This 20-part (5,000 word) VPN guide gives you everything you need to know about Virtual Private Networks, and it’s regularly updated with new information.
With the continual erosion of online privacy and an alarming number of security threats, more people than ever are turning to VPN services.
A VPN – or Virtual Private Network – is the ultimate tool to maximize your online privacy and freedom. A good VPN service allows you to:
- Appear to be anywhere in the world by replacing your IP address and location with that of the VPN server.
- Restore your privacy by encrypting your internet traffic and thereby making it unreadable to third parties, such as your internet provider, network admin, or surveillance agencies.
- Secure your devices from hackers, attacks, and the risks of public WiFi networks.
- Unblock restricted content no matter where you are located in the world.
Aside from security and privacy concerns, two other factors driving VPN usage are content restrictions and blocked websites. From China to the UK and North America, more people than ever are using VPNs to have a safe, secure, private, and unrestricted online experience.
Table of contents – Here are the topics we’ll cover in this 20-part VPN guide.
- What is a VPN
- How a VPN works
- Why use a VPN
- Are VPNs safe?
- Are VPNs legal?
- How do I set up a VPN
- Why a VPN is necessary for online privacy
- Will a VPN make me 100% Anonymous?
- VPN protocols and encryption
- VPN logs – different types
- VPN performance and speed
- Can you use a VPN for streaming?
- Can you use a VPN for torrenting?
- VPNs on Android and iOS devices
- VPN on a router
- VPNs and Tor
- VPN leaks and kill switches
- How to defeat VPN blocks
- Which VPN is best for you
- The future of VPNs
What is a VPN?
A VPN is a Virtual Private Network. It allows you to access the internet with more security and privacy, while also giving you the ability to get around censorship or content restrictions. In this guide we will discuss the following VPN terms:
- VPN client – Software that connects your computer/device to a VPN service. The terms ‘VPN client’ and ‘VPN app’ are used interchangeably.
- VPN protocol – A VPN protocol is basically a method by which a device creates a secured connection to a VPN server.
- VPN server – A single endpoint in a VPN network to which you can connect and encrypt your internet traffic.
- VPN service – For our purposes here, a VPN service is an entity that provides you with the ability to use their VPN network – they usually also provide VPN software, but not always. Access is usually sold via a subscription. The terms ‘VPN service’ and ‘VPN provider’ are used interchangeably.
Now we will get into the basics of how a VPN actually works.
How a VPN works
A VPN works by creating an encrypted connection between your computer/device and a VPN server. Think of this encrypted connection as a protected “tunnel” through which you can access everything online, while appearing to be in the location of the VPN server you are connected to. This gives you a high level online anonymity, provides you with added security, and allows you to access the entire internet without restrictions.
Without a VPN, everything you do online is traceable to your physical location and the device you are using via the device’s IP address. Every device that connects to the internet has a unique IP address – from your computer to your phone and tablet. By using a VPN, you will hide your true location and IP address, which will be replaced by the VPN server you are using.
Most VPN providers maintain servers all around the world. This gives you lots of connection possibilities and access to worldwide content.
After purchasing a VPN subscription and downloading the software for your device, you can instantly connect to any of these worldwide servers.
Now that you know how a VPN works, let’s cover the reasons for using one.
Why use a VPN?
Why are more and more people around the world using VPN services?
It really depends on your situation, but there are many different reasons to use a VPN:
- Surf the internet without revealing your real IP address and geo-location (online anonymity).
- Add an extra level of security by encrypting your internet connection.
- Prevent your Internet Service Provider (ISP), third parties, network admins, and governments from spying on your online activities (thanks to encryption).
- Unblock websites and access content that is restricted to certain geographic locations.
- Torrent, P2P download, and stream media (such as with a Kodi VPN service).
- Bypass censorship by easily getting around regional restrictions.
- Save money on flights and other online purchases by changing your IP address (geographic location).
- Protect yourself from hackers anywhere you go – especially while using public WiFi connections in cafés, hotels, and airports.
- Protect your private data, such as bank passwords, credit cards, photos, and other personal information when online.
- Surf the internet with peace of mind.
Now that we’ve covered why a VPN is used, we’ll move on to another question that many people have about VPNs.
Are VPNs safe?
As a general rule of thumb, VPNs are safe to use – as long as you are using a high-quality VPN service. But therein lies the catch.
There are currently over 300 VPNs on the market – even more when you consider all the random free VPN apps in the Apple and Google Play stores. Unfortunately, most VPN services – particularly the free VPNs – have flaws, bugs, and problems that pose a threat to your security and privacy.
In other words, there are very few high-quality VPNs that will keep you safe and protect you against data leaks on all your devices.
For example, one interesting study found that 84% of free Android VPN apps leak user data. While most people know that free VPNs should be avoided, there are still millions of people using these dangerous apps.
As I explained in my overview of free VPN services, there are many reasons to avoid free VPNs altogether:
- embedded malware (quite common with free VPN apps)
- hidden tracking (many popular VPN providers hide tracking in the apps to collect your data)
- third party access to your data
- stolen bandwidth
- browser hijacking
- traffic leaks (IP address leaks, DNS leaks)
- fraud (identity theft and financial fraud)
There are also a number of different VPN scams to avoid – from dubious “lifetime” VPN subscriptions to bogus features and fake reviews. As a general rule of thumb, you typically get what you pay for when it comes to VPN services.
Are VPNs legal?
Throughout the Western world the answer is yes, VPNs are absolutely legal to use for the purposes of online privacy and security. In fact, businesses every day use VPNs – and that will not change any time soon.
However, there are a few exceptions in places like the United Arab Emirates, where VPN use is currently restricted. Some Middle Eastern countries, such as Saudi Arabia and Iran, frown on the use of VPNs because these gives people access to everything online.
But even still, the laws in these countries generally doe not outlaw the VPN itself, but rather the use of a VPN to bypass the state censorship efforts.
This is also the case in China, where the government has been fortifying its “Great Firewall” to block VPNs and websites (but you can use the best VPN for China to get around these issues). Russia has also attempted to “ban” some VPNs – but these measures often fail, simply because VPN traffic can be hidden to look like regular HTTPS traffic. There are a few VPN providers that do quite well with obfuscating VPN traffic in their apps. These include ExpressVPN, VPN.ac, NordVPN, and VyprVPN.
Important note: VPNs are routinely used by businesses around the world for network security. Therefore you will likely never see an outright “ban” on all VPNs because they are absolutely necessary for both businesses and individual security.
But can’t people use VPNs to do bad things?
Of course, but you should think of VPNs like steel. Steel can be used for good purposes, such as bridges, buildings, and transportation. But it can also be used to build bombs, guns, and tanks, which harm people. Completely banning steel because it is sometimes used for bad purposes would be insane and stupid.
The same is true for encryption and VPNs. Banks, businesses, and any website that deals with sensitive data must use encryption technology every day to keep people (and their data) safe. VPNs and encryption are necessary tools that we all need to be using, even if a few people misuse this technology for their own reasons.
(Disclaimer: None of this is legal advice. Consult the laws of your country to verify what is/is not legal!)
How do I set up a VPN?
The exact instructions for setting up a VPN depends on the device you are using and the VPN service you will be connecting to. Most VPN providers – especially the ones recommended on this site – offer simple installation guides for all major operating systems and devices.
Here’s a general outline for how to set up a VPN:
- Choose a good, trustworthy VPN service (see my discussion of the best VPN services for the latest test results)
- After purchasing a VPN subscription, download the VPN software for the device / operating system you will be using.
- Once the VPN client is installed on your device, log in to the VPN service using your credentials (through the VPN app).
- Connect to a VPN server and enjoy using the internet with privacy and freedom.
Windows, Mac OS, Android, and iOS users also have the option of using the built-in VPN capability on their operating systems. This uses the IPSec/IKEv2 or IPSec/L2TP protocols, rather than OpenVPN, which requires the use of apps. You will need to import the VPN configuration files from your VPN provider if you want to go this route.
The most common way to use a VPN is through a VPN client (VPN app) offered by your VPN provider. This also gives you all of the features and full leak protection settings (recommended).
Why a VPN is necessary for online privacy
A good VPN can provide you with both online privacy and security.
Without a VPN, your internet service provider (ISP) can easily monitor and record your online activities: sites you visit, comments you make, social media interactions, preferences etc. Many countries now require internet providers to log user data and browsing activities. A VPN is the best solution to protect yourself against these privacy violations.
When using a VPN, your internet provider can only see that you’re online and connected to a VPN server. That’s it. Your information is encrypted and secured, which makes it unreadable to third parties.
With a VPN, public WiFi hotspots are once again safe to use, thanks to secure encryption that protects your data. Using public WiFi without a VPN is risky because hackers can exploit public wireless to steal your identity, credit cards, bank accounts, passwords, etc. A VPN will encrypt and protect this data from third parties and hackers.
Will a VPN make me 100% anonymous?
The short answer is no.
Given all the different ways someone can be de-anonymized online (particularly through browser fingerprinting), a VPN alone will not give you 100% anonymity. In fact, with the vast resources of surveillance agencies such as the NSA, it is probably very difficult to ever achieve 100% online anonymity.
On a positive note, however, there are simple steps you can take to further increase your online anonymity, beyond just using a VPN:
- Use a secure browser that protects against browser fingerprinting (your browser can reveal lots of information to third parties).
- Use a good ad blocker. Advertisements are basically tracking in disguise, collecting your activities online, profiling you, and then using that data to target you with better ads.
As you can see, a VPN is just one of many privacy tools you can use to attain more online privacy.
VPN protocols and encryption
Most commercial VPN services offer a variety of different VPN protocols you can use with the VPN app.
What exactly is a VPN protocol?
A VPN protocol is a set of instructions to establish a secure and encrypted connection between your device and a VPN server for the transmission of data.
Here are the most popular VPN protocols in use today:
- OpenVPN – OpenVPN remains the most popular and most secure VPN protocol that is used on all types of different devices. OpenVPN is an open-source project developed for multiple types of authentication methods. It is a very versatile protocol that can be used on many different devices, with a variety of features, and over any port with UDP or TCP. OpenVPN offers excellent performance and strong encryption using the OpenSSL library and TLS protocols.
- IKEv2/IPSec – Internet Protocol Security with Internet Key Exchange version 2 is a fast and secure VPN protocol. It is automatically pre-configured in many operating systems, such as Windows, Mac OS, and iOS. It works very well for re-establishing a connection, especially with mobile devices. The one downside is that IKEv2 was developed by Cisco and Microsoft and is not an open-source project, like OpenVPN. IKEv2/IPSec is a great choice for mobile users who want a fast, light-weight VPN that is secure and can quickly reconnect if the connection is temporarily lost.
- L2TP/IPSec – Layer 2 Tunneling Protocol with Internet Protocol Security is also a decent choice. This protocol is more secure than PPTP, but it does not always have the best speeds because data packets are double-encapsulated. It is commonly used with mobile devices and comes built-in on many operating systems.
- PPTP – Point-to-Point Tunneling Protocol is a basic, older VPN protocol that is built-in on many operating systems. Unfortunately, PPTP has known security vulnerabilities and is no longer considered a safe protocol for privacy and security reasons.
- WireGuard – WireGuard is a new and experimental protocol that aims to offer improved security and better performance in comparison to existing VPN protocols. While it remains under active development and has not yet been audited, there are a few VPN providers supporting it for testing purposes only.
Each VPN protocol has its own pros and cons. OpenVPN is the most popular and widely-recommended, because it is secure, open-source, and also offers good performance. But it also requires the use of third-party apps. L2TP/IKEv2 is also a secure protocol with excellent performance and it can be used natively on most operating systems (no apps required) – but it’s not open source.
As a general rule, most VPNs allow you to select the protocol you want to use within the VPN client. When using a VPN on mobile devices, you may be limited with VPN protocols, particularly with iOS devices that use IKEv2/IPSec.
AES (Advanced Encryption Standard) is one of the most common cryptographic ciphers in use today. Most VPNs utilize AES encryption with either a 128-bit or 256-bit key length. AES-128 is considered secure, even with the advances in quantum computing.
Here is an interesting quote from VPN.ac on AES and encryption and vulnerabilities:
OpenVPN 256-bit AES is kind of overkill, rather use AES 128-bit. We don’t expect anyone to go for AES cracking while there are weaker links in the chain, such as the RSA keys: how are they generated (good or poor entropy, online/offline generation, key storing on servers etc.). Therefore, AES-128 is a very good choice over AES-256 which is mostly used for marketing claims (“bigger is better”).
Aside from AES, there are other VPN ciphers, such as Blowfish and Camellia, although they are rarely offered by VPN services.
VPN logs – different types
When it comes to privacy, it’s good to pay attention to logs and logging policies.
Here are the different types of VPN logs:
- Usage (browsing) logs – These logs basically include everything you do online: browsing history, times, IP addresses, metadata, etc. Unless you are using a free VPN, your VPN service is most likely not maintaining usage logs.
- No logs – While there are many VPNs that claim to be ‘no logs’, there are only a few that have been verified to be truly no logs VPN services in real-world tests.
Most VPNs will need to keep some form of logs if they’re enforcing any kind of limitations, such as device/connection limits or bandwidth limits (further explained here). Minimal connection logs that are secured and regularly deleted are not very concerning – but it all depends on the user.
VPN performance and speed
When you’re using a VPN, a lot is going on behind the scenes. Your computer is encrypting and decrypting packets of data, which is being routed through a remote VPN server. All of this takes more time and energy, which will ultimately affect your internet speed.
To ensure the fastest speed while using a VPN, it’s best to connect to the closest VPN server that fits your needs. For example, if you’re in the UK and want to watch blocked videos that are available to people in the United States, choosing a VPN server in New York is better than a Los Angeles server.
A good VPN service should not affect your internet speed considerably. On the other hand, some of the lower-quality VPN services may significantly decrease your internet speed. This is often the case when their servers are overloaded with users.
Here are a few tips for maximizing your VPN speed:
- Get a premium VPN service with good performance.
- Connect to a nearby server that is not congested with other users (lots of available bandwidth).
- Try changing VPN protocols if the first two options do not work.
VPN speeds may also be limited by the device you are using, your network, or your internet provider throttling VPN connections.
Can you use a VPN for streaming?
Aside from online privacy and security, VPNs are also used by thousands of people around the world for streaming.
Why is that?
A VPN will unlock content that is blocked, censored, or restricted to certain geographic areas. Because a VPN gives you the ability to “tunnel” into any VPN server location around the world, it remains the ultimate tool for online streaming.
Here are a few popular streaming uses for VPNs:
- Streaming Netflix through a VPN – using a good Netflix VPN is a great idea no matter where you live. This allows people living anywhere in the world access to American Netflix, which offers the largest media library.
- Streaming sports – some sporting events/games are limited to certain geographic restrictions, which can be unblocked with a VPN.
- Streaming Kodi through a VPN – using a VPN with Kodi is a popular way to unlock any add-ons and utilize Kodi to its full potential.
VPNs are also popular for other streaming services, such as Hulu, Amazon Prime, and BBC iPlayer. Many expats living outside their home country use VPN services to unblock websites, streaming add-ons, and media channels in their home country.
Can you use a VPN for torrenting?
Another very popular use for VPNs is with torrenting and P2P downloads. When you use a VPN for torrenting, your true identity and IP address will be concealed from third parties.
Torrenting and P2P filesharing is somewhat of a grey area and may be classified as copyright infringement, depending on the content you are sharing/downloading and where you live. Right now, countries throughout the world are cracking down on torrenting – from Europe to the United States and Australia. Here is one such example illustrating the risks of torrenting without a VPN:
While we do not support any illegal activity or copyright infringement here at Restore Privacy, it should be obvious that torrenting without a VPN can be risky.
Media companies often run networks of monitoring nodes, which will join torrenting swarms and collect connection data of all infringing parties. Then, the media companies can go to the internet service providers that own the IP addresses they collected, and link these up to users along with connection times. The user will then be fined or sued for copyright infringement on behalf of the copyright holder.
The best solution here is to always torrent with privacy by using a good VPN.
Do VPNs work on Android and iOS devices?
Yes, you can use a VPN on Android and iOS devices.
There are three different ways to use a VPN on Android and iOS devices:
- With custom VPN apps. Most providers offer custom VPN apps for both Android and iOS devices, which are usually fast, stable, and offer different features.
- With third-party VPN apps. There are also popular, third-party VPN apps that you can use with your VPN service, such as OpenVPN for Android, which is free and open source.
- With built-in VPN functionality. With Android, you can use the built-in IPSec/L2TP functionality. With iOS, you can use the built-in IPSec/IKEv2 functionality. Both operating systems have VPN preferences in the settings area. You will need to import the configuration files from your VPN provider into your phone/tablet.
While VPNs have improved significantly on iOS and Android, they still don’t work quite as well as they would on a computer. The main reason for this is that using a VPN is a bit more complicated than typical applications, requiring connection to external servers, encryption, and decryption. Naturally, this is a bit challenging on a phone which may go in and out of connectivity.
WARNING: Be very careful with mobile VPN apps from third parties. There are many shady VPN apps that are dangerous and should be avoided. Do your research before installing the VPN app and remember that highly-rated apps in the Apple and Google Play stores can still be full of malware – as explained in this study. Your best bet is to only use the VPN mobile apps offered by your VPN provider.
Can I use a VPN on a router?
Yes, VPNs can be used on many different types of routers, but you will need to verify that your router can support a VPN.
A good VPN router offers the following benefits:
- Extends the benefits of a VPN to all your devices without installing software
- Easily protects you against surveillance and internet service provider (ISP) spying
- Secures your home network against attacks, hacking, and spying
The trick to getting this setup correctly is first choosing a good VPN service and then selecting the right router – the rest is easy.
Important note: The main factor when choosing a VPN router is the router’s CPU (processing power). Unfortunately, most consumer-grade routers are underpowered and do not do well with VPN encryption. While there are some newer models with higher CPU, there are also other options to maximize speed, which I discuss in the VPN router guide.
VPNs and Tor
VPNs and Tor are both privacy tools that offer online anonymity, but they are very different from each other.
Tor stands for The Onion Router and is both a browser and a network that utilizes multiple “hops” to protect user privacy. Tor was created by the US government in 2002 and is still largely dependent on US government agencies for funding. Aside from this troubling fact, there are a few other concerns with Tor:
- Some believe that the Tor network has been compromised
- Microsoft’s DRM can easily expose Windows-on-Tor users
- Viewing PDF documents while using Tor can also leak your identity
- Tor users are vulnerable to end-to-end timing attacks
- Tor is too slow for everyday use (especially video streaming)
For many people, the biggest red flag with Tor is that it was a US government project and is still financed by the US government today. There have also been numerous issues with malicious Tor nodes. Many also suspect that government agencies are operating Tor nodes for surveillance purposes.
Despite the risks associated with Tor, some people still like combining both Tor and a VPN service. There are a few different ways to do this:
- Connect to a VPN > Launch Tor browser: This method is pretty basic and self-explanatory. Simply use your desktop VPN client and connect to a VPN server, then open the Tor browser and use Tor as normal. This won’t give you great speeds, but it’s a simple way to use “Tor-over-VPN”.
- Use a VPN service with servers that exit onto the Tor network. In this case, you can simply connect to a designated “Tor-over-VPN” server, and your traffic will automatically leave the VPN server, exit onto the Tor network, and then go through to the regular internet. I have tested out two different VPNs that offer this feature: NordVPN and ZorroVPN.
It should also be pointed out that you can get many advantages of Tor, such as multi-hop configurations, with VPNs. There are a few VPN providers that offer multi-hop VPN servers and cascading support – see my multi-hop VPN guide for an in-depth discussion of this topic.
VPN leaks and kill switches
One serious issue that plagues many VPN service is the problem of data leaks. Here are a few different types of leaks that will undermine your privacy and security when using the VPN:
- DNS leaks – This occurs when your DNS requests leak out of the VPN tunnel and are processed by your internet provider. This can reveal your browsing history (DNS requests), the IP address of your internet provider, and your general location.
- IP address leaks – An IP address leak is simply when your IP address leaks out of the VPN tunnel. This can be a short, temporary leak, or a continuous leak. This is often the case with IPv6 addresses with VPNs that do not support or properly block IPv6.
- WebRTC leaks – This is mainly an issue with Firefox, Chrome, Brave, and any other Chromium-based browsers that utilize WebRTC APIs. A WebRTC leak exposes your IP address through your browser, even if you are using a good VPN. See my WebRTC leak guide for how to fix this problem in your browser.
Here is an example of a VPN that I found to be actively leaking IPv4 and IPv6 addresses, as well as DNS requests, despite all “leak protection” features being enabled:
This is one reason I recommend regularly testing your VPN to check for any problems, leaks, or vulnerabilities.
How to defeat VPN blocks
One problem that some people face is that there VPN is getting blocked. There are a few different circumstances in which VPNs are blocked:
- Restrictive countries – China, UAE, and Iran all implement some form of VPN blocking, because they do not want people using VPNs to get around censorship efforts.
- School networks – School networks sometimes block VPNs for two reasons. First, they want to be able to monitor everything you do online, which is easy to do if you aren’t using a VPN. Second, they may want to block torrenting, streaming, and other high-bandwidth activities. A VPN allows you to easily get around these restrictions (and access any blocked websites).
- Work networks – Work networks often block VPNs for the same reasons mentioned above: they want to control and monitor workers’ online activities.
The best way to get around VPN blocks is with obfuscation. VPN obfuscation basically hides VPN traffic behind standard HTTPS (Hypertext Transfer Protocol Secure) encryption, such as when you connect to a banking website over port 443.
Many VPNs offer obfuscation features for this situation. Some offer obfuscated servers (NordVPN, ExpressVPN, and VPNArea) while others offer a self-developed protocol that will automatically obfuscate traffic with any server (VyprVPN). Below is an example with VyprVPN, which uses the Chameleon protocol (based on OpenVPN) to get around VPN blocks when other protocols fail:
Unless you are in a restricted network situation where VPNs are getting actively blocked, you should not need to use obfuscation, since it may affect performance.
Which VPN is best (for you)?
Many people are wondering ‘what is the best VPN service’. The truth is that choosing a VPN is a very subjective process and there is no single one-size-fits-all “best VPN” for everyone.
Ultimately, finding the best VPN all boils down to your own unique needs and use cases for the service. Some people may want an offshore VPN with the highest encryption standards and advanced privacy features. Others may want a secure and user-friendly VPN that works great with Netflix and torrenting.
Here are a few questions to get you started in your search for the best VPN:
- How much privacy and security do you need (threat model)?
- On what devices will you be using the VPN and does the provider offer support for these?
- What will you be using the VPN for and does the VPN support those use cases? For example: torrenting, streaming Netflix, Kodi, etc.
There are many other factors to consider, such as jurisdiction and also logging policies, but this is a start.
The future of VPNs
The future of VPNs is looking bright – but not for the right reasons.
Mass surveillance, corporate tracking, and online censorship are three drivers that will continue to push VPN usage higher. Internet providers are increasingly blocking various websites – from adult content to torrenting sites. Concerns over surveillance and privacy are also rising:
- United States: Internet providers are now able to legally record your browsing history and sell this information to advertisers – or hand it over to surveillance agencies.
- United Kingdom: The UK is one of the worst countries in the world for privacy. Internet providers and telephone companies are required to record all browsing history, text messages, and location data of their customers. This data is provided to UK government agencies and is available without any warrant.
- Australia: Similar to the UK, Australia implemented a mandatory data retentions scheme requiring telecoms to collect text messages, calls, and internet connection data.
Going online without a VPN really leaves you exposed.
As people wake up to the risks of surveillance, data collection, and security threats, VPN usage will continue to grow, perhaps becoming mainstream in the near future.
Last updated on July 22, 2019.