If you’re interested in digital security and privacy, you’ve probably heard about VPNs. Yet many people I talk to are confused about what a VPN is, whether they should use one, and which one to use. I’m here to explain what a VPN is, when you should use one to protect your security and privacy, and how to choose one.
Note: this page contains affiliate links. Please see Affiliate Disclosure.
Imagine you’re in second grade. You want to send a secret note to a friend across the classroom. You write your message on a piece of paper, then fold it in half. There are five kids between you and your friend. Do you dare pass it across the room?
That scenario is similar to unencrypted network communication. If you browse to an unencrypted website (if the address starts with http:// rather than https://), the traffic you send and receive can be seen (and stored) by anyone between you and the web server.
This problem has become much greater with the massive increase in public Wi-Fi. When you’re sitting in a coffee shop, you’re sharing the Wi-Fi network with several others. When you’re in a hotel, conference venue, or other large gathering, you could be sharing the Wi-Fi with hundreds of others. Any one of them could be monitoring, collecting, and maybe even altering network traffic.
If you’re using an encrypted (HTTPS) website, the data you send and receive is encrypted, but your ISP (Internet Service Provider, such as Comcast or Spectrum) and others may still be able to see (and store) your DNS requests and other data, so they’d know that you browsed certain domains. For example, they can see that you browsed to DefendingDigital.com, but they can’t see which pages you read. Also, some websites encrypt the login page, but not the rest of the site. That will protect your username and password, but any data you send to and receive from the site after that will be visible to eavesdroppers.
I’ve been talking about browsing websites, but there’s a lot more we do online than browse websites. Think of the programs on your computer, or the apps on your mobile. You usually can’t tell if those are using encrypted connections, and many times, they aren’t. That means that here too your data could be seen by others using the shared Wi-Fi.
Videos that Demonstrate Public Wi-Fi Dangers
How to Increase Your Security & Privacy
Let’s go back to the second grade classroom. Imagine that this time you write your message in a secret code. You then drop it into a long, clear tube, and the note slides down the tube past your classmates, and lands on your friend’s desk. When your friend gets the note, they pull out a decoder that allows them to read your message. Even if your classmates look through the tube and see your note, it looks like gibberish. This is similar to what a VPN (Virtual Private Network) does.
What is a VPN?
A VPN sends your device’s Internet traffic through an encrypted tunnel between your device and the VPN service provider, so that no one between can see the traffic. That includes other people using the shared Wi-Fi, the ISP, and other parties that are between you and the VPN server you’re connected to. The VPN acts as a middleman, connecting you to the public Internet, giving you increased security and privacy.
Your VPN provider will have several exit nodes, which are the places that its servers connect to the public Internet. Your traffic beyond those exit nodes will traverse the Internet normally (the way it would if you weren’t using a VPN). If the traffic would normally be encrypted, it still will be. If it would normally be unencrypted, it still will be. If you need end-to-end encryption, you need to use sites and apps that use HTTPS or other end-to-end encryption, such as a secure messenger.
When you use a VPN, websites see you as having the IP (Internet Protocol) address of the VPN provider, rather than the IP address you’d normally have without a VPN. So when websites try to read your location, they’ll be inaccurate. If you use a VPN server that’s located outside your country, you may deal with website restrictions, especially related to streaming media or downloadable media, because such sites are often geographically restricted. If this is a concern, you may want to choose a VPN service that has servers in your country, and maybe even your state/province.
Because of how a VPN acts as a middleman, routing your traffic to potentially distant locations, you may notice a delay when using a VPN. That delay will vary based on the location of the VPN’s servers, and the plan you’re using.
Some websites are suspicious of VPN users (because VPNs can be used by people with malicious intent), so sites may challenge you with CAPTCHAs and other methods more frequently.
There are many VPN providers, which I’ll discuss in a couple minutes. Some have free options, which are usually limited.
To use a VPN, you install the VPN provider’s app on any device you need it, whether computer, tablet, or phone. Or, you configure the VPN settings in your device. Some routers can be set to use a VPN and route an entire home’s traffic through the VPN.
This FBI video briefly explains what a VPN is, and what to look for in a VPN provider:
When Should You Use a VPN?
There are several scenarios in which you should use a VPN.
You should use a VPN whenever you’re using someone else’s network (wired or Wi-Fi). In other words, when you’re not using your home Internet connection or your mobile/cellular data. You may use your mobile data directly through your mobile, or by connecting your computer to a mobile hotspot, or by tethering your computer to your phone).
If you’re concerned about your employer monitoring you, you can use a VPN at work. But, first ensure that this isn’t against your employer’s IT policies, or you could get into trouble (even legal trouble).
If you’re concerned about your ISP monitoring you, whether that’s your ISP at home, or your mobile data provider, you should use a VPN whenever you’re connected to that ISP.
Are you safe to use shared Wi-Fi without a VPN as long as you only browse HTTPS sites? Not completely, because even when you browse HTTPS sites, the data you send and receive is encrypted, but your ISP and others may still be able to see your DNS requests and possibly other data, so they’d know that you browsed certain domains, even if they can’t see what you looked at on those domains. Also, it’s easy for you to tell when websites use HTTPS, but it’s not always easy to tell if programs and apps are encrypting their connections. If they’re not, that traffic could be easily eavesdropped.
Which VPN Should You Use?
Because your VPN has the ability, if they choose, to see all the network traffic you send through it, you need to trust it! Look for ratings, reviews, and recommendations from digital security and privacy experts.
Questions to Ask When Considering VPN Options
- What is the VPN provider’s reputation for security and privacy?
- Does the VPN provider keep traffic or connection logs? If the provider’s policies say they make data available to law enforcement, that means they log.
- Where are the exit nodes located?
- How fast is the VPN connection?
- How much data can you use each month?
- How many devices can you use on your account?
- What is the reliability?
- What happens when the VPN is unavailable? Will your device send traffic straight to the Internet (fail open), or will it completely stop sending and receiving traffic (fail closed)?
- What is the cost of the VPN service?
I like ProtonVPN. It has a free plan that has “Medium” speed (whereas their paid plans have “High” speed). Users of the free plan are put on separate servers that tend to be heavily used, though I’ve only had a few times that they’ve been so full that I need to switch to a different server. ProtonVPN is recommended by a few digital security and privacy experts I follow.
I also like Private Internet Access (PIA), which is also recommended by a few digital security and privacy experts I follow.
There are many other options. Some I’ve seen recommended by the digital security and privacy experts I follow:
You can find lists of VPN providers in the Additional Resources section below.
- How to Choose a VPN for Digital Privacy and Security (consumerreports.org)
- VPN Services for Privacy and Security (privacytools.io)
- Detailed VPN Comparison (thatoneprivacysite.net)
What You Should Do
- Think about how you use the Internet. From what locations do you access it? From what devices?
- Research the VPN options that fit the use cases you’ve identified. Use the resources in the Additional Resources section above. See also the Questions to Ask When Considering VPN Options above. I like ProtonVPN and Private Internet Access (PIA).
- Sign up for the VPN service you selected.
- Install the VPN provider’s app on any device you need it, whether computer, tablet, or phone. Or, configure the VPN settings in your device.
- Whenever you’re not using your home Internet connection or your mobile/cellular data, activate your VPN. When you no longer need it, you can deactivate it.