consciously and with sufficient precautions set up.
There are not many downsides to them. Perhaps the only one being that your connection can sometimes slow down. After all, you’re routing your data through an extra server.
What do you think? Are you convinced of the idea of a VPN and thinking about getting one? Take a look at our plentiful reviews comparing more than 70 popular VPNs.