We’re so accustomed to the idea of our data traveling over the air via Wi-Fi that we’ve stopped thinking about just who else might be seeing that data. Public Wi-Fi networks, for example, are commonplace and offer great convenience, but they are also excellent avenues for attackers looking to seize your personal information. When even your ISP can sell your browsing history it’s past time to be concerned about who’s looking at your data.
Enter virtual private networks (VPNs). These services use simple software to secure your internet connection, and they give you greater control over how you appear online, too. While you might never have heard of VPN services, they are valuable tools that you should understand and use. So who needs a VPN? Everyone does.
What Is a VPN?
In the simplest terms, a VPN is used to create a secure, encrypted connection, which can be thought of as a tunnel, between your computer and a server operated by the VPN service. In a professional setting, this tunnel makes you part of the company’s network, as if you were physically sitting in the office—hence the name.
While you’re connected to a VPN, all your network traffic passes through this protected tunnel, and no one—not even your ISP—can see your traffic until it exits the tunnel from the VPN server and enters the public internet. If you make sure to only connect to websites secured with HTTPS, your data will continue to be encrypted even after it leaves the VPN.
Think about it this way: If your car pulls out of your driveway, someone can follow you and see where you are going, how long you are at your destination, and when you are coming back. They might even be able to peek inside your car and learn more about you. With a VPN service, you are essentially driving into a closed parking garage, switching to a different car, and driving out, so that no one who was originally following you knows where you went.
Of course, it would be misleading to claim that any security product is a magic bullet. VPN services, while tremendously helpful, are not foolproof. A determined adversary can almost always breach your defenses in one way or another. Using a VPN can’t help if you unwisely download ransomware on a visit to the Dark Web, or if you unwisely give up your data to a phishing attack. What a VPN can do is to protect you against mass data collection and the casual criminal vacuuming up user data for later use.
Who Needs a VPN?
The protection provided by a VPN offers many advantages. First and foremost, it prevents anyone on the same network access point (or anywhere else) from intercepting your web traffic in a man-in-the-middle attack. This is especially handy for travelers and for those using public Wi-Fi networks, such as web surfers at hotels, airports, and coffee shops. VPNs also cloak your computer’s actual IP address, making it harder for advertisers (or spies, or hackers) to track you online.
Many VPN services also provide their own DNS resolution system. Think of DNS as a phone book that turns a text-based URL like “pcmag.com” into an IP address that computers can understand. Savvy snoops can monitor DNS requests and track your movements online. Greedy attackers can also use DNS poisoning to direct you to bogus phishing pages designed to steal your data. When you use a VPN’s DNS system, it’s another layer of protection.
This is just common-sense security, but there are also people for whom a VPN is essential for personal and professional safety. Journalists and activists rely on VPN services to circumvent government censorship so they can safely communicate with the outside world. Of course, doing so may be against the law, depending on the country in which they’re located.
Some services, such as TorGuard and NordVPN, allow peer-to-peer file sharing and the use of BitTorrent sharing. Others cancel your subscription if you use their servers for file sharing. Be smart: Learn the company’s terms of service—and the local laws on the subject. That way you can’t complain if you get caught.
How to Choose a VPN Service
The VPN services market has exploded in the past few years, and a small competition has turned into an all-out melee. Many providers are capitalizing on the general population’s growing concerns about surveillance and cybercrime, which means it’s getting hard to tell when a company is actually providing a secure service and when it’s throwing out a lot of fancy words while selling snake oil. In fact, since VPN services have become so popular in the wake of Congress killing ISP privacy rules, there have even been fake VPNs popping up, so be careful. It’s important to keep a few things in mind when evaluating which VPN service is right for you: reputation, performance, type of encryption used, transparency, ease of use, support, and extra features. Don’t just focus on price, though that is an important factor.
That said, not all VPN services require that you pay. Several services we’ve listed here also have free VPN offerings. You tend to get what you pay for, as far as features and server locations go, but if your needs are basic, a free service can still keep you safe. TunnelBear, for example, offers a limited but serviceable free VPN.
Some VPN services provide a free trial, so take advantage of it. Make sure you are happy with what you signed up for, and take advantage of money-back guarantees if you’re not. This is actually why I also recommend starting out with a short-term subscription—a week or a month—to really make sure you are happy. KeepSolid VPN Unlimited offers a one-week Vacation subscription, for example. Yes, you may get a discount by signing up for a year, but that’s more money at stake should you realize the service doesn’t meet your performance needs.
Can Your Trust Your VPN Service?
If you’re using a service to route all your internet traffic through its servers, you have to be able to trust the provider. Established security companies, such as F-Secure, may have only recently come to the VPN market. It’s easier to trust companies that have been around a little longer, simply because their reputation is likely to be known. But companies and products can change quickly. Today’s slow VPN service that won’t let you cancel your subscription could be tomorrow’s poster child for excellence.
I’m not a cryptography expert, so I can’t verify all of the encryption claims providers make. I focus, instead, on the features provided. Bonus features like ad-blocking, firewalls, and kill switches that disconnect you from the web if your VPN connection drops, go a long way toward keeping you safe. I also prefer providers that use OpenVPN, since it’s a standard that’s superior to the older PPTP. It’s also, as the name implies, open source, meaning it benefits from many eyes looking for potential problems.
Most users want a full graphic user interface for managing their VPN connection and settings, though a few would rather download a configuration file and import it into the OpenVPN client. Most VPN companies I’ve reviewed support all levels of technological savvy, and the best have robust customer support for when things go sideways.
While a VPN can protect your privacy online, you might still want to take the additional step of avoiding paying for one using a credit card, for moral or security reasons. Several VPN services now accept PayPal, Bitcoin, and other alternate payment methods. In a few cases, VPN services may even accept retailer gift cards. That Starbucks gift card may be better spent on secure web browsing than a mediocre-at-best latte.
It’s also important to remember what a VPN can and cannot do. While it hides your IP address, it’s not a true anonymization service. For that, you’ll want to access the Tor network, which will almost certainly slow down your connection. That said, some services, such as NordVPN, offer Tor access on specific servers. IVPN offers a similar feature called multi-hop VPN, which lets you route your web traffic in tricky ways.
VPNs by the Numbers
Some important things to look for when shopping for a VPN are the number of licenses for simultaneous connections that come with your fee, the number of servers available, and the number of locations in which the company has servers. It all comes down to numbers.
Most VPN services allow you to connect up to five devices with a single account. Any service that offers fewer connections is outside the mainstream. Keep in mind that you’ll need to connect every device in your home individually to the VPN service, so just two or three licenses won’t be enough for the average cohabitating pair. Note that many VPN services offer native apps for both both Android and iOS, but that such devices count toward your total number of connections.
Of course, there are more than just phones and computers in a home. Game systems, tablets, and smart home devices such as light bulbs and fridges all need to connect to the internet. Many of these things can’t run VPN software on their own, nor can they be configured to connect to a VPN through their individual settings. In these cases, you may be better off configuring your router to connect with the VPN of your choice. By adding VPN protection to your router, you secure the traffic of every gadget connected to that router. And the router—and everything protected by it—uses just one of your licenses. Nearly all of the companies I’ve reviewed offer routers with preinstalled VPN software, making it even easier to add this level of protection.
When it comes to servers, more is always better. More servers mean that you’re less likely to be shunted into a VPN server that is already filled to the brim with other users. Private Internet Access currently leads the pack with well over 3,000 servers at its disposal. But the competition is beginning to heat up. Last year, only a handful of companies offered more than 500 servers, now it’s becoming unusual to find a company offering fewer than 1,000 servers.
The number and distribution of those servers is also important. The more places a VPN has to offer, the more options you have to spoof your location! More importantly, having numerous servers in diverse locales means that no matter where you go on Earth you’ll be able to find a nearby VPN server. The closer the VPN server, the better the speed and reliability of the connection it can offer you. Remember, you don’t need to connect to a far-flung VPN server in order to gain security benefits. For most purposes, a server down the street is as safe as one across the globe.
What’s the Fastest VPN?
While it’s often said that having to choose between security and convenience is a false dichotomy, it is at least somewhat true in the case of VPN services. When a VPN is active, your web traffic is going through many more steps than normal and being bounced around in surprising ways. The end result is that your internet connection will likely be more sluggish than normal.
The good news is that using a VPN probably isn’t going to remind you of the dial-up days of yore. Most services provide perfectly adequate internet speed when in use, and can even handle streaming HD video. 4K video and other data-intensive tasks like gaming are another story, however. Some VPN services, such as NordVPN, have started to roll out specialty servers for high-bandwidth activities. And nearly every service I’ve tested includes a tool to connect you with the fastest available network. Of course, you can always limit your VPN use to when you’re not on a trusted network.
In some very rare cases, VPN services can actually improve your internet performance. That was the case for PureVPN, IPVanish, and ExpressVPN in my testing. This is likely because these services have access to high-bandwidth infrastructure that your traffic is routed through when the service is active.
When I test VPNs, I use the Ookla speed test tool. (Note that Ookla is owned by PCMag’s publisher, Ziff Davis.) This test provides metrics for latency, download speeds, and upload speeds. Any one of these can be an important measurement depending on your needs, but I tend to view the download speed as the most important. After all, we live in an age of digital consumption.
Using that measurement, PureVPN is the fastest VPN by far. It’s followed by the aptly named ExpressVPN and IPVanish VPN. But networks can be fickle things and your mileage may vary.
Can I Use a VPN for Netflix?
Borders still exist on the web. New, major-release films and television shows are often available on Netflix outside of the US yet only available for purchase via Amazon, iTunes, or on the Windows Store within the US. But if you were to select a VPN server in a country with rights to the show, your computer’s IP address would appear to be in that country, allowing you to view the content. Of course, you might find Netflix in other countries to be even more restrictive.
The trouble is that Netflix and similar streaming services are getting wise to the scam. In my testing, I found that Netflix blocked streaming more often than not when I was using a VPN. There are a few exceptions, but I also have Netflix is actively working to protect its content deals. What works today may not work tomorrow.
You’ll note that I said “scam,” above, and that is more or less true. Just because you paid for Netflix in one place does not mean you’re entitled to the content available on the same service but in a different location. Media distribution and rights are messy and complicated. You may or may not agree with the laws and terms of service surrounding media streaming, but you should definitely be aware that they exist and understand when you’re taking the risk of breaking them.
Using a Mobile VPN
I used to advise people to do banking and other important business over their cellular connection when using a mobile device, since it is generally safer than connecting with a public Wi-Fi network. But even that isn’t always a safe bet. Researchers have demonstrated how a portable cell tower, such as a femtocell, can be used for malicious ends. The attack hinges on jamming the LTE and 3G bands, which are secured with strong encryption, and forcing devices to connect with a phony tower over the less-secure 2G band. Because the attacker controls the fake tower, he can carry out a man-in-the-middle attack.
Admittedly, this is an exotic attack, but it’s far from impossible. And Wi-Fi attacks are probably far more common than we’d like to believe. That’s why I recommend getting a VPN app for your mobile device to protect all your mobile communications. Even if you don’t have it on all the time, using a mobile VPN is a smart way to protect your personal information.
Most VPN services offer apps on both Android and iOS, saving you the trouble of configuring your phone’s VPN settings yourself. VPN providers typically allow up to five devices to be connected simultaneously under a single account. Also, while there are free VPN services available, many require that mobile users sign up for a paid subscription.
Not all mobile VPN apps are created equal. In fact, most VPN providers offer different services (and sometimes, different servers) for their mobile offerings than they do for their desktop counterparts. I am pleased to see that NordVPN and Private Internet Access provide the same excellent selection of servers regardless of platform. These apps received an Editors’ Choice nod both for desktop VPN apps and Android VPN apps. KeepSolid and and NordVPN win when it comes to VPN apps for the iPhone.
One feature of note for Android users is that some VPN services also block online ads and trackers. While iPhone owners can use apps like 1BlockerFree at iTunes Store to remove ads and trackers from Safari, ad blockers aren’t available on the Google Play store. But if you were to use Spotflux or Private Internet Access, ads would be a thing of the past.
If you’re of the iPhone persuasion, there are a few other caveats to consider for a mobile VPN. Many iPhone VPN apps don’t use OpenVPN, even if the VPN service that made the app supports the protocol. That’s because Apple requires additional vetting if a company wants to include OpenVPN with its app.
Thankfully, there’s a workaround for this problem. Instead of using the VPN app from the company from which you’ve purchased a subscription, you can download the standalone OpenVPN app. Open it, and you can enter your subscription information from the VPN company you’ve decided to work with. The OpenVPN app will then connect to the VPN company’s servers using my preferred protocol.
Which VPN Is Right For You?
Computer and software providers work hard to make sure that the devices you buy are safe right out of the box. But they don’t provide everything you’ll need. Antivirus software, for example, consistently outperforms the built-in protections. In the same vein, VPN software lets you use the web and Wi-Fi with confidence that your information will remain secure. It’s critically important and often overlooked.
Even if you don’t use it every moment of every day, a VPN is a fundamental tool that everyone should have at their disposal—like a password manager or an online backup service. And one that will only become more important as our more of our devices become connected. So get safe, and get a VPN.