VPNs Keep You Safe Online
When we ran a survey on VPN usage in 2018, we found a surprising 71 percent of our 1,000 respondents had never used a VPN at all. That's unfortunate, considering VPNs are simple, powerful tools for improving your privacy online.
Editors' Note: IPVanish is owned by j2 Global, the parent company of PCMag's publisher, Ziff Davis.
Public Wi-Fi networks, which are ubiquitous and convenient, are unfortunately also extremely convenient for attackers who are looking to compromise your personal information. How do you know, for example, that "starbucks_wifi_real" is actually the Wi-Fi network for the coffee shop? Anyone could have created that network, to lure victims into disclosing personal information. In fact, a popular security researcher prank is to create a network with the same name as a free, popular service and see how many devices will automatically connect. Yet, in a poll we conducted in 2019, only 15 percent of our 2,000 respondents use a VPN with public Wi-Fi.
Even if you're inclined to trust your fellow humans (which I do not recommend), you still shouldn't trust your internet service provider. In its infinite wisdom, Congress has decided that your ISP is allowed to sell your browsing history. In a recent poll, we found that a surprising 73 percent of respondents had no idea that their ISP was allowed to sell their browsing history.
Another government move definitely has motivated some VPN adoption however, and that, specifically, is the death of Obama-era Net Neutrality rules. ISPs are are now allowed to throttle or charge extra for different types of content (streaming video, for example) or for traffic from given companies (say, Netflix). If you're concerned about your ISP slowing down your content or charging more for it based on what it is, one way to prevent this might be to use a VPN. In one of our surveys, 52 percent of users said they were more likely to use a VPN post-Net Neutrality, and 26 percent said that Net Neutrality's repeal actually influenced them to purchase a VPN.
For many reason, then, using a VPN is a good idea. So we were interested to see how often people use VPNs, and under what circumstances. In our survey of 3,000 US consumers conducted between September 23 and 26, 2018, more than half of respondents (52 percent) said they do or would need a VPN for security purposes. Yet 48 percent said they have never used a VPN, and 23 percent have in the past but don't anymore. Just 29 percent—or almost one in three respondents—said they actually do use one. Of those who reported using a VPN, 18 percent said they do so on their laptop or desktop, while just 5 percent use one on their smartphone or tablet. A mere 6 percent said they use one on all of their devices.
Can You Be Tracked if You Use a VPN?
In the simplest terms, a VPN creates a secure, encrypted connection—which can be thought of as a tunnel—between your computer and a server operated by the VPN service. In a professional setting, this tunnel effectively makes you part of the company's network, as if you were physically sitting in the office.
While you're connected to a VPN, all your network traffic passes through this protected tunnel, and no one—not even your ISP—can see your traffic until it exits the tunnel from the VPN server and enters the public internet. If you make sure to only connect to websites secured with HTTPS, your data will continue to be encrypted even after it leaves the VPN.
Think about it this way: If your car pulls out of your driveway, someone can follow you and see where you are going, how long you are at your destination, and when you are coming back. They might even be able to peek inside your car and learn more about you. With a VPN service, you are essentially driving into a closed parking garage, switching to a different car, and driving out, so that no one who was originally following you knows where you went.
VPN services, while tremendously helpful, are not foolproof. A determined adversary can almost always breach your defenses in one way or another. Using a VPN can't help if you unwisely download ransomware on a visit to the Dark Web, or if you are tricked into giving up your data to a phishing attack.
What a VPN can do is to protect you against mass data collection and the casual criminal vacuuming up user data for later use. It can also protect your privacy by making it harder for advertisers to figure out who and where you are. That's why VPNs are important, even when you're browsing from the comfort and (relative) safety of your home.
Who Needs a VPN?
First and foremost, using a VPN prevents anyone on the same network access point (or anywhere else) from intercepting your web traffic in a man-in-the-middle attack. This is especially handy for travelers and for those using public Wi-Fi networks, such as web surfers at hotels, airports, and coffee shops. Someone on the same network, or the person in control of the network you're using, could conceivably intercept your information while you're connected. Our 2019 survey noted that just 19 percent of respondents use a VPN while traveling, which is a dismal result from a security standpoint.
VPNs also cloak your computer's actual IP address, hiding it behind the IP address of the VPN server you're connected to. IP addresses are distributed based on location, so you can estimate someone's location simply by looking at their IP address. And while IP addresses may change, it's possible to track someone across the internet by watching where the same IP address appears. Using a VPN makes it harder for advertisers (or spies, or hackers) to track you online.
Many VPN services also provide their own DNS resolution system. Think of DNS as a phone book that turns a text-based URL like "example.com" into a numeric IP address that computers can understand. Savvy snoops can monitor DNS requests and track your movements online. Greedy attackers can also use DNS poisoning to direct you to bogus phishing pages designed to steal your data. When you use a VPN's DNS system, it's another layer of protection.
VPNs are necessary for improving individual privacy, but there are also people for whom a VPN is essential for personal and professional safety. Some journalists and political activists rely on VPN services to circumvent government censorship and safely communicate with the outside world. Check the local laws before using a VPN in China, Russia, Turkey, or any country with with repressive internet policies.
What about using a VPN for BitTorrent? Some services allow peer-to-peer file sharing and the use of BitTorrent sharing. Others restrict such activity to specific servers. Be smart: Learn the company's terms of service—and the local laws on the subject. Only six percent of our respondents report ever having used a VPN with BitTorrent. While that's a low number, it may simply reflect the fact that not all respondents have ever used BitTorrent at all.
So what did our poll find when it comes to what sorts of online habits respondents actually use VPNs for? In our survey of 3,000 US consumers on VPN use and buying habits, we found that a majority—52 percent of respondents—said they need a VPN for security purposes. In related responses, 26 percent said they need a VPN to safely access public Wi-Fi, and 18 percent need a VPN to share data and files securely. Another marquee feature of VPNs is anonymous web browsing, yet only the most Big Brother–conscious 6 percent of respondents said they need a VPN to avoid government surveillance. Aside from privacy and security reasons, VPNs are also useful in accessing entertainment content not available in your region by switching to a server somewhere else in the world. A sizable 23 percent of respondents said they need a VPN to access streaming content such as Netflix or sports, while 4 percent of respondents use VPNs to access adult content.
How to Choose a VPN Service
The VPN services market has exploded in the past few years, and a small competition has turned into an all-out melee. Many providers are capitalizing on the general population's growing concerns about surveillance and cybercrime, which means it's getting hard to tell when a company is actually providing a secure service and when it's throwing out a lot of fancy words while selling snake oil. In fact, since VPN services have become so popular in the wake of Congress killing ISP privacy rules, there have even been fake VPNs popping up, so be careful. It's important to keep a few things in mind when evaluating which VPN service is right for you: reputation, performance, type of encryption used, transparency, ease of use, support, and extra features. Don't just focus on price or speed, though those are important factors.
Some VPN services provide a free trial, so take advantage of it. Make sure you are happy with what you signed up for, and take advantage of money-back guarantees if you're not. This is actually why we also recommend starting out with a short-term subscription—a week or a month—to really make sure you are happy. Yes, you may get a discount by signing up for a year, but that's more money at stake should you realize the service doesn't meet your performance needs.
Most users want a full graphical user interface for managing their VPN connection and settings, though a few would rather download a configuration file and import it into the OpenVPN client. Most VPN companies we have reviewed support all levels of technological savvy, and the best have robust customer support for when things go sideways.
Which Is the Best Free VPN?
Not all VPN services require that you pay. There are, in fact, many excellent free VPNs. But all of the free VPNs we've tested have some kind of limitation. Some limit you to just a few simultaneous connections or devices on an account. Others restrict you to a few hundred MBs of data per day or per month. Others limit you to just a handful of servers. Still others do all of the above.
Finding the best free VPN is an exercise in balancing those restrictions. TunnelBear, for example, lets you use any server on its network but limits you to 500MB-1GB per month. Avira Phantom VPN lets you use as many devices as you like and any server you like, but also restricts you to 500MB per month. Hotspot Shield also places no limits on the number of devices, but restricts you to 500MB per day and only US-based servers. Kaspersky Secure Connection doesn't limit your devices but doesn't let you choose a VPN server—the app does it automatically.
Editors' Choice winner ProtonVPN has the unique distinction of placing no data restrictions on free users. You can browse as much as you want, as long as you want. You will be limited to just one device on the service at a time and can only choose between three server locations, but the unlimited data makes up for all that. It doesn't hurt that ProtonVPN, from the same people that brought you super-secure ProtonMail email, is very concerned about security and customer privacy.
As far as what our readers are actually willing to spend, we found in our poll that 65 percent of respondents expect VPNs to be free, whereas only 10 percent expect them to cost $10 or more.
As far as what our readers are actually willing to spend, we found in our poll that 65 percent of respondents expect VPNs to be free, whereas only 10 percent expected them to cost $10 or more.
Can You Trust Your VPN Service?
If you're using a service to route all your internet traffic through its servers, you have to be able to trust the provider. It's easier to trust companies that have been around longer, simply because their reputation is likely to be known. The trouble is that the VPN industry is very young, and some VPN companies have been playing dirty. In this environment, figuring out who to trust is very difficult.
We're not cryptography experts, so we can't verify all of the encryption claims providers make. Instead, we focus on the features provided. Bonus features like ad blocking, firewalls, and kill switches that disconnect you from the web if your VPN connection drops, go a long way toward keeping you safe. We also prefer providers that support OpenVPN, since it's a standard that's known for its speed and reliability. It's also, as the name implies, open source, meaning it benefits from many developers' eyes looking for potential problems.
Since we last tested VPNs, we've given special attention to the privacy practices of VPN companies and not just the technology they provide. In our testing, we read through the privacy policies and discuss company practices with VPN service representatives. What we look for is a commitment to protect user information, and to take a hands-off approach to gathering user data.
As part of our research, we also make sure to find out where the company is based and under what legal framework it operates. Some countries don't have data-retention laws, making it easier to keep a promise of "We don't keep any logs." It's also useful to know under what circumstances a VPN company will hand over information to law enforcement and what information it would have to provide if that should happen.
While a VPN can protect your privacy online, you might still want to take the additional step of avoiding paying for one using a credit card, for moral or security reasons. Several VPN services now accept anonymous payment methods such Bitcoin, and some even accept retailer gift cards. Both of these transactions is about as close as you can get to paying with cash for something online. That Starbucks gift card may be better spent on secure web browsing than a mediocre-at-best latte.
It emerged in late 2019 that NordVPN, TorGuard, and VikingVPN servers had been breached the previous year. No user data appears to have been compromised in the attacks. However, NordVPN acknowledged that its TLS keys had been exposed, but TorGuard said this was not the case for its keys. This was a comparably small incident—affecting just one of NordVPN's servers, for example—but it has served as a wake-up call to the industry and customers. Hopefully, more VPN companies will learn from this incident, and improve transparency as well as beef up infrastructure security.
Understanding the Limitations of VPN Services
While it hides your IP address, a VPN is not a true anonymization service. For that, you'll want to access the Tor network, which will almost certainly slow down your connection. While a VPN tunnels your web traffic to a VPN server, Tor bounces around your traffic through several volunteer nodes making it much, much harder to track. Using Tor also grants access to hidden Dark Web sites, which a VPN simply cannot do. That said, some services, such as NordVPN, offer Tor access on specific servers.
Using a VPN will prevent most kinds of DNS attacks that would redirect you to a phishing page, but a regular old page made to look like a legit one in order to trick you into entering your data can still work. Some VPNs, and most browsers, are pretty good about blocking phishing pages, but this attack still claims too many victims to be ignored. Use common sense and be sure to verify that websites are what they say they are by looking carefully at the URL and always visiting HTTPS sites.
In addition to blocking malicious sites and ads, some VPNs also claim to block malware. We don't test the efficacy of these protections, but most appear to be blacklists of sites known to host malicious software. That's great, but don't assume it's anywhere near as good as standalone antivirus. Perhaps troublingly, 20 percent of those who answered said that they thought VPNs could protect them against viruses. It's important to note that whatever ability a VPN might have to protect you from malware, you should use this feature to complement, not replace, your antivirus.
Lastly, keep in mind that some security conscious companies like banks may be confused by your VPN. If your bank sees you logging in from what appears to be another US state or even another country, it can raise red flags. Expect to see captchas and more frequent multifactor requests when your VPN is on.
VPNs by the Numbers
Some important things to look for when shopping for a VPN are the number of licenses for simultaneous connections that come with your fee, the number of servers available, and the number of locations in which the company has servers.
Most VPN services allow you to connect up to five devices with a single account. Any service that offers fewer connections is outside the mainstream. Keep in mind that you'll need to connect every device in your home individually to the VPN service, so just two or three licenses won't be enough for the average nested pair. Note that many VPN services offer native apps for both Android and iOS, but that such devices count toward your total number of connections.
Of course, there are more than just phones and computers in a home. Game systems, tablets, and smart home devices such as light bulbs and fridges all need to connect to the internet. Many of these things can't run VPN software on their own, nor can they be configured to connect to a VPN through their individual settings. In these cases, you may be better off configuring your router to connect with the VPN of your choice. By adding VPN protection to your router, you secure the traffic of every gadget connected to that router. And the router—and everything protected by it—uses just one of your licenses. Nearly all of the companies we have reviewed offer software for most consumer routers and even routers with preinstalled VPN software, making it even easier to add this level of protection.
The number and distribution of those servers is a key consideration. The more places a VPN has to offer, the more options you have to spoof your location! More importantly, having numerous servers in diverse locales means that no matter where you go on Earth you'll be able to find a nearby VPN server. The closer the VPN server, the better the speed and reliability of the connection it can offer you. Remember, you don't need to connect to a far-flung VPN server in order to gain security benefits. Depending on where you live, a server down the street is as safe as one across the globe.
The number of servers a VPN company provides is at least partly a function of how many subscribers it supports. But more is almost always better, and more servers mean that you're less likely to be shunted into a VPN server that is already filled to the brim with other users.
In the most recent round of testing, we've also looked at how many virtual servers a given VPN company uses. A virtual server is just what it sounds like—a software-defined server running on server hardware that might have several virtual servers onboard. The thing about virtual servers is that they can be configured to appear as if they are in one country when they are actually being hosted somewhere else. That's an issue if you're especially concerned about where you web traffic is traveling. It's a bit worrisome to choose one location and discover you're actually connected somewhere else entirely. Some VPN companies take a smart view to virtual servers, using them to provide VPN support for regions where it might be too risky to physically house a server. When VPNs use virtual servers, we prefer that they are transparent about it and share those locations with customers.
What's the Fastest VPN?
We have often said that having to choose between security and convenience is a false dichotomy, but it is at least somewhat true in the case of VPN services. When a VPN is active, your web traffic is taking a more circuitous route than usual, often resulting in sluggish download and upload speeds as well as increased latency. The good news is that using a VPN probably isn't going to remind you of the dial-up days of yore. That's important, because in our 2018 survey, 45 percent of respondents said that speed was the most important factor.
Most services provide perfectly adequate internet speed when in use, and can even handle streaming HD video. However, 4K video and other data-intensive tasks like gaming over a VPN are another story. Some VPN services, such as NordVPN, have started to roll out specialty servers for high-bandwidth activities. And nearly every service we have tested includes a tool to connect you with the fastest available network. Of course, you can always limit your VPN use to when you're not on a trusted network.
When we test VPNs, we use the Ookla speed test tool. (Note that Ookla is owned by PCMag's publisher, Ziff Davis.) This test provides metrics for latency, download speeds, and upload speeds. Any one of these can be an important measurement depending on your needs, but we tend to view the download speed as the most important. After all, we live in an age of digital consumption.
Our speed tests stress comparison and reproducibility. That means we stand by our work, but your individual results may vary. After all, perhaps you live on top of a VPN server, or just happen to have a super-high bandwidth connection.
What follows are the results from our VPN testing. These are the best performing products, taken from among dozens we've tested.
While speed is always a consideration, we maintain that value, features, and dedication to privacy is far more important. We discourage readers from choosing a VPN solely on its speed test results.
Can a VPN Be Blocked by Netflix?
Netflix and similar video streaming services are getting wise to people accessing streaming content in other countries by spoofing their location with a VPN. In our testing, we found that Netflix blocks streaming more often than not when we were using a VPN. There are a few exceptions, but Netflix is actively working to protect its content deals. VPNs that work with Netflix today may not work tomorrow.
Netflix blocking paying customers might seem odd, but it's all about regions and not people. Just because you paid for Netflix in one place does not mean you're entitled to the content available on the same service but in a different location. Media distribution and rights are messy and complicated. While this use of VPNs gets a lot of press, however, our 2019 survey found that only eight percent of respondents use a VPN to unblock Netflix or a similar streaming service.
Using a VPN With Windows 10, Chrome, and Linux
When we test VPNs, we generally start with the Windows client. This is often the most complete review, covering several different platforms as well as the service's features and pricing in depth. That's purely out of necessity, since most of our readers use Windows (although this writer is currently using a MacBook Air). We currently use an Intel NUC Kit NUC8i7BEH (Bean Canyon) desktop running the latest version of Windows 10. We periodically upgrade to a newer machine, in order to simulate what most users experience.
But as you can see from the chart at the top, however, Windows is not the only platform for VPNs. The Android mobile operating system, for example, is the most widely used OS on the planet.
Using a Mobile VPN
We used to advise people to do banking and other important business over their cellular connection when using a mobile device, since it is generally safer than connecting with a public Wi-Fi network. But even that isn't always a safe bet. Researchers have demonstrated how a portable cell tower, such as a femtocell, can be used for malicious ends. The attack hinges on jamming the LTE and 3G bands, which are secured with strong encryption, and forcing devices to connect with a phony tower over the less-secure 2G band. Because the attacker controls the fake tower, they can carry out a man-in-the-middle attack and see all the data passing over the cellular connection. Admittedly, this is an exotic attack, but it's far from impossible.
Wi-Fi attacks, on the other hand, are probably far more common than we'd like to believe. While attending the Black Hat convention, researchers saw thousands of devices connecting to a rogue access point. It had been configured to mimic networks that victim's devices had previously connected to, since many devices will automatically reconnect to a known network without checking with the user. That's why we recommend getting a VPN app for your mobile device to protect all your mobile communications. Even if you don't have it on all the time, using a mobile VPN is a smart way to protect your personal information.
Most VPN services offer both Android and iOS VPN apps, saving you the trouble of configuring your phone's VPN settings yourself. VPN providers typically allow up to five devices to be connected simultaneously under a single account. Also, while there are free VPN services available, many require that mobile users sign up for a paid subscription.
Not all mobile VPN apps are created equal. In fact, most VPN providers offer different services (and sometimes, different servers) for their mobile offerings than they do for their desktop counterparts.
If you're of the iPhone persuasion, there are a few other caveats to consider for a mobile VPN. Some iPhone VPN apps don't use OpenVPN, even if the VPN service that made the app supports the protocol. That's because Apple requires additional vetting if a company wants to include OpenVPN with its app. VPN app developers have slowly started jumping through those extra hoops and are bringing support for protocols such as OpenVPN to iOS.
Thankfully, there's a workaround for this problem. Instead of using the VPN app from the company from which you've purchased a subscription, you can download the standalone OpenVPN app. Open it, and you can enter your subscription information from the VPN company you've decided to work with. The OpenVPN app will then connect to the VPN company's servers using our preferred protocol.
Get Yourself a VPN
Even if you don't use it every moment of every day, a VPN is a valuable tool that everyone should have at their disposal—like a password manager or an online backup service. Intel NUC Kit NUC8i7BEH (Bean Canyon) desktop running the latest version of Windows 10.So stay safe, and get a VPN.