What Is a VPN (Virtual Private Network) and How Does It Work?

Simon Migliano Head of Research at Top10VPN

Simon is a recognized world expert in VPNs. He's tested hundreds of VPN services and his research has featured on the BBC, The New York Times, CNet and more. Read full bio

The right VPN will encrypt your internet traffic, hide your IP address, and help protect your privacy online. Find everything you need to know about VPNs in this complete guide to Virtual Private Networks.

A VPN (Virtual Private Network) is a simple piece of software that you can install on almost any device. It will protect your privacy, help you stay safe online, and grant you unrestricted access to the internet.

Most importantly, a VPN will encrypt your data and hide your IP address by creating a private tunnel through the internet.

A VPN allows you to:

  • Hide your IP address from the websites you visit
  • Encrypt your browsing traffic
  • Access geographically-restricted content
  • Stream or torrent content from other countries
  • Choose between multiple private server locations
  • Protect your data on public WiFi networks

But how exactly do VPNs work? Are they safe? And how do you find the right VPN provider?

The world is growing increasingly hostile to online privacy. Every time you access the internet you risk falling victim to surveillance, censorship, data theft, and a host of other issues.

To make matters worse, governments around the world are censoring the internet at an alarming rate, hindering our ability to access information and communicate freely with one another.

That’s where a VPN comes in.

This comprehensive guide will cover everything you need to know about VPNs. We’ll break down the technical jargon so that you can use a VPN confidently and safely.

You’ll find out how VPNs work, how to install a VPN, how to choose a safe VPN, and much more.

What Is a VPN?

A Virtual Private Network (VPN) is a piece of software used to keep your internet activity private and secure.

The VPN creates a secure tunnel between your device and a private VPN server before forwarding your traffic on to the website or application you’re visiting.

This stops Internet Service Providers (ISPs) and authorities from tracking what you do online. It also protects you from hackers looking to intercept your traffic.

A VPN keeps your browsing activity private by encrypting your internet traffic, routing it through a secure tunnel, and masking your true IP address.

VPNs create a secure tunnel, encrypting your web traffic and hiding it from snoopers and hackers

Depending on which VPN provider you’re using, you’ll be able to choose from dozens or even hundreds of VPN server locations around the world.

This means you can trick websites into thinking you’re browsing, streaming, or torrenting from a specific city or country.

By encrypting your connection and rerouting your traffic through a remote server, neither your Internet Service Provider (ISP) nor anyone else on the network can monitor your internet activity. If someone does monitor your connection, all they’ll see is useless letters and numbers.

This protects you from government surveillance, website tracking, and any malicious third parties who might try to intercept your traffic.

Your IP address will change and your browsing data won’t be linked to your real location, making everything you do online much more private.

You don’t need to switch your Internet Service Provider to use a VPN, and you won’t need to buy any new equipment like a modem or a router. Installing and using your VPN is all done online in a matter of minutes.

For more detail on how a VPN works, you can skip straight to the next chapter of this guide. You can also skip straight to How to Install a VPN.

Why Do I Need a VPN?

A VPN can be relied upon to stay anonymous online, maintain your privacy, access blocked content, or hide your activity. Here are the most common reasons for using a VPN:

1Hide your online activity from your government or ISP.

Illustration showing a blurred man hidden behind a magnifying glass.

Your Internet Service Provider (ISP) can see all of the websites you visit and will almost certainly be recording that information.

In some countries, ISPs are required to collect and store user data for long periods of time and the government is able to access, store, and search that information.

This is the case in the US, UK, Australia, and much of Europe — just to name a few. You can read more about these laws in our Guide to VPN Jurisdictions.

Because VPNs encrypt the internet traffic from your device to the VPN server, your ISP or any other third party won’t be able to spy on your online activity.

To learn more about surveillance technologies and the issue of global mass surveillance, visit EFF and Privacy International. You can also find an updated list of global surveillance disclosures here.

2Hide your IP address from the websites you visit.

Illustration of a door being closed.

One of the most common reasons for using a VPN is to mask your true IP address.

Your IP address is a unique numerical address assigned by your ISP. Everything you do online is linked to your IP address, so it can be used to match you to your online activities. Most websites record the IP address of their visitors.

Advertisers can also use your IP address to serve you targeted adverts based on your identity and browsing history.

When you connect to a VPN server, you will take on the IP address of that VPN server. Any websites you visit will see the IP address of the VPN server rather than your own.

You’ll be able to bypass IP address blocks and browse websites without your activity being traced back to you as an individual.

3Unblock websites and bypass geographical restrictions.

Illustration of a woman browsing across the world.

Certain services — like Netflix or BBC iPlayer — alter their libraries depending on the country you’re visiting from.

Your IP address links you to your physical location. Using a VPN to change your visible IP address is the only reliable way to bypass these geographical restrictions and unlock the ‘hidden’ content.

Our list of the best VPNs for Netflix can provide you with more information, as well as recommended VPNs that make unblocking content easy.

More importantly, VPNs can help you evade censorship by encrypting your traffic and masking your true IP address. If you want to view content that is locked to another country or censored in your region, you can use a VPN to bypass these restrictions.

Using a VPN can help citizens bypass website blocks to access global media and communicate freely. In countries that limit freedom of speech and freedom of the press, a VPN can help individuals speak out against the government safely and privately.

For more information on government censorship, the Committee to Protect Journalists (CPJ) has a safety kit for journalists that provides guidance on issues like risk assessment and digital security.

EFF also have a range of digital security guides for activists, human rights defenders, and international journalists.

You can find out more about unblocking websites in our dedicated guide: How to Unblock Websites.

4Protect your data on public WiFi networks.

Illustration of a man connected to public wifi while traveling.

Exploiting public WiFi networks to gather data is simple and incredibly cheap. Criminals can take advantage of open and unencrypted networks to steal important data like your bank details, credit cards, photos, and other personal information.

When you use the public WiFi connection in a café, hotel, or airport you are putting your sensitive data at risk.

Hackers are increasingly targeting hotels and shopping malls in pursuit of high-value targets. A recent Bloomberg report explains how some criminals check in to hotels with the explicit goal of stealing valuable data.

Motherboard also provides a good summary of the problem with public WiFi networks. This includes the popular “WiFi Pineapple” that gives almost anyone the ability to take advantage of public networks for under $99.

You can protect your device by using a VPN, which will encrypt your internet traffic and make it much, much harder for hackers to intercept and steal your data.

Unfortunately, most users remain oblivious to the true dangers of open WiFi networks. If you travel frequently and need to stay online, a reliable VPN is an invaluable privacy tool.

For more details on protecting your public WiFi connection, check out our comprehensive guide to securing public WiFi.

5Stop ISP throttling and torrent safely.

Illustration of a man speeding up his connection

Your ISP almost certainly monitors your online activity. If you live in a country without strong net neutrality laws, your ISP can even deliberately slow down your connection when you carry out bandwidth-heavy activities like downloading a large file or torrenting. This is called bandwidth throttling.

VPN encryption can help to prevent ISP throttling, meaning that you can enjoy the best speeds for downloading, torrenting, gaming, and streaming — all the while unlocking content from all over the world.

Torrenting without a VPN is also pretty risky. Not only is your IP address visible to peers, your ISP can also see that you are accessing torrenting sites and apps, too.

We don’t condone downloading copyrighted material, but using a VPN is essential if you want your P2P activities to be kept private. To find out which VPNs we recommend for torrenting, read our Best VPNs for Torrenting guide.

When Should You Use a VPN?

We recommend using a VPN all the time to benefit from continual protection, but there are a handful of occasions when it’s particularly important to use a VPN.

You should use a VPN if:

  • You are concerned about your online privacy
  • You are in a country that censors the internet
  • You are interested in streaming content from overseas
  • You are using a public WiFi network
  • You need to bypass an IP-based website block
  • You are a journalist, activist, or whistleblower dealing with sensitive information
Graph showing the reasons why people use a VPN.

The most common reasons for using a VPN. Data taken from Global Web Index’s VPN Usage Report.

How Does a VPN Work?

A VPN creates a private and encrypted internet connection between your device and a private server. This means your data can’t be read or understood by your ISP or any other third-parties. The private server then sends your traffic onto the website or service you want to access.

If you already know how a VPN works, you can skip straight to the next section of this guide: Are VPNs Safe?

Diagram showing how a VPN works.

Here’s how a VPN works:

  1. You sign up to your chosen VPN service. For advice on which VPN provider to choose, skip to our section on how to choose the best VPN.
  2. Install the VPN software on your device. This software is called a VPN client. It can be an application supplied by a VPN provider (like ExpressVPN or NordVPN) or third-party software like OpenVPN or Tunnelblick.
  3. Sign in to your VPN client with your account details and choose the location of a VPN server you want to connect to.
  4. When you click ‘connect’ on the VPN app, the VPN client will look up the IP address of your chosen VPN server.
  5. The VPN client initiates a connection with the VPN server. They then exchange data including your login credentials in order to establish an encrypted VPN tunnel.

    The VPN tunnel is a secure link between your device and the VPN server. Encrypting your data means it can’t be read or understood if it is intercepted between your device and the server.

    Outside observers like your ISP can see that data is being transferred, but not what that data is. You can read more about VPN encryption in the next section of this guide.

  6. Your device’s internet traffic is sent through the encrypted VPN tunnel to the VPN server.
  7. The VPN server decrypts your device’s internet traffic and forwards it onto the website or service you are trying to access. If the VPN is working as it should, the website will only see the IP address of the VPN server, not your originating IP address.

Every VPN service comes with a list of server locations, and the best VPNs will allow you to choose from a range of countries and cities around the world.

Screenshot of Cyberghost VPN's server locations.

Screenshot of CyberGhost VPN server locations in the Windows app.

VPN Encryption Explained

Encryption is the process of encoding data so that only a computer with the right ‘key’ will be able to read it.

A VPN is only as secure as the encryption it uses to protect your data

With a VPN, the computers at each end of the VPN tunnel encrypt the data entering the tunnel and decrypt it at the other end. However, a VPN needs more than just a pair of keys to apply encryption.

That’s where VPN protocols come in.

VPN Protocols

VPN protocols refer to the set of rules and processes that a VPN client follows in order to establish a secure connection between your device and the VPN server. The VPN protocol you use will determine how your secure tunnel is actually formed.

Depending on the protocol in use, a VPN might have different speeds, capabilities, or even vulnerabilities. Most VPN providers will give you an option of which protocol you’d like to use.

There are several VPN protocols available, but not all of them are safe to use. Here is a table of the most common VPN protocols:

Table of VPN encryption protocols and their security risks.

  • OpenVPN. This is our preferred VPN protocol. It’s open-source, very secure, and operational on almost all VPN-capable devices. OpenVPN has been well-tested and remains the industry gold standard. You should use OpenVPN where available.
  • IKEv2/IPSec. Used alongside IPSec, IKEv2 is a newer, closed-source VPN protocol. It is very secure, pretty quick, and handles network changes with ease. This makes it the ideal protocol for mobile devices which constantly switch between WiFi and mobile data.
  • L2TP/IPSec. This protocol is fairly outdated and comes with a couple of security flaws. If used with the AES cipher it’s generally considered safe, but there have been some suggestions that the protocol has been compromised by the NSA.
  • SSTP. SSTP is another closed-source VPN protocol. It’s Microsoft-owned and based on SSL 3.0, which is vulnerable to a specific MITM attack called Poodle. While it’s not been confirmed if SSTP is affected by this attack, we don’t think it’s worth the risk.
  • PPTP. You should avoid PPTP if you can. This outdated protocol is not safe to use and can be hacked in a matter of minutes.
  • Wireguard. The newest VPN protocol to date, WireGuard is promising but still in development. It aims to be fast, secure, and more easily implemented than other VPN protocols by using far fewer lines of code. So far, there has been no stable 1.0 release, so WireGuard should be considered experimental until then.

Encryption Ciphers

Ciphers refer to the algorithms used to encrypt and decrypt data. While the VPN protocol creates the VPN tunnel, a cipher is used to encrypt the data flowing through the tunnel.

The operation of a cipher usually depends on a piece of information called a key. Without knowledge of the key, it is extremely difficult – if not impossible – to decrypt the resulting data.

When talking about encryption, we generally refer to a mixture of cipher type and key-length, which denotes the number of ‘bits’ in a given key.

For example, Blowfish-128 is the Blowfish cipher with a key length of 128 bits. Generally speaking, a short key length means poor security as it is more susceptible to violation by brute-force attacks.

A key length of 256 bits is the current ‘gold standard’. This cannot be brute-forced as it would take billions of years to run through all the possible combinations

As is the case with VPN protocols, VPN software can use several different ciphers. Here are the most popular ciphers used in VPN software today:

  • AES: Like OpenVPN is for protocols, AES is the gold standard for ciphers. It’s used by the US government for confidential data and is considered to be extremely secure. You’ll commonly find two key lengths: AES-128 and AES-256. Both are considered to be safe.
  • Blowfish: Blowfish used to be the default cipher used in OpenVPN, but it has largely been replaced by AES now. Blowfish isn’t regarded to be as secure as AES, and is vulnerable to ‘birthday attacks’.
  • Camellia: While Camellia is very similar to AES in terms of security and speed, unlike AES it hasn’t been certified by the National Institute of Standards and Technology (NIST). It hasn’t been as thoroughly tested as AES and is rarely used in VPN software.

VPNs also use handshakes and hash authentications to further secure your connection. You can read all about these — and many more details about VPN protocols and ciphers — in our complete guide to VPN encryption.

Are VPNs Safe?

A trustworthy VPN is an invaluable first step to protecting your privacy and staying safe online.

Unfortunately, not all VPNs are safe to use

Many popular VPN services are poorly-made, unreliable, and even dangerous.

The wrong VPN can:

  • Log your browsing activity
  • Fail to encrypt your data
  • Share your data with authorities
  • Leak your identifying information
  • Infect your device with malware

There are certain important questions you need to ask in order to determine whether a VPN is safe or not.

This section will address the potential dangers of VPN software and explain how you can stay safe. You can also jump straight the next chapter to find out if VPNs are legal or if you can be tracked when using a VPN.

1Does the VPN Keep Logs?

An illustration of a hand stealing files from a laptop

One of the most important aspects of a VPN service is its logging policy.

When you use a VPN you are trusting the VPN provider with all of your internet traffic — that includes your IP address, all of the websites you visit, the messages you send, and all of your personal data.

We investigated 90 of the most popular VPN services’ logging policies and found that 26% of popular VPNs log your originating IP address. For more information on which VPNs keep logs, check out our dedicated guide to VPN logging policies.

Be sure to read your VPN provider’s privacy policy before trusting the company with your personal data. If you find that the VPN records your personal IP address or activity data, avoid that VPN at all costs.

The best VPNs don’t log:

  1. DNS requests or websites visited
  2. Your originating IP address
  3. VPN server IP address
  4. Connection timestamps
  5. Individual bandwidth usage

In short, a safe VPN protects your privacy by not logging any data that could link you as a user to your online activities. Unfortunately, some VPNs still do.

This screenshot from Hola VPN’s privacy policy provides a good example of what to avoid:

Screenshot from Hola VPN’s privacy policy

Screenshot from Hola VPN’s privacy policy.

Unfortunately, the logging policies of VPN providers are often vague and misleading.

Some providers falsely claim to collect a minimal amount of data, while others are deliberately vague about the type of data their policy refers to.

The best VPN providers will be completely transparent about what type of data they collect and why this data is necessary.

They will also tell you if the VPN shares your data with any third parties, including advertisers, government agencies, and holding companies.

Make sure any “no-logs” claims you see in advertisements are backed up in the VPN’s privacy policy. If you can’t find information about what data is collected on your VPN provider’s website, you should take your money elsewhere.

2Where Is the VPN Based?

Where a VPN company is based — otherwise known as its ‘jurisdiction’ — can have a huge impact on the privacy of your personal data.

Certain countries are involved in international intelligence-sharing alliances called the Five Eyes, Nine Eyes, and 14 Eyes. In terms of privacy, these countries are the worst places to base a VPN company.

The Five Eyes countries are the US, UK, Canada, Australia, and New Zealand

Intelligence agencies in these countries have the power to force organisations to log private information and share it amongst themselves. These logging requests may be accompanied by a gag order which makes it illegal for the company to publicly disclose what they’re being compelled to do.

Map of intelligence alliances and VPN jurisdictions.

It’s also not safe to incorporate a VPN in a heavily-censored country like China, Russia, or Turkey. These countries are more likely to force VPN companies to log or censor content accessed through the VPN.

Ideally, a VPN should be incorporated in a country with strong privacy and net neutrality laws. The jurisdiction should have no international ties to more intrusive nations and no history of prosecuting citizens based on the contents of their browsing history.

Some of the best VPN jurisdictions include the British Virgin Islands, Cayman Islands, Panama, Seychelles, and Switzerland.

If you’re looking for a trustworthy VPN based in any of these countries, check out our reviews of ExpressVPN, NordVPN, PrivateVPN, and Trust.Zone.

If you want to know more about Five-Eyes countries, VPN jurisdictions, and where your VPN is based, you can read our dedicated guide to VPN jurisdictions.

3How Strong Is the VPN’s Technical Security?

The safest VPN services will be open about the technical measures they have in place to safeguard their customers and their business.

Any worthwhile VPN service will offer the latest and most secure levels of encryption, a wide selection of protocols, and a range of advanced security features including kill switches, split-tunnelling, and obfuscation.

You should always look out for OpenVPN and IKEv2, as these are the safest protocols to use. If a VPN only offers PPTP then don’t use it.

You should also look for strong encryption like AES-256. If a VPN provider isn’t willing to disclose what encryption the software uses, then it’s not a safe VPN.

For more information on VPN encryption, read the previous section of this guide or visit our dedicated guide to VPN protocols and encryption ciphers.

4Does the VPN Leak Your Data?

Low-quality VPN services can leak your personal information to third parties without you even knowing. This could include your location, your IP address, the websites you’ve visited, and more.

Needless to say, there’s no point in using a VPN that leaks your personal data. Even if the VPN has a zero-logs policy, anyone viewing your connection — your ISP included — will be able to view your identity or activity.

There are four types of leak to be aware of:

  • IP leaks. This happens when your VPN fails to mask your IP address with one of its own. This is a significant privacy risk; your ISP and any websites you visit will be able to link your online activity to your true identity.
  • DNS leaks. A VPN is supposed to route your DNS requests to its own DNS servers. If your VPN routes DNS requests outside of the encrypted VPN tunnel to your ISP’s DNS servers instead, it’s called a DNS leak. This exposes your browsing activity and any websites you’ve visited to your ISP or any other eavesdroppers.
  • WebRTC leaks. WebRTC is a browser-based technology that allows audio and video communications to work inside web pages. WebRTC has clever ways of discovering your true IP address even if a VPN is on. The best VPNs block WebRTC requests. Alternatively, you can disable WebRTC completely at the browser level.
  • IPv6 leaks. IPv6 is a new format of IP addresses, but not many VPNs currently support it. Unless VPNs support or actively block IPv6, your personal IPv6 address can be exposed. This is called an IPv6 leak.

We rigorously test every VPN that we review to find out whether it leaks your data. For more information on the types of VPN leaks, how to test a VPN for leaks, and which VPNs leak, visit our comprehensive guide to VPN leaks.

How to Run a VPN Leak Test at Home

Leak tests are super simple and you’ll be done in less than a few minutes.

To run a VPN leak test:

  1. Visit browserleaks.com and run a leak test when your VPN is disconnected. Note down your IP address and the addresses of your ISP’s DNS servers.
  2. Before you connect to a VPN server make sure to enable the VPN kill switch. This will prevent leaks during sudden VPN disconnections. Enable DNS, WebRTC, and IPv6 leak protection in your VPN application if possible.
  3. Connect to a VPN server and refresh the leak test page in your browser.
  4. If the VPN is working as it should, it will show a different figure for your true IP address and ISP’s DNS servers.

The following screenshot shows a leak test of a PrivateVPN US Server. The red arrows mark the fields you should be paying attention to:

Screenshot of a browserleaks.com leak test.

Screenshot of browserleaks.com when connected to a PrivateVPN US server. No leaks were detected.

If you can see your originating IP address or DNS servers, the VPN is leaking.

There are some ways to fix these leaks — check out our leaks guide to find out how — but sometimes it may be unfixable at your end. If that’s the case, it’s time to find a more secure VPN.

5Does the VPN Contain Malware or Tracking Tools?

Some of the most popular VPN services on the market are poorly-made and sometimes even dangerous.

While some will share your sensitive information or leak your data, others are infected with malware that can do irreversible harm to your device.

Free VPNs from obscure companies are common culprits for hosting this type of malware.

We tested the 150 most popular free VPN Android apps based on a range of criteria including leaks, viruses and malware, excessive permissions and much more. Combined, these apps have over 260 million downloads.

We found that 18% of the free VPN applications tested returned positive matches when scanned for viruses and malware.

A 2016 academic report also found that 38% of 283 Android apps tested contained some form of malware, and 16% deployed non-transparent proxies to manipulate HTTP traffic.

In short, the popularity of a free VPN application in the Apple or Google Play Store does not guarantee its safety or legitimacy. You can find out more about the dangers of free VPNS later on in this guide.

To be safe, look out for well-known VPN apps that have been independently audited for security vulnerabilities like ExpressVPN, Surfshark, and TunnelBear. Never trust a VPN with your data without researching its reputation first.

To avoid copycat applications, always download your VPN software from your chosen provider’s official VPN website or app store page.

Are VPNs Legal?

illustration of a map of the world.

It’s perfectly legal to use a VPN in most countries, including the US, UK, Canada, and most of Europe. It’s important to note, however, that anything that’s illegal without a VPN remains illegal when using one.

Even in places where VPNs are legal, some countries have intrusive surveillance and data retention laws that might be worth considering. You can learn more about this in our guide to VPN jurisdictions.

Where are VPNs Illegal?

We looked at the laws of 195 countries and found only four countries where VPNs are completely illegal:

  • Belarus: VPNs have been banned since February 2015, and those caught using one may face an unspecified fine.
  • Iraq: The Iraq government banned VPNs in 2014 to stop terrorist organizations from influencing the public via social media.
  • North Korea: Due to North Korea’s secretive nature, it’s unclear when VPNs became illegal or what the punishment for using one is.
  • Turkmenistan: VPNs were made illegal in 2015 and are actively blocked by the government. If you do use a VPN in Turkmenistan, you risk incurring a fine and a ‘summoning’ from the Ministry of National Security.

Where Are VPNs Restricted?

There are also six countries where VPNs are highly regulated or restricted. You can find a full list of countries where VPNs are illegal or restricted in the table below.

Country VPN Status Social Media Blocks Censorship Surveillance
Belarus Illegal Moderate Extensive Extensive
China Restricted Extensive Extensive Extensive
Iran Restricted Moderate Extensive Extensive
Iraq Illegal Moderate Moderate Minor
North Korea Illegal Extensive Extensive Extensive
Oman Restricted Minor Extensive Moderate
Russia Restricted Moderate Extensive Moderate
Turkey Restricted Moderate Extensive Extensive
Turkmenistan Illegal Extensive Extensive Extensive
UAE Restricted Moderate Extensive Moderate

Countries where VPNs are illegal or restricted.

If your country is not mentioned in either of the lists above, VPNs are completely legal to use there.

If you do choose to use a VPN in any of the countries listed above, it’s essential that you choose a reliable, trustworthy, and private VPN service.

For more information on the few countries where VPNs are regulated or banned, you can read our dedicated guide: Are VPNs Legal?

Can You Be Tracked If You Use a VPN?

Yes. Your online activity will be much more private with a VPN compared to surfing the web without one. However, a VPN will not make you completely unidentifiable.

If someone was serious about trying to track you across the Internet, your IP address would only be one aspect they would investigate in order to identify you.

Illustration showing how you can be tracked online.

Even with a VPN, you could be tracked through:

  1. Cookies and Trackers. Websites use cookies in order to customize their services based on specific users. Cookies store information that you have voluntarily given such as your name, gender, or location. This can be used to identify you, even if your IP address is obscured.

    Another point of concern are web trackers that are embedded in advertisements. These allow websites to provide custom adverts according to your unique browsing habits.

  2. Browser Fingerprinting. Your device provides the websites you visit with detailed information about your operating system, browser, and hardware. The sum of this information can be used to create a unique “fingerprint”.

    The use of this data to identify and track users is known as “browser fingerprinting”. You can learn more about browser safety in our Guide to Private Browsers.

  3. Your VPN Provider. Although using a VPN will hide your traffic from your ISP, the VPN provider itself will still have the technical capability to view your identity and activity. If your VPN collects identifying logs and shares this information, your identity will be compromised.
  4. IP, DNS, and WebRTC Leaks. A poor-quality VPN can expose your true IP address or your DNS requests, potentially exposing your identity or your internet history.
  5. Traffic Fingerprinting. Your ISP can see all of the data packets sent from your computer to the VPN server. Although they can’t tell what these packets contain or where they’re headed, it’s possible to still identify the kind of traffic (i.e. web pages, streaming, P2P, etc.) being sent by analysing the timing and density of each packet.
  6. Browsing Behaviour. Although your traffic is encrypted, web companies such as Facebook and Google are still able to see your online activity. If you’re signed in to these while you surf the web, a VPN won’t stop them from monitoring you or associating you with your VPN IP address.

How Can I Keep My Activity Private?

To maximize your privacy and security while using a VPN, you’ll need to alter your browsing habits. Avoid any behaviour that an onlooker might use to infer your identity.

Here are the most important rules for maintaining your privacy:

  1. Choose a trustworthy VPN service that keeps no logs of your activity and has been tested for leaks. Make sure that your VPN has a kill switch to prevent your identity being exposed if your connection drops.
  2. Turn your VPN on before launching a program or accessing a website.
  3. Use a separate, privacy-focused web browser such as Firefox or IceCat for all VPN browsing. Clear the browser’s cookies and cache before every VPN session.
  4. Consider installing some privacy-protecting browser extensions to help block advertisements and tracking scripts. Privacy Badger, uBlock, Decentraleyes, and NoScript are all good options.
  5. Avoid browsing while signed into a social media, Google, Apple, or Microsoft account. Don’t use Google Search (DuckDuckGo is a good alternative).
  6. Avoid using mobile two-step verification while connected to your VPN.
  7. If you’re making purchases online, use cryptocurrency where available. Your debit card or PayPal account will identify you.
  8. Turn off your smartphone’s GPS location data functionality.
  9. Consider using the Tor Browser if you are extremely concerned about anonymity. You can read more about Tor later on in this guide.

If you keep all of the above in mind , a good VPN with a privacy-friendly logging policy will make you significantly harder to track versus your online footprint without one. Your ISP in particular will find it very difficult to find out what websites you’ve visited.

How Do I Choose a VPN?

There’s a world of difference between VPNs. As we’ve mentioned, some VPN providers can even jeopardise the privacy and security they’re designed to protect.

Without the right information, many users are forced to make their choice of VPN without a lot of clarity. If you’ve already chosen your provider, you can skip straight to the next section on how to install a VPN.

Illustration showing the features of a good VPN.

When choosing a VPN, it’s important to ask:

  • How much does it cost?
  • How safe is it?
  • Which devices does it support?
  • How fast is it?
  • Does it work with streaming services?
  • Can it beat censorship?

Remember that the right VPN for one person may not be the right VPN for you. If you’re looking to travel to China, for example, you will need a VPN with strong encryption and advanced features like obfuscation. If you’re concerned primarily with streaming or torrenting, however, you will need a VPN with fast speeds.

If you’d like a reliable all-round VPN, read our best VPN recommendations for 2020. If you’ve already chosen a VPN provider, you can skip to our next chapter on How to Install a VPN.

Here are the main factors you need to consider when choosing a VPN service provider:

1How much does the VPN cost?

You know how much you want to spend on a VPN, so there’s no point in choosing a service that’s way beyond your means.

A high-quality VPN service will typically cost around $10 per month if you pay on a monthly basis. This can drop to as little as $50 per year if you’re willing to pay up front.

If you need to use a free VPN, be sure to read the Can I Use A VPN for Free? section later in this guide. There are certain drawbacks and dangers that you need to be aware of in the free VPN market.

2How safe is it?

Once you’ve decided how much you’re willing to spend on a VPN subscription, it’s essential that you find a safe VPN.

Consider all of the points mentioned in the Are VPNs Safe? chapter of this guide. In summary, check that your VPN has:

  • A privacy-friendly logging policy & jurisdiction.
  • Strong VPN protocols & encryption.
  • No IP, DNS, or WebRTC leaks.
  • A VPN kill switch.
  • No malware.
  • No intrusive permissions or third-party access.

3Which devices does the VPN support?

Now that you’re left with several safe VPNs, you need to find the services that work on the devices you want to protect.

Do you have a Windows or Mac computer? An Android or iPhone? Do you want to cover streaming devices and games consoles? How many devices do you need to cover?

Make sure to choose a VPN that supports the devices you need to protect.

The easiest way to use a VPN on your computer, smartphone, or tablet is to install a custom app from the VPN’s website. Some VPNs also provide custom apps for the Amazon Fire TV Stick. It’s important to note, however, that some services have a limit on the number of devices you can connect to the VPN simultaneously.

If you want to protect any devices over this limit you’ll have to install your VPN at router level, which will in turn encrypt all internet traffic from the devices connected to it.

4How fast is the VPN?

As we’ve already mentioned, VPNs do slow down internet speeds somewhat through encrypting and tunnelling, but some are slower than others.

If you’ll be using a VPN to stream, torrent, or game, you’ll need a speedy VPN that’s able to keep up with your activities. For more advice on VPN speeds you can read our recommendations for the fastest VPNs of 2019.

5Where are the VPN’s servers located?

If you’re looking to bypass censorship or geographical restrictions you’ll need to make sure your VPN has servers located in the countries you need. For example, if you want to access US-only news content, you’ll need a VPN with servers in the US.

Likewise, if speed is a priority you need to make sure your VPN has server near your physical location — the closer the servers are, the better your speeds will be.

Check your chosen VPN provider’s website or our reviews to find out where your VPN’s servers are located.

6Does it work with streaming and torrenting services?

If you plan to stream services like Netflix or use your VPN for torrenting, you’ll need a VPN that works effortlessly with each service.

You should choose a VPN for your particular needs. Not every VPN that works with Netflix also works with Hulu or BBC iPlayer, for instance. Similarly, streaming-friendly VPNs don’t always permit P2P traffic.

Take a look at the streaming and torrenting sections in this guide to find out more.

7Does it work in high-censorship countries?

If you live in or are traveling to a heavily-censored country that actively blocks VPN traffic you’ll need to pick a VPN service that uses special techniques to get around the censors.

We call these special techniques obfuscation tools. Sometimes they’re also called ‘stealth’ protocols.

Obfuscation tools generally scramble VPN traffic so that it looks like HTTPS traffic, which makes it harder to detect.

If the VPN doesn’t come with these tools it’s unlikely to work in China, and it shouldn’t be your first choice for other high-censorship countries like Iran or the UAE either.

If you’re looking for a VPN that utilizes obfuscation tools, ExpressVPN, StrongVPN, and VyprVPN are all good options.

Making Your Decision

A high-quality VPN will offer great speeds, advanced features, and will never record, share, or sell your data without the appropriate legal basis. Be sure to research your VPN’s technical security, business model, jurisdiction, and privacy policy. If the VPN provider is unable to answer all of these questions, you shouldn’t trust it.

Research your provider’s reputation and never use a VPN you’re not fully comfortable with. If you’re really concerned about safety, performance, and privacy, you should be using a subscription-based VPN that has been independently tested and well-reviewed.

How Do I Install a VPN?

There are lots of different ways to install a VPN on your device, and the process will differ depending on the type of device in question. By far the easiest and most common method is to download a custom app directly from your VPN service provider.

Most commercial VPNs that you can subscribe to come with custom apps for Windows, MacOS, Android, and iOS, but some also provide native apps for routers and streaming devices like Amazon Fire TV Stick too.

To install a VPN using a custom app:

  1. Purchase a VPN subscription from your provider’s website and verify your account by email. We’ll use NordVPN as an example.
    Screenshot of NordVPN subscription options.
  2. Download the VPN software from your VPN provider’s website or click through to the Google Play Store or Apple App Store for Android and iOS devices. Click through the installation prompts and agree to the Terms of Service.
    Screenshot of NordVPN's download screen.
  3. Log into the VPN app using your account credentials.
    Screenshot of NordVPN's login screen.
  4. Go into the VPN settings menu and enable the VPN kill switch and leak blocking if available. Select the VPN protocol of your choice. We prefer OpenVPN.
    Screenshot of NordVPN's settings menu.
  5. Go back to the app’s main screen and select a VPN server location from the locations list.
    Screenshot of NordVPN's server list.
  6. Click the connect button. You will now be connected to a VPN server in your chosen location.
    Screenshot of NordVPN connected.

It’s important to note that not all VPN services come with custom apps for every device. However, you may still be able to use your VPN on a difference device if your VPN supports manual configuration.

Manual configuration can be a complicated process, but if you follow the instructions provided on your VPN provider’s website you shouldn’t have a problem configuring your device.

Most devices have integrated VPN support, which means that all you need to do is upload the VPN service’s configuration files to the built-in client. You can usually find the client within network settings.

If you’d like to use OpenVPN, you’ll have to download a third-party app — like OpenVPN’s client software — and then upload the VPN service’s configuration files.

We’ve included more detailed instructions in the following guides:

It is possible to set up your own VPN server at home, but it’s a complicated process with a lot of room for error. Home-made VPN servers aren’t ideal for accessing restricted content or for your online privacy as your ISP can still log your online activities.

If you’d like to know how to build your own VPN server at home, check out our guide to setting up your own VPN server.

Can I Use a VPN for Free?

There are lots of free VPNs on the market, but most of them are limited at best and dangerous at worst.

If you decide to use a free VPN, look out for:

  • Monthly data caps.
  • Limited server choice.
  • Slow speeds.
  • Abuse of your personal data.
  • No technology to bypass censorship.
  • No servers to unlock streaming services.

The True Cost of Free VPNs

VPN services can monetise your data in unexpected ways. It’s expensive to develop and operate a reliable VPN, and many low-cost or free services choose to subsidise the price of subscription with income from other channels.

If you’re not paying for your VPN service at all, it’s likely that some form of data collection, sharing, or sale is occurring in order to cover the cost of the product. Many of these free services also rely heavily on advertising, which is less than ideal for privacy.

We’ve done a lot of research on free VPNs and have discovered a number of disturbing privacy flaws.

Our investigations have revealed that some of the most popular free VPNs on the market have secret links to mainland China, while 85% of the most popular free Android VPN apps feature excessive permissions with the potential for privacy abuses.

Reading the privacy policies of most free VPNs doesn’t offer hope either. Some free VPNs, like HolaVPN, log everything you do online.

Needless to say, none of these discoveries make for a very positive outlook on free VPNs. If you decide to use a free VPN service, proceed with caution.

For more information on the dangers of free VPNs, you can read our Free VPN App Investigation or Free VPN Risk Index.

If you can’t afford or simply don’t want to spend money on a VPN, we’ve also put together a list of the safest free VPN services currently available.

‘Freemium’ VPNs

Generally, ‘Freemium’ VPNs are safer than completely free services. These VPN providers will offer a free trial or restricted service as well as a much more expansive paid version.

Freemium VPNs make their money through the paid product, which allows them to provide a limited free service. VPN providers that offer ‘freemium’ products include Windscribe, ProtonVPN, and Tunnelbear.

Freemium VPNs tend to:

  • Enforce monthly data caps.
  • Limit server location choices.
  • Throttle speeds.
  • Not support streaming services like Netflix.
  • Prohibit all P2P traffic.
Screenshot of ProtonVPNs 'freemium' product.

Screenshot of ProtonVPNs ‘freemium’ VPN.

How Much Does a VPN Cost?

VPN companies tend to offer discounts for longer subscriptions. A month’s service might cost $10, but if you sign up to a year’s subscription you may get 60% off the monthly price.

VPN subscriptions vary in price considerably, and the price of a VPN service doesn’t necessarily equate to the level of quality it provides.

Be aware that you usually have to pay the full subscription cost up-front, which can make it feel expensive, and might not suit all budgets.

Generally speaking, cheaper VPNs tend to be around $6-8 a month and more expensive ones around $12-15 a month.

VPN FAQs: Frequently Asked Questions

Now that we’ve covered the basics, the following chapters will answer the most common questions we receive about using a VPN. If you’ve already got a question in mind, you can skip to the chapter that’s most relevant to you:

Do VPNs Slow Down the Internet?

All VPNs will slow down your internet speeds to some degree. With the very best VPNs, however, this impact will be negligible.

Fundamentally, a VPN works by diverting your web traffic through its own servers. Just like any journey, diversions slow it down – and that’s just what happens to your internet speeds when using a VPN.

Encryption can also add to the time taken to load sites or download files, too. The stronger the encryption, the longer the delay.

To maximize your VPN speeds:

  1. Choose a VPN server close to your physical location.

    The closer the VPN server you choose to connect to, the less it will affect your internet speed. This is why it’s important to check the full list of server locations provided by a VPN provider before you sign up.

  2. Choose a VPN server with the lowest load.

    Some VPN apps show you how busy a server is using a percentage ‘load’. The higher the server load, the more users connected to that server. A congested server will provide slower speeds.

  3. Change the VPN protocol.

    Sometimes changing the VPN protocol in use can increase the speeds you experience. Try switching between OpenVPN TCP and UDP, or using IKEv2, a particular speedy protocol. Don’t compromise on security, though. While weaker protocols and ciphers tend to be faster, they put your online security and privacy at risk.

Ultimately, if you’re using a slow VPN there’s not much you can do to speed things up. If speed is a priority, be sure to take a look at our recommendations for the fastest VPNs of 2020.

Business vs. Personal VPN: What's the Difference?

You might have heard about VPNs in the context of the workplace. There are two main types of VPN services: business (or corporate) VPNs and personal (or consumer) VPNs.

While the technology is very similar, the reason you use a business VPN is quite different from how you would use a personal VPN outside of work.

Business VPNs allow employees to access the office network remotely and securely. This allows employees to access network folders, printers, intranet sites, servers, and databases from outside of the office.

Your internet traffic is encrypted between the user’s device and the VPN server in the office, which prevents third parties from intercepting the traffic.

However, your internet traffic is still subject to your company’s policy, meaning that your boss may still see what you’re doing online, even though you’re not physically in the office.

On the other hand, personal VPNs – the ones we test and review – are slightly different.

Personal VPNs are generally used by individuals who don’t need remote access to files on a home or work network. They are typically used for personal privacy and security reasons, and for bypassing online geo-blocks.

Unlike business VPNs, you can use a personal VPN to access content from hundreds of different countries using a pool of different IP addresses.

Your traffic is still encrypted and — if you use a trusted VPN service — nobody can read your internet traffic. However, you won’t be able to access network-specific files remotely.

You won’t find any business VPN reviews on this website – we only review consumer VPNs.

Can I Use a VPN for Torrenting?

Yes, you can and should use a VPN for torrenting.

When you torrent your IP address is visible to other peers. Your ISP can also track what you’re doing online, block torrenting and file-sharing websites, and even throttle your speeds.

Using a VPN keeps your torrenting activities private and prevents ISP slowdowns and censorship.

Not all VPNs permit P2P traffic, though. Some have a zero-tolerance for torrenting, and others put restrictions on certain VPN servers. If you need to use a VPN for torrenting, read our VPN recommendations for torrenting.

It’s worth noting that some users might torrent via Kodi, a free and open-source media player application. The same VPNs we’ve recommended for torrenting are also great choices for protecting Kodi traffic.

You’ll find everything you need to know in our guide on how to install a VPN on Kodi.

Can I Use a VPN to Watch Netflix?

photo of a phone on a table loading Netflix

In addition to all of their privacy and security benefits, VPNs also allow you to unlock restricted streaming content. That includes Netflix.

When you use a VPN you assume the IP address and location of the VPN server you’re connected to. This allows you to watch content from that country or region.

With Netflix in particular, it’s not always as simple as connecting to a different VPN server and getting instant access to all your favorite shows.

That’s because Netflix actively blocks VPN IP addresses. Technically, it’s against Netflix’s terms and conditions to view content outside of the “country in which you have established your account”.

Users are supposed to access Netflix “only in geographic locations where we offer [the] service and have licensed such content.”

Screenshot of Netflix's Terms of Service
Fortunately, there are several quality VPNs that bypass this block and unblock Netflix, allowing you to watch content from libraries all around the world. These VPN services work hard to bring out new IP addresses as soon as Netflix blocks previous IP addresses.

A VPN doesn’t allow you to watch Netflix for free though — you’ll still need to pay for a subscription in order to access the streaming service. It’s the same situation for other popular streaming services like Hulu and BBC iPlayer, too.

In short, using a VPN with Netflix will allow you to:

  • Stream safely and securely.
  • Unlock content from other geographical regions.

We regularly test the VPNs on our website to check if they’re working with the most popular streaming services or not.

If you’re looking for a VPN for streaming, be sure to get one that works with your favorite services. Here are our recommendations:

Do I Need a VPN on My Phone?

If you’re concerned about protecting your privacy, you need a VPN on your smartphone. Using a VPN on your phone is as essential as protecting your desktop computer, whether you’re at home or on the go.

In fact, global demand for mobile VPN applications is growing rapidly. The number of mobile VPNs downloaded worldwide has increased by over 50% two years in a row. Between 2018 and 2019, over 480 million mobile VPN apps were downloaded.

A VPN helps to prevent hackers from stealing your private information on public networks. It also stops your ISP from keeping logs of the websites you visit on your smartphone.

That said, beware that it’s very difficult to make your smartphone totally anonymous. You’re probably always signed in to your Apple or Google account while using it, which provides a concrete connection to your identity when you use other apps and services.

If you need to choose a VPN for your smartphone, check out the following guides we’ve put together:

You can also use these VPN apps on Android and iOS tablets.

Can I Use a VPN Without WiFi?

As long as your device is connected to the internet you can use a VPN. That means you can connect to a VPN when you’re on a 3G or 4G connection.

From a security perspective, the need to do so is not as great, but you can never be too secure. Using a VPN with mobile data will still allow you to spoof your location and hide your online activity from your mobile carrier.

Is a VPN Better than a Proxy?

VPNs and proxy servers can both help to hide your IP address and access restricted content.

While both tools connect you to a remote server and hide your location, the level of privacy, security, and anonymity they offer varies wildly.

The main benefit of using a proxy server is that you don’t connect directly to the websites you visit. The proxy server will connect to the website on your behalf, retrieve the contents of the web page, and then forward this information to you.

If configured correctly, this means the websites won’t be able to see your personal IP address. Instead, they will see the IP address and location of the proxy server, keeping your real location a secret.

Proxies are often unreliable, lacking in advanced features, and may even harm your privacy

Proxy servers are not considered privacy tools. While they can disguise your IP address, most of them do not encrypt your traffic. Anyone viewing your data before it reaches the proxy server — your ISP, for example — can see exactly what you’re doing.

You should use a proxy if:

  • You need to quickly bypass a geographical restriction.
  • You are not concerned about your privacy or anonymity.
  • You are not transferring sensitive personal data.
  • You need to quickly avoid an IP-based website block.

Virtual Private Networks (VPNs), on the other hand, create an encrypted and secure tunnel between your device and the website or application you’re visiting. Your web traffic will be routed to a private server of your choice, and then on to the website or app you want to visit.

A VPN will protect and redirect all of the traffic coming from your device, not just the traffic coming from your browser window.

More importantly, a VPN will also encrypts your internet traffic and prevent third parties from spying on your browsing activity. It’s for this reason that VPNs are considered privacy tools first and foremost.

If you need to get around a content block quickly and you’re not trying to hide your data from anyone, you can paste the URL into an HTTPS proxy and access that page as a one-off.

That said, proxies are often unreliable, lacking advanced features, and may even harm your privacy. It would be foolish to use a free proxy and assume that nobody is watching what you’re doing.

While they’re not the best for privacy, they’re great if you’re not dealing with any sensitive data. Popular web proxies include Hide.me, HideMyAss, kproxy, and Whoer.

You can learn more about the advantages and disadvantages of proxy servers in our guide: Proxy vs. VPN: What’s the Difference?

Is Tor the Same as a VPN?

Tor and VPNs both offer private browsing, but they aren’t the same.

The Tor Network — often referred to as just “Tor” — is a free, open-source system designed to enable anonymous communication on the web.

The Tor Network anonymizes your online activity by encrypting your communications and randomly bouncing them through a global network of access points, or ‘nodes’, which are all maintained by volunteers.

The most common way to use Tor is through the Tor Browser. This is a free, Firefox-based application that can be downloaded and installed on your computer.

screenshot of the tor browser.

Screenshot taken from the Tor Browser.

Unlike most VPN services, which you have to pay for, Tor is free and open-source, with no central authority.

Tor is used by journalists, activists, and campaigners as a privacy tool. Tor also allows users to access parts of the web that aren’t indexed by search engines — this is called the deep web. The deep web is known for its .onion sites.

In short, the Tor Network allows you to:

  • Hide your IP address from the websites you visit.
  • Access ‘hidden’ .onion domains.
  • Anonymise your online activity.
  • Communicate confidentially.

While there are still legitimate reasons for using Tor, we recommend using a VPN in the majority of cases. Here’s why:

  1. Tor is slow. Data in the Tor network is routed through multiple random nodes and encrypted and decrypted multiple times. This means that Tor is very, very slow. Tor is not a good choice for watching high-quality streaming videos, P2P file-sharing, or anything else that requires a high speed connection.
  2. Tor only protects web browser traffic. Without manual configuration, Tor only protects the traffic within the Tor browser. That leaves traffic from all other applications and services exposed. By contrast, VPNs reroute and encrypt all your device’s traffic.
  3. Complexity. Unlike with a VPN, you can’t just ‘turn on’ the Tor browser and hide your IP address. If you don’t configure your browser properly and modify your browsing habits, it’s incredibly easy to reveal your true IP address.
  4. Unwanted attention. As you may already know, Tor has a reputation for attracting those who are very keen on avoiding detection. This includes journalists and whistleblowers – but also criminals. Your ISP can see that you are using Tor even if they don’t know what you’re doing. For this reason, frequent use of Tor can potentially mark you for surveillance.

If you want to find out more about how to stay safe on Tor read our guide to Tor vs. VPN.

Are VPNs Worth It?

Absolutely. A good VPN should be seen as a worthy investment into your security, privacy, and freedom — to prevent costly data loss, open up your browsing capabilities, and protect your right to privacy.

We thoroughly test each VPN reviewed on our website and make sure to keep our recommendations up-to-date so that you can make an informed decision. For more information about our review process, you can read all about how we review VPNs here.

About the Author


  • Simon Migliano Head of Research at Top10VPN

    Simon Migliano

    Simon is a recognized world expert in VPNs. He's tested hundreds of VPN services and his research has featured on the BBC, The New York Times, CNet and more. Read full bio