What is a VPN? A Beginners Guide

Simon Migliano
Simon MiglianoUpdated
What is a VPN? Explanation Diagram

What is a VPN?

A VPN, or Virtual Private Network, gives you privacy and security online, unblocks restricted content and allows you to appear to be in another country. It does this by encrypting your internet connection and diverting you via a remote VPN server in order to replace your IP address.

To use a VPN you need to sign up with a VPN provider in order to download the VPN software and get access to their remote servers. There are free and paid options (we look at the drawbacks of free VPN later on).

A VPN does not replace your Internet Service Provider (ISP), as you need internet access in order to use a VPN. You can use a VPN on any network, such as your home, school or work network, or public WiFi and on pretty much any internet-connected device, from smartphones and tablets to Amazon Fire TV and games consoles.

Don’t get confused with business VPN. Although it’s the same technology, a consumer VPN is the not same as the original corporate use, which allowed workers to join the company network from remote locations. Corporate VPN is a separate product and not the subject of this guide.

Feel like you’ve read enough? Why not check out our best VPNs for 2018.

Why have a VPN?

A VPN keeps your internet activity private and secure. It stops your ISP and the authorities from tracking what you do online. A VPN will allow you to use public WiFi networks securely, safe from hackers. It will also give you unrestricted access to the internet by making it appear you are from another country.

There are four big reasons to use a VPN:

  1. Keep your internet activity private from your ISP, the authorities and any other snoopers It’s not just repressive regimes like China and Russia that strictly monitor their citizens online. The UK, USA and Australia have some of the most aggressive mass surveillance laws in the world that force ISPs to track customers’ every move and hand over all data. This sensitive personal data can also be sold to advertisers without your explicit consent. The only way to stop this is by using a VPN. When you connect via a VPN server, your ISP is unable to “see” your data as it’s encrypted. Nor can it see track your onward journey past that initial connection, keeping your internet activity private.If your ISP can’t log your activity then there’s nothing for the authorities to snoop through beyond the fact that you connected to various VPN servers. Even that scant information can be limited by choosing VPN with a strict no-logs policy (more on that later).
  2. Access the internet with IP addresses other than your own Maybe you don’t want your internet activity traced back to you for whatever reason. Or perhaps you are frustrated at the growing realization that your physical location is being used to limit your internet experience in different ways, blocking you from accessing the content you want. When you use a VPN, your real IP address is replaced with the IP address of the VPN server, which can be located anywhere in the world. This means that as far as the websites and apps you are using are concerned, you are just another visitor from that country. Better yet, you can be from any country you choose at the click of a button.
  3. Protect yourself from hackers on public WiFi While these networks are convenient, they are highly vulnerable to hackers sniffing out personal information to use in fraud. A VPN encrypts your connection, making it impossible for anyone to intercept your data as it’s transmitted over the network.
  4. Evading censorship by the government, your ISP, your workplace or school Online censorship works by the owner of the network blocking specific sites. That can be at the top level by governments forcing the the hand of ISPs or on local closed networks like schools or workplaces. A VPN is an effective way around these blocks. This is because the remote VPN server provides the onward connection to the censored site, rather than the internet provider. Even if a particular VPN server itself gets blocked, there are typically many more to choose from.

How does a VPN actually work?

A VPN creates an encrypted tunnel between an internet-connected device, such as a laptop, and a remote VPN server. Data is encoded at one end and decoded at the other, appearing safely as gibberish in between. Onward traffic from the VPN server also assumes its IP address, replacing its original identification.

The VPN basics: software and servers

A VPN has two parts: the software on your device and the remote VPN server, which is part of a global network.

The software creates an encrypted “tunnel” between your device and your chosen VPN server, which then routes you on to whatever website or app you are trying to access.

You effectively take a detour via the VPN server on the way to your destination but from your perspective, there’s typically little noticeable difference to going online normally.

However your ISP can only follow you as far as the VPN server. It’s unable to track your onward journey, meaning your internet activity remains private.

The more distant the VPN server from your physical location, the slower the speed of your connection, as your data has further to travel. You should therefore always connect to the nearest possible server for the best performance.

Encryption

Why do you need an encrypted connection to the VPN server?

This is best explained by looking at what happens when you go online normally:

  • Your ISP logs every website you visit and app you use
  • For websites without HTTPS implemented – a surprising number of popular sites – your ISP is able to monitor every individual page you visit and any data you might enter
  • On a public network, it’s also easy for a hacker to do the same thing or trick you into exposing sensitive personal data.

When you use a VPN, all of that becomes impossible. Here’s why:

  • Your data is broken down and each part, or “packet”, is hidden inside other packets, keeping it private from prying eyes.
  • These packets are then encrypted so that only your VPN software and the VPN server you are connected to can read the data, as only they have the encryption key needed to decode it.
  • Even if the data is intercepted, it will simply look like gibberish.

VPN protocols

There are several different methods of encrypting and transmitting data in this way, collectively known as “VPN protocols”.

These include:

  • OpenVPN
  • LT2P/IPSec
  • IKEv2
  • PPTP
  • SSTP

While it’s not necessary to understand them in detail in order to use a VPN, just be aware that some are more secure than others (particularly PPTP, please, please don’t use that one).

You typically choose which VPN protocol to use in the settings of your VPN software, or just set it to auto and forget about it.

OpenVPN is the best option for most people as it not only has the best balance of performance and security, but it’s also open source, meaning that it’s transparent and trustworthy.

A simple rule of thumb is that the stronger the security of the protocol, the slower it will be. While this is not usually too much of an issue on newer devices on fast internet connections, if you find yourself on an old device or slow internet, you may need to sacrifice one or the other.

As you dig deeper into VPNs, you will come across talk of ciphers, hash authentication and handshake encryption. Unless you are a privacy geek, there’s little practical difference between AES-256 and Blowfish-128, they will both get the job done. If you do want to school yourself in the technicalities, our Guide to Encryption will keep you busy.

Preventing DNS leaks

There are also other factors involved in effectively hiding your IP address when you connect to a VPN, such as preventing “DNS leaks”.

When you click a link or type in a URL, your browser’s request for the website you want to visit is made to a DNS server.

Every ISP has its own DNS servers, which act as the telephone directory of the internet, matching the user-friendly names with the actual IP addresses your browser needs to connect.

The problem arises when your browser’s DNS requests are made directly to the ISP’s servers, exposing your activity.

An effective VPN will prevent this by operating its own DNS servers and forcing all traffic through them. To find out more about DNS (and other) leaks, head over to our DNS and WebRTC leaks guide.

Logging

It’s important to understand that by using a VPN you are shifting visibility of your internet activity from your ISP, who is not privacy-focused, to your VPN provider, who at least claims to be.

You should therefore look for a VPN provider who takes the most steps to ensure that they log the least possible information about your connection.

No respectable VPN will directly log any of your activity, however they WILL generally collect metadata about your connection, ie when you logged on and off, and which server you connected to for example.

Collection of these usage stats allows a VPN provider to keep their server network running as effectively as possible.

However, it can be possible to use this information to trace your online activity back to you, so you should look for a provider that logs the least possible metadata and retains it for the least possible time.

More information on VPN logging can be found in our comprehensive guide.

How do you get a VPN?

  1. Decide your budget and make a list of your requirements
  2. Use a VPN review site (like ours) to compare providers
  3. Choose a VPN, pick a plan then start the checkout process
  4. Make your payment then click the link on the confirmation email
  5. Click the downloaded file to install the VPN software
  6. Paste in the activation code from your email when prompted
  7. Click the big connect button to switch on your VPN

With so many VPN services to choose from, how do you find the right one? The easiest way is to use a VPN comparison service to find a VPN that meets your particular needs. Before you start, think about the following:

  1. What’s your budget?
  2. Will you need access to big streaming services like Netflix via your VPN connection?
  3. What’s more important, performance or privacy?
  4. What server locations will you need?
  5. Which devices will you be using with the VPN?

Once you have a clear idea of what you need, use a VPN comparison service (like our top picks for 2018) to find a VPN that meets your criteria. It’s worth taking the time to read reviews to ensure you get a VPN that’s easy to use as well as fast and private.

You can use a VPN on a surprising number of internet-connected devices. Not just desktops and laptops but smartphones, tablets, routers, games consoles, Chromecast, Apple TV, Kindles and more. Most services let you connect to multiple devices simultaneously.

It usually only takes a few minutes from paying for your subscription to downloading and installing your new VPN. Just click the link on your confirmation email to download the software. Click the downloaded file to install it and paste in the activation code from your email when prompted.

When you want to connect, simply decide which VPN location you would like to connect to and then click the big button. It’s as easy as that!

Is a free VPN worth looking at?

A free VPN always comes with a catch. At best, this might be very limited bandwidth, a speed cap or severe restrictions on available server locations. At worst, a free VPN might be riddled with ads or indulge in shady practices with your data. A paid VPN is almost always better.

Why pay for something you can get for free, right? Unfortunately there’s a ton of limitations and risks with using a free VPN. Most offer tiny bandwidth allowances, limited server locations, even capped speeds, as they want to convert you into a paid customer to unlock the full product. Don’t expect to be able to stream more than a few Youtube clips, that’s for sure.

Worse, free VPN providers may try to profit from you and your data in other ways. There have been reports of selling usage history to advertisers, secretly redirecting users via sponsored links to earn commissions and even adding devices to a massive botnet.

In comparison, a good paid VPN will heavily invest in privacy and security measures. It will also have to compete to deliver the best possible service in order to attract and retain your custom.

Look for a VPN with a long money-back guarantee if you aren’t sure. Some give you up to 30 days to change your mind. If you’re determined to use a free VPN then we recommend you try one of these free VPNs.

Is it legal to use a VPN?

VPNs are completely legal in most countries, as it’s not unlawful to replace your IP address. VPNs are banned in a handful of repressive countries: China, Turkey, Iraq, UAE, Belarus, Oman and Russia. The situation is not clear cut even in those countries, as some activities are banned while others tolerated.

Even where VPN use is legal, common sense should always apply. A VPN may be a useful privacy and security tool but it should not be used to hide illegal activity. If you are planning to torrent a file, for example, you should ensure it is free from copyright restrictions before doing so. Typically media files, such as movies, music and games, are copyright protected and should not be downloaded, even using a VPN.

If you are planning to use a VPN in a country where they are banned, you do so at your own risk. While UAE threatens massive fines for illegal VPN use, it’s not clear how China plans to implement its recent ban after years of unofficially tolerating the use of VPN services.

Is it safe to use a VPN?

When you use a VPN, you’re placing trust in the VPN provider to protect your privacy and keep you secure. Be sure to read customer reviews before signing up and familiarize yourself with its policies. A VPN review site (like ours) can be a shortcut to finding a trustworthy VPN.

It’s important to take the time to make sure your proposed VPN provider is trustworthy. After all, every time you connect you are in a way trusting your provider with data that you aren’t comfortable sharing with your ISP.

It’s best to always use a VPN with a customer-focused policies that puts privacy first. While every provider will claim to have your best interests at heart, the detail of their terms of service and privacy policy will prove whether that’s actually the case.

An independent VPN review site can help you make sense of a VPN provider’s logging policy and how it responds to requests for its customer data from the authorities. Generally speaking though, it’s usually safest to go with a well-established VPN with a history of satisfied customers.

Can you be tracked if you use a VPN?

If the Feds want to find you, they probably will. Law enforcement can often cross-reference data from multiple sources, including basic VPN usage stats, to help prove serious crimes. For the average person protecting their privacy, using a VPN makes it much harder to trace you

A VPN is not an invisibility cloak! It does not make you anonymous. When you visit websites on a VPN connection, those sites will log the IP address of the VPN server along with the time and date for each page you visit.

Depending on the specifics of its logging policy, your VPN provider may log your IP address plus the time and date you connect and disconnect from a VPN server, along with its IP address.

Anyone able to get hold of both sets of data and cross-reference them could prove that you visited that website. Law enforcement agencies investigating a serious crime would be able to subpoena those records.

It’s not completely cut-and-dried however as your VPN provider may not have detailed enough logs to permit a match. They may only log the name of your VPN server rather than the IP address, of which there could be many, or they may only log date stamps without the specific time. Your provider may also have purged the logs by the time the authorities request them.

There are other ways you can inadvertently expose yourself even with a VPN: DNS and other kinds of leaks, location services on mobile devices, logged-in browsers etc. Make sure you verify your connection with a DNS leak test and run through all your browser settings. On a mobile device, it’s also worth reviewing all privacy settings.

The good news though is that it takes a court order for a serious crime for the authorities to get their hands on VPN logs, which doesn’t apply to the average citizen exercising their right to privacy.

If you intend to use a VPN while torrenting, you should check how your provider treats DMCA notices before signing up. Some cooperate with copyright holders and may even hand over your details for legal action, others may just issue a warning and threaten disconnection for repeat offenders.

A good portion of VPN services make a virtue out of not co-operating with such requests however by not only basing themselves beyond relevant jurisdictions but also by not retaining such data in the first place.

It’s vital to choose a VPN with a kill switch, particularly if you are torrenting, as this will completely disconnect you from the internet should your VPN connection fail for any reason.

If you really need true anonymity because you are a whistleblower, political activist or journalist for example, then using the special TOR browser is more appropriate. This browser offers a greater degree of privacy but comes at the cost of performance, TOR is far too slow for most modern websites and video streaming for example.

Using a VPN and TOR together however is an effective privacy tool for the most sensitive internet activity. In such cases, we recommend you sign up for a VPN that allows you to pay anonymously via bitcoin to protect your identity.