It might sound paranoid to say you should use a virtual private network (VPN) as often as possible, but there are real threats to your privacy. Whenever you connect to the internet, your internet service provider (ISP) has access to everything you send and has been given the green light from Congress to sell your anonymized information to advertisers. If Coronavirus has forced you to start using public Wi-Fi, unscrupulous individuals can attempt to intercept your web traffic. Out on the wide-open internet, advertisers can track your movements between websites and discern your location by peeking at your IP address. And don’t forget what three-letter government agencies may be up to—it’s scary out there!
The fact is that the internet was created for easy information exchange, not user privacy, anonymization, or encrypted communication. While HTTPS goes a long way toward protecting your information, it doesn’t guard against all ills. Unless and until a new, more private internet comes together—don’t hold your breath—using a VPN is the easiest way to make sure that you’re sharing as little information as possible.
What a VPN Does and Does Not Do
As with any security tool, it’s important to understand the limitations of a VPN. After all, you wouldn’t expect a Kevlar vest to save you from falling out of an airplane or a parachute to stop a bullet.
When you switch on a VPN, your traffic is routed through an encrypted tunnel to a server operated by the VPN company. That means that your ISP and anything (or anyone) connected to your router won’t be able to see your web traffic. From the VPN’s server, your traffic exits onto the public internet.
Because your traffic appears to come from the VPN’s server, your actual IP address is effectively hidden. That’s important, because IP addresses are distributed geographically and can be used to find your rough location. This can come in handy if you want to spoof your location. By connecting to a VPN server in London, you can make it appear as if you were accessing the internet from the UK.
What a VPN won’t do is completely anonymize your traffic. For that, you’ll want to use the free Tor anonymization network. Instead of just piping your data through a single intermediary (such as a VPN server) Tor bounces your data through several different volunteer computers. This makes it much harder for someone trying to track your activities to see what you’re up to, but note that it will also slow down your web traffic in the process.
Additionally, websites can track your movements through cookies, browser fingerprinting, online trackers, and other tricky tools. Using an ad-blocker such as Privacy Badger and a privacy respecting browser such as Firefox helps suppress these ever-watchful nasties and can make it much harder for advertisers to follow your movements across the web.
Finally, just because you have a VPN doesn’t mean you can forget about the security basics. While some VPN services claim they can block malware, we recommend standalone antivirus software for your computer, because these tools are designed specifically to protect your computer from malicious software. You can protect against password breaches by using a password manager, because recycled passwords are a major point of failure. We’re particularly fond of Dashlane and Keeper password managers. While you’re locking down your passwords, be sure to switch on two-factor authentication wherever possible.
How to Choose a VPN
When we review VPNs, there are a few key metrics we look for. For one, a VPN service should allow you to connect at least five devices simultaneously. The best services now easily surpass this requirement. Another is whether or not the VPN service allows BitTorrent or P2P traffic on its servers—if you’re planning to use either of these technologies. Nearly VPNs allow them on at least some of their servers, but you don’t want to run afoul of the company to which you’re paying a monthly fee.
Speaking of fees, the average cost of a top-rated VPN service is $10.21 per month. A VPN service that is charging more per month isn’t necessarily ripping you off, but it should offer something significant, such as a great interface or lots of server locations to sweeten the deal.
You can usually get a discount if you buy longer-term contracts. The average price of an annual VPN subscription, for example, is $71.58. However, we recommend avoiding long commitments until you’re certain that you’re happy with the service. Start instead with a short-term subscription or, better yet, a free subscription so you can test a VPN in your own home.
It’s also useful to know where a VPN company is based. Keep in mind that this isn’t always the physical location of the business, but a legal distinction that outlines what jurisdiction the company operates under. NordVPN, for example, is in Panama, while ProtonVPN is in Switzerland. The local laws mean that these companies are not beholden to data retention laws, which would require them to hold on to certain information that could be obtained by law enforcement.
Many readers are concerned about the impact VPNs will have on their internet speeds. At PCMag, we perform extensive speed testing to determine the fastest VPN. That said, we don’t believe speed should be the primary factor when choosing a VPN. There’s so much variation in performance that a service with top scores today could be very slow tomorrow. We recommend testing a service on your home network to see for yourself how it performs—with the understanding that there’s always going to be a performance cost, one that may vary from day to day.
The most important thing about a VPN is trust. If the location, pricing, or terms of service don’t fill you with confidence, try another service. In all our VPN reviews, we make sure to report on all of these issues and highlight anything we think is confusing or problematic.
What About Free VPNs?
Worthwhile free VPNs are rare, but they do exist. Many VPN services offer a free trial, but it’s usually for a limited time. Others, like TunnelBear and Hotspot Shield, have totally free versions but reserve some features for paid users. ProtonVPN is our top choice for free VPNs, because it places no data limitation on free users.
Unfortunately, most VPNs are a far cry from free, but you don’t need to break the bank to get protected. After trying out a service for a month or two, you can save more by purchasing longer-term contracts. Our list of cheap VPNs is a great place to start if money is tight.
Getting Started With a VPN
Once you’ve settled on a service, the first thing to do is to download the company’s app. There’s usually a Downloads page for this on the VPN service’s website. Go ahead and download the apps for your mobile devices as well: You’ll want to protect as many of your devices as you can. If the VPN service you’re considering doesn’t offer an app for the devices you use, consider finding a different service.
We have found that when releasing VPNs for Mac, companies occasionally have different versions available in the Mac App Store and on the company website. This appears to be for compliance with restrictions imposed by Apple. Figuring out which will work for you can be tricky, so be sure to read the company’s documentation carefully.
Once you’ve installed the apps, you’re usually prompted to enter your login information. In most cases, this is the username and password you created when you signed up for the service. Some companies, such as IVPN, Mullvad, and ExpressVPN have unusual login systems that provide customers with more privacy but can be confusing at first. Be sure to read the instructions carefully.
Once you’re logged in, your VPN app usually connects to the VPN server closest to your current location. That’s done to provide better speeds when using the VPN, as performance degrades the farther the VPN server is from your actual location. That’s it: Your information is now being securely tunneled to the VPN server.
Note that you do not have to install the VPN company’s app. Instead, you can configure your device’s network settings to connect directly to the VPN service. If you’re concerned about the potential for surveillance within app ecosystems, this might be a good option for you. Most VPN services will have documentation on how to configure your device. That said, we discourage most users from going down this path. Manual configuration means you’ll have to manually update the server information on your computer. You also won’t be able to access any of the other features provided by the VPN service that you’re already paying for. See our story on How to Set Up a VPN in Windows 10 for a deeper dive.
How to Choose the Right VPN Server
Sometimes you might not want to be connected to the server the VPN app recommends. Perhaps you want to spoof your location, use BitTorrent via VPN, or take advantage of custom servers. Or maybe the server the app recommends just doesn’t work or is very slow. Whatever the reason, the best VPNs will let you quickly and easily jump to a different VPN server.
Sometimes, VPN apps present their servers in lengthy menus or pull-down lists. The best VPN services will include search bars and highlight servers for specific activities—such as streaming and BitTorrenting. Many VPN companies include an interactive map as part of their app. TunnelBear and NordVPN, for example, let you click on countries to connect to servers there.
Netflix block VPNs. At issue are the licensing deals Netflix secures with studios, which provide different content for different regions.
Other services like NordVPN, Surfshark VPN, and ProtonVPN have enhanced security options, such as access to Tor or multihop VPNs. Tor, as mentioned above, is a way to better protect your privacy, and it lets you access hidden websites on the so-called dark web. Multihop VPN is similar: Instead of just routing your traffic through a single VPN server, a multihop connection tunnels you to one server and then another. Both of these offerings trade speed for enhanced privacy.
Advanced VPN Settings
The set of features in each VPN varies from service to service, so we can only generalize about what you might see when you open the VPN Settings. But we encourage you to read through the documentation and try clicking some buttons. The best way to learn a tool is to use it, after all.
Most VPN services include some kind of Kill Switch feature, which prevents your computer from transmitting or receiving information if the VPN becomes disconnected. It’s useful for preventing little bits of data sneaking through unencrypted. If you suddenly find that the internet has cut out, check to see if your VPN’s Kill Switch has been tripped.
Most services offer an option to select a VPN protocol. This can be intimidating, since they have weird names and companies rarely provide information about what these are, and what changing the protocol will do. In general, this is something you can leave alone.
If you’re interested, though, WireGuard is the latest VPN protocol. It’s open source, boasts the newest encryption technology, and appears to be faster than other protocols. OpenVPN and IKEv2 are also good choices. Note that your ability to manually select a protocol, and the protocols available, may vary depending on the device you’re using.
When Should I Use a VPN?
For the best security, you should use a VPN as often as possible, whether you’re using public Wi-Fi or working from home—all the time, ideally. But that’s an aspirational goal, and it’s not always achievable. If your VPN is causing problems and you need to switch if off, don’t beat yourself up. At minimum, you should use a VPN whenever you’re using a network you don’t control, and especially if it’s a public Wi-Fi network.
VPNs for Android and iPhones are a little trickier, particularly if you frequently move in and out of cellphone coverage. Each time you lose and regain data connectivity, the VPN has to reconnect, which adds a frustrating wait. It’s also just less likely that your cell traffic can be intercepted by bad guys, but we’ve seen researchers prove that it can be done.
Most mobile devices can automatically connect to any familiar looking Wi-Fi network. That’s out of convenience to you, but it’s trivially simple to impersonate a Wi-Fi network. Your phone may be connecting to a digital honeypot without you even realizing it. At minimum, you should use a VPN when connecting via Wi-Fi to keep your data safe, even if your device falls for an attack like this one.
Split-Tunneling Is the Best of Both Worlds
If you’re concerned about VPNs slowing your connections or blocking important traffic, you should take a look at split-tunneling options. Names for this feature vary by company, but the gist is that you can decide which apps use the VPN for their traffic and which apps can transmit without the VPN. TunnelBear, for example, includes an option to not tunnel any Apple apps, to ensure they function properly on a Mac. Frequent video streamers and gamers in need of a VPN may want to look into this as an option.
Split-tunneling may also help when you’re trying to stream media from your device via Chromecast and AirPlay. These devices are looking for data coming from the same network they are connected to, not from a VPN server.
major headache for the average person.
VPNs Aren’t Rocket Science
Too many of you aren’t using a VPN, and maybe that’s because they seem like arcane security tools. Fortunately, many providers have worked hard to make them friendly and easy to use. Most are now set-and-forget security tools, as they should be. A VPN is one of the best and easiest ways to guard your web traffic from, well, just about everyone.