VPN is one of those “web things” that seem perhaps a bit intimidating when you first hear about them. However, once you get into it, they turn out to be really easy to use.
Today, we’ll demystify the topic of VPNs, what they can do for you, why use them, and how they all work under the hood.
Plus, we’ll give you some recommendations along the way, to help you pick the optimal VPN for your personal needs.
This is the beginner’s guide to VPN:
- What is a VPN
- How Does a VPN Work
- How Secure is VPN
- Is VPN Fully Legal
- Does VPN Make You 100% Anonymous
- VPNs and Their Logging Policy
- Free vs. Paid VPNs
- Is VPN Safe for Torrenting
- Can I Use VPN to Watch Netflix/Hulu
- Does VPN Work on Android/iOS
- Does VPN Work on SmartTV/Kodi
- How to Install VPN on Router
- VPN & Tor Combination
- IP Leaks and Kill Switch
- When to Use a VPN
- When Not to Use a VPN
What Is a VPN
There are two ways of explaining this, really: (a) the 100% technologically correct way, and (b) the easier to grasp way that’s actually useful. I subscribe to the latter – especially since this resource is meant to be a beginner’s guide.
From a user’s point of view, all you must know is that a VPN (short for Virtual Private Network) is a service that lets you access the web safely and privately. This is all done by routing your connection through what’s called a VPN server.
If you have a friend who’s an IT professional then their definition might be a bit different, and involving a lot more technical detail (and jargon). However, at the end of the day, the VPN that’s actually an useful tool from a normal user’s point of view can still be defined by what we’ve said here.
On the face of it, a VPN is something you subscribe to – a product. All you do in order to use a VPN is sign up, download a small app, fire it up, and you’re good to go. But we’ll get into the specifics further down.
How Does a VPN Work
We might have used the following illustration on the site once or twice already, but it still does a great job of explaining what it is that a VPN actually does.
Here’s how things work when you’re connected to the web without a VPN – please excuse the simplicity and just bear with me for a minute:
Albeit it’s the standard, this sort of connection has some flaws. Mainly all your data is out there in the open, and whoever wants to take a peek at what’s being transmitted, can.
What do I mean by take a peek? Well, this is all due to the way the web is constructed. More or less, what we know as “the web” is basically a bunch of computers (servers) that are responsible for storing websites and then serving them to whoever wants to look at them. And those servers talk with each other all the time.
For example, let’s say that you want to see a website located on a server that’s really far away. If that’s the case then there’s going to be at least a handful of servers that are going to participate in the transfer of this data and ultimately allow you to see the website. Now, the important part is that each of those servers will be able to check what it is that’s being sent/requested. Not great for privacy.
You can think of it like taking a flight to a place that’s on the other side of the globe. On your way, you will interact with clerks, sales representatives, airports, crew, other passengers, etc. Potentially, there’s going to be hundreds of people who can all help in identifying you as you’re going from A to B. The same thing happens on the web, to an extent.
If it’s just a fun website that you’re looking at then no need to worry. It doesn’t matter if someone takes a peek into that or not. But if it’s online banking we’re talking about, business email, or anything else that’s a bit more sensitive then it’s a whole other story.
Now, here’s how the same connection looks with a VPN enabled:
What’s happening now is that your connection goes to the VPN server first – via an encrypted connection – and only then goes through “to the web.”
In other words, you connect through a third party – the VPN server – and then it’s the VPN server that connects to the web on your behalf.
This solves the privacy and security problem for us in a couple of ways:
- from the web’s point of view, it appears as if the VPN server is responsible for the traffic, not you,
- no one can (easily) identify you or your computer as the source of the traffic, nor what you’re doing (what websites you’re visiting, what data you’re transferring, and so on),
- since your connection is encrypted, even if someone takes a peek into what’s being transmitted, all they’ll see is some cobbled up data that doesn’t make sense.
As you would imagine, such a scenario is much safer than connecting to the web the traditional way. But how secure is it exactly? Let’s find out:
How Secure Is VPN?
The topic of VPN security is one that always causes a huge debate among IT pros and people with a horse in the race on either side. But it basically comes down to a couple of factors:
- 1. There’s the technical limitations of the VPN technology itself,
- 2. The legal ecosystem and jurisdiction that the company providing the VPN has been set up in, plus the company’s own policies and views on “what a good VPN should be” – this has an impact on how the company is legally able to build their VPN.
What all of the above means, in the end, is that no two VPNs are created alike, and there can be significant differences from one VPN provider to the other in terms of security.
Overall, the “idea of VPN” in itself is a very secure one, but the devil is in the details, so your mileage may vary depending on the provider that you choose.
Let’s break down the two elements mentioned above. Starting with (a):
(a) The technologies that are part of a VPN and how they translate to VPN security
When talking about VPNs and their security we need to cover two topics:
- VPN protocols
- VPN encryption
Let’s start with the former. While the topic of protocols can be a rather complex computer science concept, all we need to know now is that a protocol is basically a documented procedure or a set of rules that define how something is carried out. In our case, that something is handling data transmission via a VPN.
As you would imagine, there can be different ways of handling that transmission, and depending on the specific VPN that you decide to use, you’ll likely see one of the popular protocols implemented.
The most common protocols are: PPTP, L2TP, SSTP, IKEV2, and OpenVPN. Let’s just discuss them briefly so that you know what you’re getting into and what impact your choice can have on your overall VPN security.
- PPTP (Point-To-Point Tunneling Protocol). This is one of the oldest protocols in use, originally designed by Microsoft. Pros: works on old machines, can be used out the gate with most Windows PCs (comes with the system), and it’s easy to set up. Cons: by 21st century’s standards, it’s barely secure. If the VPN you’re considering subscribing to lets you connect via only this, avoid.
- L2TP/IPsec (Layer 2 Tunneling Protocol). This is a combination of the PPTP and Cisco’s own protocol – the L2F. Although the idea behind this protocol is sound – it uses keys to establish a secure connection on each end of your data tunnel (so that nobody can take a peek at what’s being transmitted) – the execution of it isn’t actually very safe at all. The addition of the IPsec protocol to the mix improves security a bit, but there are reports of NSA’s alleged ability to break this protocol and see what’s being transmitted. No matter if those are actually true, the fact that there’s a debate at all is perhaps enough to avoid this as well.
- SSTP (Secure Socket Tunneling Protocol). This is another Microsoft-built protocol on this list. Though this time the connection is established with some SSL/TLS encryption (the de-facto standard for web encryption these days). SSL’s and TLS’s strength is built on symmetric-key cryptography – a setup in which only the two parties involved in the transfer are able to decode the data within. Overall, SSTP is a very secure solution.
- IKEv2 (Internet Key Exchange, Version 2). This one, as you’d guess, is another creation of Microsoft’s. Microsoft has its pawns on all boards, it seems. Though this time, it’s an iteration of Microsoft’s previous protocols, and a much more secure one at that. It provides you with some of the best security.
- OpenVPN. This protocol has been designed to take what’s best in all of the above protocols and also do away with most of the flaws. It’s based on SSL/TLS and it’s an open source project, which means that it’s constantly being improved by hundreds of developers. It secures the connection by using keys that are known only by the two participating parties on either end of the transmission. Overall, it’s the most versatile and secure protocol out there.
Generally speaking, most VPNs will allow you to select the protocol through which you want to establish the connection. Obviously, the more secure protocol you connect through (OpenVPN, IKEv2), the more secure your whole session will be.
However, not all devices will allow you to use all these protocols. Since most of them were built by Microsoft, you’ll naturally be able to use them on all Windows PCs. For Apple devices, though, you will come across some limitations. For example, L2TP/IPsec is the default protocol for iPhone. And Android … well, Android has some problems of its own, which we’ll get to later on.
Then there’s the topic of encryption itself. In its most basic form, encryption works by:
- taking some plain data,
- applying a key to it (for instance, shifting every letter three letters back, so every “E” becomes a “B” and so on – known as the Caesar cipher – the original encryption algorithm),
- getting fully encrypted data as a result,
- that data is then only readable by someone who has that original key used to cipher it.
Modern encryption algorithms work basically just like that, but on steroids – they’re thousands of times more complex than that original Caesar cipher. At the end of the day, the only thing you need to remember is that if your data is being encrypted with the AES algorithm of at least 128 bits then it’s perfectly safe. So if your VPN provides you with that possibility, you can sleep peacefully.
If you’re interested, you can learn more about encryption here.
At the end of the day, your VPN can be super secure, but it all comes down to the protocol that you’re connecting with and the encryption mechanism that’s used when handling your information.
(b) The legal ecosystem and company’s vision
(Note. None of this is legal advice. Read for entertainment purposes only.)
Being completely honest with you, all good VPN companies will do everything they can to protect your data, your privacy, and your overall security on the web. However, they’re still subject to the law in the jurisdiction they’re in.
Depending on the local law of the country where the VPN was established in, they may be forced by court order to share whatever records they have regarding your activity.
Now, the key part here is that choosing a VPN that’s in another country won’t necessarily solve this issue for you. There are international agreements between countries to share information in cases like that. Of course, depending on your location, if you do enough research, you can find a VPN established in a country that doesn’t have any such agreements in place with your country.
So in the end, you are only secure with a VPN if it’s not only willing and technically capable of keeping your information safe and private, but also if it’s legally allowed to do it.
Actually, let’s tackle this topic a bit more broadly and focus on answering the general question:
Is Using a VPN Fully Legal?
In a word, yes. Though, not always.
First off, VPNs as a concept are somewhat new in “legal years,” so not all jurisdictions have managed to keep up. This means that the rules are murky and can be up for interpretation either way.
However, VPNs seem to be okay to use in most countries. Particularly if you’re located in the US, Canada, the UK, the rest of Western Europe. (Important! What matters here is your physical location when using the VPN.)
When it comes to the countries where VPNs are not okay, based on our research, those are: China, Turkey, Iraq, United Arab Emirates, Belarus, Oman, Russia, Iran, North-Korea, and Turkmenistan.
To learn more about the legality of VPN in your country:
- consult with your local government (duh!),
- review this in-depth resource of ours – it’s where we go through more than 190 countries and tell you what’s up.
Does VPN Make You Fully Anonymous Online?
In a word, no. But the extent to which it does is still impressive. But let’s hold off on this thought and start somewhere else:
As you already know, when you’re not using a VPN, your connection is fully in the open and every server that’s helping on with the connection can take a peek into what’s being transmitted. On top of that, there’s your ISP (Internet Service Provider), and even the person who owns the Wi-Fi router that you’re connected to (if it’s a public hotspot). All of those parties can find out what you’re transmitting.
Connecting via a VPN solves many of those problems by encrypting your transmission and also making it appear as if it’s the server itself that’s making the connection and not you.
Though, there are still some anonymity issues that stay potentially unsolved:
- Are there any logs kept by the VPN? More on this in the next section below.
- The jurisdiction under which the VPN is established. In some cases, they might be legally forced to keep records. In other words, what happens when the government comes asking questions?
- If you’re paying for the VPN, do they keep payment records? Are those payment records by name?
- Is the encryption level sufficient and the connection protocol a quality one? We talked about this above.
Overall, not every VPN will protect your anonymity equally. However, if you make your choice wisely, you can avoid most (if not all) of the problems described above. Here’s our comparison of the top VPNs in the market to help you out.
VPNs and Their Logging Policy
Logging is the main issue as it relates to VPNs and the level of anonymity and privacy they can provide you with.
Long story short, there are multiple kinds of logs that a VPN can keep:
- user activity logs,
- IP addresses,
- timestamps of when you connected/disconnected,
- devices used,
- payment logs if it’s a paid VPN, etc.
Any such logs make you a tiny bit less anonymous since your IP can be connected to a given browsing session that you had. Of course, tying this to you personally is very difficult but still kind of doable if some agency is deliberate enough.
Overall, the less logs your VPN keeps the better. With “none” being ideal.
But here’s the kicker, most VPNs these days will tell you that there’s “no logs” when you visit their websites and start reading through the sales material on the homepage. But where you should actually look is their privacy policies.
When and if a competent court of law orders us or an alleged victim requests us (that we rigorously self-assess) to release some information, with proper evidence, that our services were used for any activity that you agreed not to indulge in when you agreed to our Terms of Service Agreement, then we will only present specific information about that specific activity only, provided we have the record of any such activity.
As you can see, it’s all in the details. Anyways, we did the research for you – here’s our big roundup of 118 VPNs and their logging policy. Check it out when picking your VPN.
FREE VPNs vs. Paid VPNs
In general, free VPNs are something you should be careful with. The first thing to realize is that running a good VPN costs serious money. There’s a lot of servers involved (and those cost money), a lot of data transfers being made over the web (and that costs money too), a lot of other infrastructure (real estate, electricity, etc.), and so on and so forth. So if at the end of it all the product is completely free for you, it probably means that some compromises have been made along the way.
Maybe the VPN is logging your activity for their own reasons. Maybe there’s a filter on your traffic displaying you ads. Maybe someone is paying for access to your logs or the ability to advertise to you. Either way, the situation is not perfect.
On the other hand, paying for a VPN isn’t actually such huge of an investment anyway. We’ve tested a number of great solutions that go around for as little as $3-5 per month, which doesn’t seem a lot in exchange for peace of mind and improved online privacy.
If you’re still not interested in paying, we have a research piece about the top free solutions in the market. We tested 7 of them and looked into their security practices, whether they keep logs, and more.
How Much Does a VPN Cost?
Just as I mentioned above, you can get a quality VPN for as little as $3-5 a month. Actually, the average out of 31 popular VPNs is $5.59 a month, which tells you a lot about what sort of an expense this usually is. VPNs that cost more than $10 are really uncommon, and there’s not a lot of reason to buy them since there are more affordable solutions out there.
Additionally, most VPNs also give out big discounts if you’re willing to subscribe for one or two years up front, instead of renewing your subscription monthly. For example, Private Internet Access – a VPN that we very much enjoy – costs $6.95 if paid monthly, but $39.95 when paid annually (which translates to $3.33 per month – that’s over 50% off).
We have a more in-depth pricing comparison table here (roughly in the middle of the page). And if you’re strapped for cash, you can also check out our roundup of the currently cheapest VPNs and free VPN options.
Can You Use VPN for Torrenting Safely?
In general, yes, but that depends on the specific VPN that you’re using and also the kind of things that you are torrenting.
Let’s start with that second part – what you’re torrenting.
In general, torrenting is just a common name for a specific protocol used to transfer data and files over the web. Although it gets a lot of bad rap overall, torrenting is perfectly okay and legal if you’re transferring files that you have the rights to. Piracy, on the other hand, is completely illegal regardless of the tools that you use to do it.
Then, there’s the VPN’s own policy regarding torrenting and how it’s handled.
Most of the quality VPN solutions in the market will allow torrenting. According to our research, for example, you can torrent with: ExpressVPN, Buffered, VyprVPN, PIA, NordVPN.
When it comes to the security aspect of torrenting, it all comes down to the VPN’s aforementioned policies regarding things like logging or sharing your user data. In general, if a VPN doesn’t keep logs overall then they also don’t keep them for your torrent activity.
Another aspect that’s also worth considering when choosing a VPN for torrenting are the download speeds that the VPN can offer you. Of course, this sort of information is not advertised anywhere so it’s hard to come by, most of the time you only find out after you buy the VPN. Though, we did some testing of our own here, and based on it, we can recommend these VPNs for their good download speeds: ExpressVPN, VyprVPN, PIA, and Buffered.
Can I Use VPN to Watch Netflix and Hulu?
Yes. But like with most things on this list, it all comes down to the specific VPN that you use.
The problem with Netflix overall is that even though it’s now available in over 130 countries, not all shows are distributed equally. Due to complicated licensing agreements that were established before Netflix’s big international rollout, various TV stations retain the rights to some of even Netflix’s own shows, which effectively prevents Netflix from legally making those shows available on their platform. Complicated legal stuff. But VPNs can help here.
The way that Netflix and Hulu block some of their content in parts of the globe is based on location filters. Meaning, if you’re in a country that’s banned, you’re banned.
VPNs make this easy to fix. Since you can select the server that you want to connect with, all you need to do to unlock certain Netflix shows is to simply connect with a server that’s in a country where that show is available. That’s all.
We have a comprehensive post on how to watch Netflix via a VPN + the best VPNs that allow you to do that right here.
Does VPN Work on Android and iOS?
Again, that’s a yes.
Many of the top VPN services out there also let you download mobile apps for either Android or iOS.
Here’s our top selection:
- VPNs for Android: PIA, Tunnelbear VPN, ExpressVPN.
- VPNs for iOS: ExpressVPN, IPVanish, SaferVPN, VyprVPN, NordVPN.
Both platforms let you set up a VPN connection rather easily. For instance, on iPhone, you can do that in Settings → General → VPN.
With all that being said, be careful if you’re tempted by any of the free VPN apps for either Android or iOS. There’s research by a team of specialists (from CSIRO’s Data61, the University of New South Wales, the International Computer Science Institute and the University of California Berkeley), going through more than 280 free Android apps that use Android VPN permissions. The research reveals that 38% of those apps include malware, 84% leak users’ traffic and 75% use tracking libraries. So there’s that.
Does VPN Work on Kodi/SmartTV?
Your smart TVs and Kodi boxes are yet another things that require a live internet hookup in order to provide you with their goodies. And with that, a VPN can help you keep those streams private, so that only you and the service itself know what you’re watching.
There are two ways in which you can enable a VPN connection on your smart TV:
- configure it on the device itself,
- configure it right on your router – effectively protecting your whole home network and everything that’s connected to it (we cover this in the next section below).
Let’s focus on the former here. Overall, many of the quality VPNs come with the ability to configure them right on your smart TV. For example, VyprVPN – which is one of our recommended VPNs – comes with an app for Android TV, and also with detailed instructions for Kodi/OpenELEC and Apple TV. Other VPNs in the market provide you with similar options.
Some of the networks that support smart TV devices and boxes: ExpressVPN, VyprVPN, NordVPN.
How Do I Install VPN on My Router?
Installing a VPN on your home router is the best way to make sure that everything that’s connected to that router is put through a safe VPN connection. In that scenario, you no longer need to install individual apps on your mobile devices, laptops, smart TVs or anything else with web access.
The first order of business is to make sure that your router is compatible with VPNs. This can be done on the website of the manufacturer that produced the router. Often, though, most DD-WRT and Tomato-boosted FlashRouters are compatible with VPNs.
The specific steps involved in setting things up differ from VPN to VPN and your specific VPN provider likely has a dedicated section on their website devoted to explaining how to carry through with the process. For example, here’s how to do this if you’re with ExpressVPN and here’s PIA.
We also have an example demonstration of how it’s done on most DD-WRT routers on this page (near the bottom).
In the end, the installation is quite simple, and it only involves you logging in to your router and then filling out a couple of standard forms – nothing you won’t be able to handle.
VPN & Tor – How to Use the Combination
Even though Tor and VPN are fundamentally different, they can still be used together for maximum security and online privacy.
- Tor gives you the ability to access the web by routing your connection through a number of random nodes, while also encrypting that connection at every stage.
- VPN gives you access to just one server at a time. Though, the nature of it is a bit different in principle, so we can’t say things like “Tor or VPN is better” than the other.
(We talked about the differences between Tor and VPN in detail on this site already, so feel free to visit that post to get the full picture.)
One of the good things about Tor is that you can use it 100% free and there are no built-in limitations to that free version. All you need to do is grab the official Tor web browser. Once you have it, you just need to fire it up like your standard Chrome or Firefox browser, click the connect button, and you’re up and running.
Due to this way in which Tor works, you can combine it with your VPN setup. All you need to do is:
- Enable your VPN connection normally – via your VPN’s official app. From this point on, everything that involves communicating with the web goes through your VPN.
- Open your Tor browser and connect with Tor.
At this stage, you have VPN running on top of your Tor connection (or the other way around).
The main downside with such a setup, though, is that it’s going to be much slower than your standard, VPN-only connection. Tor on its own slows down your experience noticeably, and when combined with VPN on top of it, the results can be even more dramatic. On the plus side, it gives you super privacy, which is a huge plus.
IP Leaks and Kill Switch
Let’s start with kill switch, since it’s a crucially useful feature offered by quality VPNs.
In simple terms, a kill switch is a feature that will automatically kill your internet access if the encrypted, safe connection should ever drop. In other words, if there’s any connectivity issue at all, the kill switch will trigger and block all activity until the connection comes back up.
In an alternative scenario, if your VPN doesn’t have a kill switch and any connectivity issue arrises then it’s probable that your device might attempt to restore the standard, unprotected connection, thus exposing what you’ve been doing up until that point.
According to our research, the following VPNs have a kill switch: ExpressVPN, PIA, VyprVPN, SaferVPN.
IP leaks are a known vulnerability with some setups that people use to access the web. Though, this is not entirely a VPN problem at its core.
cIP leaks can happen when your VPN fails to hide your actual IP as you’re browsing the web. For example, you want to access a geo restricted show on Netflix, so you change the server to an approved country and reload the page. However, you realize that the content is still blocked. This means that your real IP might have just been leaked.
The best VPNs all have some clever scripts programmed into their apps to minimize this risk. However, as I mentioned, your IP leaking is not always the VPN’s fault. Sometimes the configuration of your computer and the many apps within are to blame. Even the browser you use and the add-ons installed in it can cause IP leaks.
When to Use VPN
There are a number of good reasons to use VPN, here are some:
- It encrypts your activity on the web.
- It hides your activity from anyone who might be interested in taking a look.
- It hides your location, enabling you to access geo-blocked content (e.g. on Netflix and other sites).
- Makes you more anonymous on the web.
- Helps you keep the connection protected when using a public Wi-Fi hotspot.
Overall, use a VPN if your web privacy, security, and anonymity are important to you. Roughly $3-5 a month is little price to pay for all that.
When Not to Use a VPN
As predictable as this may sound, we really see no good reason not to use a VPN if you’re taking your online security and privacy seriously.
VPNs are just incredibly useful as this another layer of security on top of SSL protocols on websites, having a good antivirus, not downloading shady email, not sharing too much private information on social media, and so on. Overall, they’re your next step towards using the web more consciously and with sufficient precautions set up.
There’s really not a lot of downsides to them. Perhaps the only one being that your connection can sometimes slow down – after all, you’re routing your data through an extra server.
But what do you think? Are you convinced to the idea of a VPN and think about getting one? Don’t forget about our huge case study comparing more than 30 popular VPNs.