What Is a VPN?
When you switch on a VPN, it sends your web traffic through an encrypted tunnel to a server controlled by the VPN company.
From there, it exits onto the web as normal.
If you make sure to only connect to websites secured with HTTPS, your data will continue to be encrypted even after it leaves the VPN.
This sounds simple, and maybe superfluous, but it can have profound effects on your privacy.
Think about it this way: If your car pulls out of your driveway, someone can follow you and see where you are going, how long you are at your destination, and when you are coming back.
They might even be able to peek inside your car and learn more about you.
With a VPN, it's as if you drive from your house into an underground tunnel, into a closed parking garage, switch to a different car, and drive out.
No one who was originally following you knows where you went.
When your VPN is on, anyone snooping on the same network as you won't be able to see what you're up to.
This is true even if the snooper controls the network.
Public Wi-Fi networks, which are ubiquitous and convenient, are unfortunately also extremely convenient for attackers who are looking to compromise your personal information.
How do you know, for example, that "starbucks_wifi-real" is actually the Wi-Fi network for the coffee shop? Anyone could have created that network to lure victims into disclosing personal information.
In fact, a popular security researcher prank is to create a network with the same name as a free, popular service and see how many devices will automatically connect.
The Best VPN Deals This Week*
- NordVPN — $89 for Two Year Plan -- with Bonus Gift! (List Price $286.80)
- IPVanish VPN — $39.99 for One-Year Plan (List Price $79.99)
- Norton Secure VPN — $39.99 for One-Year Plan (List Price $79.99)
- TunnelBear VPN — $120 for Three-Year Plan (List Price $359.64)
- Surfshark VPN — $59.76 for Two-Year Plan (List Price $310.80)
- ExpressVPN — $99.95 for One-Year Plan + Three-Months Free (List Price $194.20)
- CyberGhost VPN — $87.75 for Three-Year Plan + Three-Months Free (List Price $506.61)
- Private Internet Access VPN — $69.95 for Two-Year Plan + Two-Months Free (List Price $310.70)
*Deals are selected by our partner, TechBargains
Even if you're inclined to trust your fellow humans (which we do not recommend), you still shouldn't trust your internet service provider (ISP).
In the US, your ISP has enormous insight into your online activities.
To make matters worse, Congress has decided that your ISP is allowed to sell your anonymized browsing history.
Considering that you are already (over)paying for the privilege of using their (iffy) services, selling your data is just egregious.
A VPN prevents even your ISP from keeping tabs on your movements.
Another benefit of a VPN is that your true IP address is hidden behind the IP address of the VPN server.
This makes it harder for advertisers and others to track your movements across the web.
Even a dedicated observer would have a hard time telling whose traffic is whose, because your data is mixed in with everyone else using the same VPN server.
What Are the Limitations of a VPN?
VPN services, while tremendously helpful, don't protect against every threat.
Using a VPN can't help if you unwisely download ransomware or if you are tricked into giving up your data to a phishing attack.
We strongly recommend that readers use local antivirus software, enable two-factor authentication wherever available, and use a password manager to create and store unique, complex passwords for each site and service you use.
There are also limitations to how anonymous you can be with a VPN.
Advertisers have many tactics at their disposal to gather data on you and track your movements.
This ranges from online trackers to browser fingerprinting.
We recommend using a privacy-focused web browser like Firefox, and installing dedicated tracker blockers like the EFF's Privacy Badger.
Many VPN services also provide their own DNS resolution system.
Think of DNS as a phone book that turns a text-based URL like "Daxdi.com" into a numeric IP address that computers can understand.
Savvy snoops can monitor DNS requests and track your movements online.
Greedy attackers can also use DNS poisoning to direct you to bogus phishing pages designed to steal your data.
When you use a VPN's DNS system, it's another layer of protection.
Secure DNS is improving privacy already, but a VPN goes a step beyond.
There's some debate among security experts about the efficacy of VPNs.
Since most sites now support secure HTTPS connections, much of your online experience is already encrypted.
Secure DNS products like Cloudflare 1.1.1.1 and Bitdefender's Yonly exist precisely because some feel VPNs are overkill.
Still, a VPN covers the information not already protected by HTTPS, places an important buffer between you and the people controlling internet infrastructure, and makes online tracking more difficult.
VPNs are necessary for improving individual privacy, but there are also people for whom a VPN is essential for personal and professional safety.
Some journalists and political activists rely on VPN services to circumvent government censorship and safely communicate with the outside world.
Check the local laws before using a VPN in China, Russia, Turkey, or any country with repressive internet policies.
For comprehensive anonymization of your traffic, you'll want to access the free Tor network.
While a VPN tunnels your web traffic to a VPN server, Tor bounces around your traffic through several volunteer nodes which makes it much, much harder to track.
Using Tor also grants access to hidden Dark Web sites, which a VPN simply cannot do.
That said, some services, such as NordVPN and ProtonVPN, offer Tor access on specific servers.
Note that Tor will slow down your connection even more than a VPN.
A determined adversary can almost always breach your defenses in one way or another.
What a VPN does is protect you against mass data collection and the casual criminal vacuuming up user data for later use.
How to Choose a VPN Service
The VPN market has exploded in the past few years, growing from a niche industry to an all-out melee.
Many providers are capitalizing on the general population's growing concerns about surveillance and cybercrime, which means it's getting hard to tell when a company is actually providing a secure service and when it's selling snake oil.
In fact, there have even been fake VPNs popping up, so be careful.
When looking for a VPN, don't just focus on speed, since that's the factor you and the VPN company have the least control over.
Since nearly all VPN companies offer some mixture of the same technologies, consider value instead.
How can you get the most for the least? Look for extra features like split-tunneling, multihop connections, and so on.
You may not need these all the time but they're useful when you do.
Nearly every VPN service provides its own app with a full graphical user interface for managing their VPN connection and settings, and we recommend that you use it.
You might dismiss such things as mere chrome, and instead prefer to manually manage your VPN connections.
This works, but doing so is tedious, requires manual updating, and won't give you access to the additional privacy tools that many VPNs provide.
When looking at a VPN, decide whether or not you can stand looking at it.
Evaluating a VPNs trustworthiness is a tricky thing.
It's not made any easier by the VPN industry itself being a cesspool of backstabbing and phony claims.
We've found that, despite some missteps, most of the major VPN players aren't bad actors, but there's always room for improvement.
The best VPN services will be up front and honest about their strengths and weaknesses, have a readable privacy policy, and either release third-party audits, a transparency report, or both.
The best way to know if a VPN will work for you is to try it out in your own home.
See if you can access all the sites and services that you need.
Find out if the interface is usable, and if the speeds in your area are acceptable.
Some VPN services provide a free trial, so take advantage of it.
Make sure you are happy with what you signed up for, and take advantage of money-back guarantees if you're not.
This is actually why we also recommend starting with a short-term subscription—a week or a month—to really make sure you are happy.
Yes, you may get a discount by signing up for a year, but that's more money at stake should you realize the service doesn't meet your performance needs.
Which Is the Best Free VPN?
Not all VPN services require that you pay.
There are, in fact, many excellent free VPNs.
But all of the free VPNs we've tested have some kind of limitation.
Some limit you to just a few simultaneous connections or devices on an account.
Others restrict your data.
Others limit you to just a handful of servers.
Still others do all of the above.
Finding the best free VPN is an exercise in balancing those restrictions.
TunnelBear, for example, lets you use any server on its network but limits you to 500MB-1GB per month.
Hotspot Shield also places no limits on the number of devices, but restricts you to 500MB per day and only US-based servers.
Kaspersky Secure Connection doesn't limit your devices but doesn't let you choose a VPN server—the app does it automatically.
Editors' Choice winner ProtonVPN has the unique distinction of placing no data restrictions on free users.
You can browse as much as you want, as long as you want.
You will be limited to just one device on the service at a time and can only choose between three server locations, but the unlimited data makes up for all that.
It doesn't hurt that ProtonVPN, from the same people that brought you super-secure ProtonMail email, is very concerned about security and customer privacy.
As far as what our readers are actually willing to spend, it's a different story.
A poll of Daxdi readers found in our poll that 65 percent of respondents expect VPNs to be free, whereas only 10 percent expect them to cost $10 or more.
For those of you who are at least willing to put down some cash, we also have a roundup of the best cheap VPNs.
Can You Trust Your VPN Service?
If you're using a service to route all your internet traffic through its servers, you have to be able to trust that service.
It's easier to trust companies that have been around longer, simply because their reputation is likely to be known.
The trouble is that the VPN industry is very young, and some VPN companies have been playing dirty.
In this environment, figuring out who to trust is very difficult.
At Daxdi, we give special attention to the privacy practices of VPN companies and not just the technology they provide.
In our testing, we read through the privacy policies and discuss company practices with VPN company representatives.
What we look for is a commitment to protect user information, and practices that gather and retain as little user information as possible.
As part of our research, we also make sure to find out where the company is based and under what legal framework it operates.
Some countries don't have data-retention laws, making it easier to keep a promise of "We don't keep any logs." It's also useful to know under what circumstances a VPN company will hand over information to law enforcement and what information it would have to provide if that should happen.
The best VPN services have a privacy policy that clearly spells out what the service does, what information it collects, and what it does to protect that information.
Some companies explain that they collect some information, but don't inform you about how they intend to use that information.
Others are more transparent.
It emerged in late 2019 that NordVPN, TorGuard, and VikingVPN servers had been breached the previous year.
No user data appears to have been compromised in the attacks.
However, NordVPN acknowledged that its TLS keys had been exposed, but TorGuard said this was not the case for its keys.
This was a comparably small incident—affecting just one of NordVPN's servers, for example—but it has served as a wake-up call to the industry and customers.
Since then, it seems that NordVPN and much of the VPN industry has made significant efforts to improve privacy practices and harden their infrastructure.
Overly Protective
The web and internet-connected devices are generally not designed for VPNs, which creates some unfortunate interactions.
Some security-conscious companies like banks may be confused by your VPN.
If your bank sees you logging in from what appears to be another US state or even another country, it can raise red flags.
Expect to see captchas and more frequent multi-factor requests when your VPN is on.
Netflix and other streaming services often block access by VPN, since a VPN can be used to access region-locked content.
Many companies, and...
