VPN stands for Virtual Private Network. In simple terms, it is a service that protects your privacy and Internet connection while online, as well as helps bypass censorship and other restrictions.
It does this by creating an encrypted tunnel through which to send your data. In a sense, a VPN acts as a middleman between your device and remote servers, and carries your data over existing networks without exposing it to the public Internet.
It can especially benefit you while using public wifi networks – a VPN will ensure your IP address is hidden and your online identity is secured from ISPs, third parties, or any prying eyes.
In this article, we’ll explain what a VPN is and how it works in more detail, as well as cover the ways it can be useful for privacy in your daily life.
How does a VPN work?
A VPN changes your real IP address by rerouting your traffic through one of its servers through an encrypted tunnel. Simply put, you need a remote server and a VPN tunneling protocol (or VPN client app) to establish a secure connection.
Let’s look at an example of how visiting Amazon would work without a VPN. You enter the Amazon homepage, it loads, and you can do your Christmas shopping.
Here’s how it works in more technical terms:
- Your browser contacts a Domain Name Server (DNS) assigned by your ISP, asking it to translate the website domain into an IP address.
- Knowing the Amazon server’s IP address, your device can now send a request and retrieve the website.
- Your ISP routes your request to the Amazon server and returns a response.
This is very simplified, but that’s essentially how any connection works if you’re not using a VPN. In this example, the Amazon website is secure and uses TLS/SSL (HTTPS), so your connection is encrypted. If you visit an insecure website that doesn’t have TLS, your data won’t be encrypted.
But despite the TLS encryption, this type of session still isn’t completely private. By sending a DNS request to your ISP, you are telling your ISP that you want to visit Amazon.com. Amazon also knows your IP address and can therefore determine your location as well as, potentially, your identity.
Now let’s look at an example of how visiting Amazon would work if you were using a VPN:
- Firstly, you would connect to a VPN server in a country of your choosing, let's say the UK.
- The VPN app uses a tunneling protocol to create an encrypted connection to the VPN server.
- You head over to Amazon’s homepage. Yet this time, the DNS query is resolved by the VPN, denying your ISP knowledge of what you’re doing.
- The VPN establishes a connection between their server and the Amazon.com server.
- Traffic goes from you to the VPN server, then to Amazon’s server, and back.
That’s how a VPN establish a secure connection between you and the Internet. It serves you well especially if you’re using a public wifi network. Also, a top-class VPN will ensure a no-logs policy, which means that none of you data can be tracked, recorded, or otherwise compromised.
Why should you use VPN?
A VPN can not only help you protect your privacy – it brings many more benefits than staying secured from prying Internet eyes. Here are some other advantages of using VPN:
- Data encryption. A VPN encrypts your data by rerouting your traffic via an encrypted tunnel. This makes your data secure and completely anonymous. Hence, nobody can expose your identity and your data is protected from the rest of the Internet.
- Hides your online activities. Using a VPN helps you avoid surveillance – all your ISP will see is you connecting to a VPN and none of your online activities can be exposed.
- Access geo-restricted content. With a VPN, you can bypass the government censorship and blocks, because you’ll be connecting to the Internet through a server in another country which doesn’t have Internet content censorship laws. You can access and stream content from popular streaming services.
- Secure public wifi networks. A VPN’s primary function is security and privacy protection. It comes in particularly handy when you’re faced with using public wifi in airports or cafes.
- Torrenting. Being caught while torrenting can lead to legal issues, which is why many torrenters use VPNs to hide their IP address and protect their identity.
- Gaming. A VPN for gamers can up your online gaming experience, helping avoid cyberattacks as well as improve performance.
- Shopping. With a VPN, you get more flexibility with online purchases. A VPN will prevent you from falling prey to price discrimination – the practice of charging a different price for the same goods or services depending on your location. Also, you can access different local store versions by changing your virtual location with a VPN.
Popular questions about a VPN
We did our research and selected the most popular questions people ask about VPNs. Save your time – we got you the answers. Here we listed some of the key things people want to know about VPNs.
Are VPNs legal?
Yes, VPNs are legal in most countries around the world. However, some governments, such as Russia’s or China’s, restrict the use of VPNs. Hence, you need to take this into consideration when using a VPN in those VPN-sensitive regions.
Does VPN slow down the Internet?
Technically – yes. A VPN can slow down your Internet connection, as there’s an extra step in the process – Internet traffic going through a VPN server. On the bright side, the impact won’t be noticeable if you use a premium VPN.
Are VPNs safe?
In most cases, yes. Using a top-class VPN ensures online security and comes with many great benefits, such as bypassing censorship and accessing geo-restricted content. However, free VPNs might not be as safe and private as premium because of the tendency of selling data to third parties.
Are VPNs worth it?
Yes, a quality VPN keeps your data safe and protects your online anonymity. A VPN is an ideal solution whether you want to access geo-restricted content, integrate an extra layer of privacy, improve your torrenting or gaming experience, or safely use a public network.
There are no perfect cybersecurity products, and using a VPN comes with some risks as well. Here are some potential VPN vulnerabilities that you should be aware of:
- Some VPN services still use outdated protocols with known vulnerabilities. That is why most leading providers have phased out the Point-to-Point Tunneling Protocol (PPTP).
- Hackers can impersonate VPN servers and intercept your data if your VPN is insecure.
- Your real IP address can leak if a VPN server goes down while you’re connected and compromise your privacy. Premium VPNs offer kill switch features to disable your Internet connection when the VPN drops.
- Your data is probably being sold if a VPN service is free. Think about it: the maintenance of server fleets costs money. Hence, when the service is free, the money has to come from somewhere. In many cases, the VPN is collecting your data and selling it off to third parties.
- Some VPNs log user data, even though the logging may not be extensive. There have been instances of several VPN providers handing over user data to governments when asked. That’s why it’s important to make sure that your chosen provider is a no-logs VPN.
- VPN doesn’t protect your from malware. For enhanced protection from viruses, malware, trojans, or bots, you should use antivirus software. Some premium VPN providers, such as NordVPN or Surfshark, offer antivirus or ad blocker features that can serve you well in this case.
What to look for when choosing a VPN?
VPN services are not made equal. Some of them have more features, better security measures. Others have completed third-party audits that add credibility to their transparency claims. When choosing a VPN service, you’re making a conscious decision to trust a company with your data. The least you could do is invest time in some research.
Here are a few things to look out for:
Even if you’re just looking for a VPN to unblock Netflix, the service’s reputation is essential. Your privacy is important and you should never trade it.
Unfortunately, it can be challenging to know what VPN services are up to behind closed doors. Yet if a VPN provider has been caught red-handed giving away user data or bending the truth about their services – that’s a good way to know which VPN not to choose.
Where a VPN operates from matters. Some countries require VPNs to collect user data whereas others have harsh copyright laws. As a user of such a VPN, you run the risk of letting your data get into the wrong hands.
The Edward Snowden leaks shed light on the scope of surveillance around the globe. If you think that living outside of the US makes you safe against the NSA and you’ll have nothing to worry about, think again. The surveillance alliance known colloquially as the 14-Eyes shares intelligence data on each other’s citizens. And they’re not even the worst of the bunch.
#3 Anonymous payment options
You are as anonymous as your method of payment. Paying with a credit card leaves records not only on your banking statement but in the company’s accounting logs. It never hurts to check if your chosen service supports payments via cryptocurrency, prepaid cards, or other options. As a rule of thumb, the less personal information you provide, the better the service is for your privacy.
#4 Technical specifications
Encryption, reliable tunneling protocols, leak protection, speed, a kill switch – all of these are necessary for a secure VPN. The provider can be very transparent, but if they don’t have the tech to provide privacy and security, you’re going to have a bad time.
As there are hundreds of VPN services to choose from, picking the best one might seem like a daunting task. Luckily, there are a few ways to distinguish the good from the bad. Here’s what you need to look for in a quality VPN:
- Tunneling protocols. Not all VPN protocols were created equal. Some, like PPTP, are downright outdated. So, when choosing your VPN, look for fast and secure protocols like OpenVPN, IKEv2, and WireGuard.
- Server list. It comes without saying that you should pick a VPN that offers servers in the country you want to connect to. However, a broader coverage is always better in general, as the servers won’t be as crowded. You should also look for servers near you for a faster connection.
- Logging policy. Always read the logging policy of the VPN you’re about to download. Look for a service that doesn’t keep any personal logs. Also, it’s better when the logging policy is audited by an independent third-party.
- Streaming and torrenting. Not all VPN services are able to unblock various streaming platforms like Netflix. Similarly, not all VPNs support torrenting. Keep this in mind when looking for your perfect VPN – usually, reading a couple of reviews will give you the gist of whether the VPN will suit your needs.
- Apps and devices. Whether you use Windows, macOS, iOS, Android, or Linux, it’s a good idea to check whether a VPN offers a good application for your operating system. Some VPNs also support routers, smart TVs, and gaming consoles.
How to set up a VPN connection
The complexity of setting up a VPN connection depends on whether you are using a VPN app, or attempting to manually configure VPN files on your chosen device.
Using a VPN app is usually pretty simple and straightforward, while manual setup and installation on routers or devices that don’t necessarily support VPNs require some technical knowledge.
Set up a VPN on your device
Setting up a VPN on a device such as Windows or Mac computers, as well as iPhone or iPad, or Android devices is very simple, because most VPN providers have dedicated apps for them. Here’s how to set up a VPN on your device:
- Purchase a VPN subscription. NordVPN has apps for all major operating systems and some other devices as well.
- Download the app and follow installation instructions.
- Open the app and connect to a VPN server.
Set up a VPN manually
Most devices have built-in VPNs that you can configure to your liking. However, they might not support certain tunneling protocols such as WireGuard or OpenVPN, or you might not be able to choose from a variety of locations.
Besides that, setting up a VPN manually requires certain additional knowledge. Built-in VPNs also might not be as secure as the third-party VPN providers.
Nevertheless, if you’d like to try this, we suggest taking a look at our extensive guide on how to manually set up a VPN on different devices.
Install a VPN on your router
Installing a VPN on your router is the best way to set up a VPN connection for devices that don’t support VPNs, or if you want to protect your whole home network.
The process of setting up a VPN on a router is more complicated than manually setting it up on a device that already supports VPNs. Besides, not all routers support VPNs either. You won’t be able to install a VPN on most ISP-issued routers or older models.
As setting up a VPN on your router requires some technical knowledge and focus, we suggest you take a look at our guide on how to install a VPN on your router.
What is a VPN client?
A VPN client (or a VPN app) is the software on your device that communicates with a VPN server, establishes the connection, and encrypts data.
How does a VPN client work?
A VPN app (or client) is where you control your VPN experience: which server to connect to, which tunneling protocol to use, or which features to activate. Most VPN service providers have apps for Windows, macOS, Android, iOS, Linux, Amazon Fire TV, and other devices and operating systems.
That said, you can also use a VPN without a custom VPN app. All major operating systems offer VPN functionality in some form. For example, you can set up a VPN connection through your networking settings on Windows.
You can also set up a VPN client on your wifi router by following instructions from your VPN provider.
What is a VPN server?
A VPN server is what enables users to use the VPN service in the first place. It is a combination of VPN hardware, such as physical servers stored in physical places, and VPN software.
The top providers have hundreds or even thousands of servers scattered across the globe. The further the VPN server is from the user’s real location, the worse the performance will be, so servers in various locations are important for better performance. On top of that, the more locations a provider has servers in, the more virtual locations a user can connect to without actually having to move.
Some providers also use diskless, RAM-only servers. These are the kind of servers that have no external storage, and any data that’s on them gets wiped clean with every server reboot. VPN providers choose RAM-only servers to ensure complete user privacy and comply with their no-logs policies.
What does a VPN server do?
A VPN server forwards your Internet traffic to the destination server and returns the response to you.
When you connect to a VPN server, your IP address changes, and so does your virtual location. Thus, the websites that you visit will assume that you’re based in the VPN servers’ country. This is especially useful for bypassing geo-restrictions and various other content blocks and Internet censorship.
By contrast, if you’re not connecting through a VPN server, the owner of any website you visit will know your real IP address and your location. You may want to avoid this for privacy reasons, as well as certain content restrictions. Some websites and services are available only in specific locations, or have local versions.
What is VPN encryption?
VPN encryption is a process of making the data traveling between a device and a VPN server unreadable to anyone without an encryption key, namely other devices.
VPN tunnels that go from your device to the VPN service provider’s server are also secured by using encryption.
VPN encrypts all of your Internet traffic, including your browser, torrent, messaging app traffic, or whatever else you may be doing on the internet. No one will be able to see or intercept your online activities because of VPN encryption
Although encryption slows down your connection a little, it does not interfere with your ability to connect to the Internet. It simply makes it impossible for someone to reveal network exchanges.
How does VPN encryption work?
Your data is encrypted all throughout the transferring process between a device and a VPN server. It gets deciphered only at the endpoint – when leaving the VPN tunnel and entering your device.
VPNs use three types of cryptography: symmetric encryption, asymmetric encryption, and hashing. Here’s how VPN encryption works:
- When you connect to a VPN server, the connection performs a “handshake” between a VPN client and a VPN server. During this step, hashing is used to authenticate that the user is interacting with a real VPN server, and asymmetric encryption is used to exchange symmetric encryption keys.A few popular examples of asymmetric (or public key) protocols used at this stage are RSA or Diffie-Hellman.
- Once the handshake is successful, symmetric encryption is used to encrypt all data passing between the user and the VPN server. The most common symmetric encryption cipher used by VPNs is AES (specifically, AES-256).
Most top VPN services rely on the Advanced Encryption Standard (AES) cipher to seal the data that goes through – the same type of encryption that financial and government institutions use.
What is AES-256?
AES-256 stands for Advanced Encryption Standard using 256-bit integers to process data. It is a symmetric key encryption algorithm for encryption and decryption. Generally, it’s considered the gold standard of modern encryption. VPNs use it to create a safe tunnel for your private data exchanges.
You might see weaker AES standards like AES-128. This simply implies that the cryptographic key is shorter and easier (although still virtually impossible) to “brute force.” As a rule of thumb, the longer the encryption key, the more potential combinations, which would take longer to crack. It’s the same principle as using a longer password means it’s harder to guess.
On the flip side, a longer encryption key means slower connections because the encryption and decryption take longer.
In the wild, you will most often find three variations of AES: AES-128, AES-192, and AES-256. Additionally, you may encounter different modes of operation, such as AES-256-GCM or AES-256-CBC.
Not all tunneling protocols support this kind of encryption. For example, PPTP uses the much weaker MPPE cipher, whereas the new WireGuard protocol primarily uses ChaCha20.
What is VPN tunneling?
A VPN tunnel is an encrypted link that connects your computer or mobile device to an external network. A VPN tunnel, which stands for Virtual Private Network tunnel, can be used to conceal your online activity.
How does VPN tunneling work?
To connect to the Internet via a VPN tunnel, you must first sign up with a Virtual Private Network (VPN) service. The VPN is essential for concealing your IP address and protecting your online activity from prying eyes.
Once you connect to your chosen server, a VPN tunnel will be established. Without it, your ISP sees your online activities, but this is impossible after you connect to a VPN server. That's because of the encryption and hidden IP address.
The VPN tunnel channels your traffic through to a VPN server, hiding your IP. Without the IP, there's no way to tell your location.
Types of VPN
There are several different types of a VPN. We put up a concise overview of each of the VPN type for you to have a better understanding what divides VPN into different categories.
The main types of a VPN are:
Remote access VPN
A remote access VPN allows you to connect to a private network, such as your company's office network, via the Internet.
The Internet is an untrustworthy communication channel. VPN encryption is used to protect and secure data as it travels to and from the private network.
A personal VPN service links you to a VPN server, which functions as a between link for your device and the Internet services you want to use.
A personal VPN encrypts your connection, hides your identity online, and allows you to spoof your geographic location.
A virtual private network (VPN) that connects two or more networks, such as a corporate network and a branch office network, is known as a site-to-site VPN.
Site-to-site VPNs are widely used by businesses with various offices in different geographic areas that require continuous access to and use of the corporate network.
The primary function of a VPN protocol or tunneling protocol is to establish a safe tunnel between your device and the VPN server. When a VPN connects to a VPN server, it creates a tunnel to send data. The protocol used to create this connection determines how your data is sent through the network.
Some protocols are more secure, some are faster, some are better on mobile devices or older PCs, some are better at bypassing firewalls, and some are just outdated.
Common VPN protocols
Most VPN providers didn’t develop the protocols themselves but merely implemented the technology in their apps. Here are the most common protocols that you could find in most VPN clients:
- IKEv2. It stands for Internet Key Exchange version 2. It mainly handles request and response confirmations. For authentication, IPSec is also often used together with IKEv2 (IKEv2/IPSec). This protocol is very efficient on an unreliable connection. IKEv2 effectively reestablishes after a connection loss. It’s also one of the fastest, most used tunneling protocols on mobile devices because it can easily switch between wireless to cellular connection, and vice versa.
- OpenVPN. By far the most common tunneling protocol on desktop apps. This is an open-source protocol based on OpenSSL. It comes in two types – TCP and UDP.
- UDP. It’s the User Datagram Protocol. It is much faster because it doesn’t allow the recipient to resend data requests. This means less verification of data integrity, which allows for more rapid exchanges, hence better speeds.
- TCP. It’s the Transmission Control Protocol. It allows multiple data verifications, so the processing time may be slower, limiting your Internet speed. Use UDP on the networks you can trust, while TCP will be better on public wifi hotspots.
- L2TP/IPSec. On its own, L2TP doesn’t provide any encryption. Its job is request and response confirmations. Encryption enters the arena with IPSec, which is often used in conjunction. There are many discussions about whether this protocol is secure because it was co-developed with the NSA. The Edward Snowden leaks seemed to imply that the NSA may have backdoors to access L2TP/IPSec traffic.
- WireGuard. This is the next-gen of tunneling protocols. It uses fewer lines of code, making it easier to audit, and squeezes the most out of your device’s processing power. It’s ideal for mobile devices and slower computers, has up-do-date encryption built-in, and offers reliable connections. WireGuard gives the best performance of any current VPN tunneling protocol.
- SSTP. Secure Socket Tunneling Protocol. Created by Microsoft, this protocol is not exclusive to Windows and provides a high level of encryption. While SSTP is very capable, there are concerns that Microsoft may have backdoors to access SSTP traffic.
- PPTP. Point to Point Tunneling Protocol. Developed in the late ’90s and the first to become widely available. This protocol relies on outdated encryption, which has become vulnerable to brute force attacks as computing power grew. As such, few VPN service providers currently offer this protocol.
Proprietary VPN protocols
Some VPN service providers have developed their own tunneling protocols:
- Catapult Hydra – developed for the Hotspot Shield VPN service. The company claims that this protocol allows the service to achieve much better connection speeds than using standard tunneling protocols. Whether due to Catapult Hydra or other reasons, Hotspot Shield has always been among the fastest VPNs.
- NordLynx – only available on NordVPN. NordLynx is a modified version of WireGuard, solving potential security issues while keeping the performance intact.
- Lightway – only available on ExpressVPN. It uses an open-source implementation of Transport Layer Security (TLS), wolfSSL. Its goal is to be as lightweight as possible, aiming for ease of maintenance and high performance.
Best VPN deals this week:
What is VPN used for?
VPN is mostly used to stay private online, hide your online activities, bypass geo-restrictions and access various blocked content, as well as securely use public wifi networks and enhance security by staying anonymous with encrypted traffic.
Can VPN steal my data?
Theoretically, yes, a VPN provider can steal your data. However, many top VPNs operate under no-logging policies, meaning they don’t collect your information. And if they do, then maybe they’re not that good anyway.
How much does a VPN cost?
A monthly VPN subscription costs between $5-12 on average, and an annual subscription is between $3-8 per month. Most VPN prices depend on the duration of your subscription. If you subscribe for more extended periods, you pay less per month, and the longer the subscription period, the lower the price.
Can a VPN see my passwords?
No, a VPN most likely can’t see your passwords. That would be possible only in cases when a website uses HTTP, so you should avoid typing out your login credentials on such websites anyway. Luckily, most websites use HTTPS, which encrypts your data and makes stealing your password impossible.
How does a VPN increase your security?
VPN increases your security by hiding your real IP address, hiding the IP address of a website or service that you are using from your ISP, and securing your connection by using encryption. These measures make a VPN one of the best cybersecurity and online privacy tools.
Can you be tracked with a VPN?
It’s very difficult to track a person who uses a VPN. However, there are ways of tracking your online activity even when you use a VPN: cookies, digital fingerprinting, DNS leaks, malware, and doxxing. So while a VPN is an excellent privacy tool, it does not completely eliminate tracking risks.
Can a VPN be hacked?
Technically – yes. Even though a VPN remains to be one of the most effective ways to ensure your security, VPN’s encryption can be broken through various technical vulnerabilities. Alternatively, a VPN can be hacked by stealing a key. To avoid your VPN being hacked, we recommend using only top-tier VPN providers.
Is it ok to leave VPN on all the time?
Yes. In order to protect your online identity against cyber threats and data leaks, you should keep your VPN connection on at all times. A VPN hides your real IP address, making sure you’re protected from ISP throttling, snoopers, or when browsing on public wifi.
How to check if a VPN is working?
You can simply test if you’re VPN is working or not by checking whether your original IP address has been hidden and changed on the IP address checker online. A functional VPN will hide your original IP address given to you by ISP.