What Is a VPN?
When you switch on a VPN, it sends your web traffic through an encrypted tunnel to a server controlled by the VPN company. From there, it exits onto the web as normal. If you make sure to only connect to websites secured with HTTPS, your data will continue to be encrypted even after it leaves the VPN. This sounds simple, and maybe superfluous, but it can have profound effects on your privacy.
Think about it this way: If your car pulls out of your driveway, someone can follow you and see where you are going, how long you are at your destination, and when you are coming back. They might even be able to peek inside your car and learn more about you. With a VPN, it’s as if you drive from your house into an underground tunnel, into a closed parking garage, switch to a different car, and drive out. No one who was originally following you knows where you went.
When your VPN is on, anyone snooping on the same network as you won’t be able to see what you’re up to. This is true even if the snooper controls the network. Public Wi-Fi networks, which are ubiquitous and convenient, are unfortunately also extremely convenient for attackers who are looking to compromise your personal information. How do you know, for example, that “starbucks_wifi-real” is actually the Wi-Fi network for the coffee shop? Anyone could have created that network to lure victims into disclosing personal information. In fact, a popular security researcher prank is to create a network with the same name as a free, popular service and see how many devices will automatically connect.
The Best VPN Deals This Week*
- NordVPN — $89 for Two-Year Plan With Bonus Gift (List Price $286.80)
- IPVanish VPN — $49.99 for One-Year Plan (List Price $99.99)
- Surfshark VPN — $59.76 for Two-Year Plan (List Price $310.80)
- Norton Secure VPN — $39.99 for One-Year Plan (List Price $79.99)
- Private Internet Access VPN — $69.95 for Two-Year Plan + Two-Months Free (List Price $310.70)
- ExpressVPN — $99.95 for One-Year Plan + Three-Months Free (List Price $194.20)
*Deals are selected by our partner, TechBargains
Even if you’re inclined to trust your fellow humans (which we do not recommend), you still shouldn’t trust your internet service provider (ISP). In the US, your ISP has enormous insight into your online activities. To make matters worse, Congress has decided that your ISP is allowed to sell your anonymized browsing history. Considering that you are already (over)paying for the privilege of using their (iffy) services, selling your data is just egregious. A VPN prevents even your ISP from keeping tabs on your movements.
Another benefit of a VPN is that your true IP address is hidden behind the IP address of the VPN server. This makes it harder for advertisers and others to track your movements across the web. Even a dedicated observer would have a hard time telling whose traffic is whose, because your data is mixed in with everyone else using the same VPN server.
What Are the Limitations of a VPN?
VPN services, while tremendously helpful, don’t protect against every threat. Using a VPN can’t help if you unwisely download ransomware or if you are tricked into giving up your data to a phishing attack. We strongly recommend that readers use local antivirus software, enable two-factor authentication wherever available, and use a password manager to create and store unique, complex passwords for each site and service you use.
There are also limitations to how anonymous you can be with a VPN. Advertisers have many tactics at their disposal to gather data on you and track your movements. This ranges from online trackers to browser fingerprinting. We recommend taking advantage of anti-tracking features in your browser, and installing dedicated tracker blockers like the EFF’s Privacy Badger.
Many VPN services also provide their own DNS resolution system. Think of DNS as a phone book that turns a text-based URL like “pcmag.com” into a numeric IP address that computers can understand. Savvy snoops can monitor DNS requests and track your movements online. Greedy attackers can also use DNS poisoning to direct you to bogus phishing pages designed to steal your data. When you use a VPN’s DNS system, it’s another layer of protection. Secure DNS is improving privacy already, but a VPN goes a step beyond.
There’s some debate among security experts about the efficacy of VPNs. Since most sites now support secure HTTPS connections, much of your online experience is already encrypted. Secure DNS products like Cloudflare 188.8.131.52 and Bitdefender’s Yonly exist precisely because some feel VPNs are overkill. Still, a VPN covers the information not already protected by HTTPS, places an important buffer between you and the people controlling internet infrastructure, and makes online tracking more difficult.
VPNs are useful for improving individual privacy, but there are also people for whom a VPN is essential for personal and professional safety. Some journalists and political activists rely on VPN services to circumvent government censorship and safely communicate with the outside world. Check the local laws before using a VPN in China, Russia, Turkey, or any country with repressive internet policies.
For comprehensive anonymization of your traffic, you’ll want to access the free Tor network. While a VPN tunnels your web traffic to a VPN server, Tor bounces around your traffic through several volunteer nodes which makes it much, much harder to track. Using Tor also grants access to hidden Dark Web sites, which a VPN simply cannot do. That said, some services, such as NordVPN and ProtonVPN, offer Tor access on specific servers. Note that Tor will slow down your connection even more than a VPN.
Remember that a determined adversary will almost always breach your defenses in one way or another. What a VPN does is protect you against mass data collection and the casual criminal vacuuming up user data for later use.
How to Choose a VPN Service
The VPN market has exploded in the past few years, growing from a niche industry to an all-out melee. Many providers are capitalizing on the general population’s growing concerns about surveillance and cybercrime, which means it’s getting hard to tell when a company is actually providing a useful service and when it’s selling snake oil. In fact, there have even been fake VPNs popping up, so be careful.
When looking for a VPN, don’t just focus on speed, since that’s the factor you and the VPN company have the least control over. Since nearly all VPN companies offer some mixture of the same technologies, consider value instead. How can you get the most for the least? Look for extra features like split-tunneling, multihop connections, and so on. You may not need these all the time but they’re useful when you do.
Nearly every VPN service provides its own app with a full graphical user interface for managing their VPN connection and settings, and we recommend that you use it. You might dismiss such things as mere chrome, and instead prefer to manually manage your VPN connections. This works, but doing so is tedious, requires manual updating, and won’t give you access to the additional privacy tools that many VPNs provide. When looking at a VPN, decide whether or not you can stand looking at it.
The best way to know if a VPN will work for you is to try it out in your own home. See if you can access all the sites and services that you need. Find out if the interface is usable, and if the speeds in your area are acceptable. Some VPN services provide a free trial, so take advantage of it. Make sure you are happy with what you signed up for, and take advantage of money-back guarantees if you’re not.
This is why we also recommend starting with a short-term subscription—a week or a month—to really make sure you are happy. Yes, you may get a discount by signing up for a year, but that’s more money at stake should you realize the service doesn’t meet your performance needs.
Which Is the Best Free VPN?
Not all VPN services require that you pay. There are, in fact, many excellent free VPNs. But all of the free VPNs we’ve tested have some kind of limitation. Some limit you to just a few simultaneous connections or devices on an account. Others restrict your data. Others limit you to just a handful of servers. Still others do all of the above.
Finding the best free VPN is an exercise in balancing those restrictions. TunnelBear, for example, lets you use any server on its network but limits you to 500MB-1GB per month. Hotspot Shield also places no limits on the number of devices, but restricts you to 500MB per day and only US-based servers. Kaspersky Secure Connection doesn’t limit your devices but doesn’t let you choose a VPN server—the app does it automatically.
Editors’ Choice winner ProtonVPN has the unique distinction of placing no data restrictions on free users. You can browse as much as you want, as long as you want. You will be limited to just one device on the service at a time and can only choose between three server locations, but the unlimited data makes up for all that. It doesn’t hurt that ProtonVPN, from the same people that brought you super-secure ProtonMail email, is very concerned about security and customer privacy.
As far as what our readers are actually willing to spend, it’s a different story. A poll of PCMag readers found in our poll that 65 percent of respondents expect VPNs to be free, whereas only 10 percent expect them to cost $10 or more. For those of you who are at least willing to put down some cash, we also have a roundup of the best cheap VPNs.
Can You Trust Your VPN Service?
If you’re using a service to route all your internet traffic through its servers, you have to be able to trust that service. It’s easier to trust companies that have been around longer, simply because their reputation is likely to be known. The trouble is that the VPN industry is very young, and some VPN companies have been playing dirty. In this environment, figuring out who to trust is very difficult.
At PCMag, we give special attention to the privacy practices of VPN companies and not just the technology they provide. In our testing, we read through the privacy policies and discuss company practices with VPN company representatives. We look for a commitment to protecting user information, and practices that gather and retain as little user information as possible.
As part of our research, we also make sure to find out where the company is based and under what legal framework it operates. Some countries don’t have data-retention laws, making it easier to keep a promise of “We don’t keep any logs.” It’s also useful to know under what circumstances a VPN company will hand over information to law enforcement and what information it would have to provide if that should happen.
It emerged in late 2019 that NordVPN, TorGuard, and VikingVPN servers had been breached the previous year. No user data appears to have been compromised in the attacks. However, NordVPN acknowledged that its TLS keys had been exposed, but TorGuard said this was not the case for its keys. This was a comparably small incident—affecting just one of NordVPN’s servers, for example—but it has served as a wake-up call to the industry and customers. Since then, it seems that NordVPN and much of the VPN industry has made significant efforts to improve privacy practices and harden their infrastructure.
The web and internet-connected devices are generally not designed for VPNs, which creates some unfortunate interactions. Some security-conscious companies like banks may be confused by your VPN. If your bank sees you logging in from what appears to be another US state or even another country, it can raise red flags. Expect to see captchas and more frequent multi-factor requests when your VPN is on.
Netflix and other streaming services often block access by VPN, since a VPN can be used to access region-locked content. Many companies, and especially Netflix, aggressively adjust their tactics to block VPNs. That means a service that works today may be blocked tomorrow, and vice versa. That could be an issue for many readers, because while the vast majority of you appear to use VPNs to protect yourselves, nearly a quarter use VPNs primarily for streaming.
In general, we found that VPNs have improved their ability to access far-flung streaming content. In previous years, it was extremely unusual to find a VPN that could stream Netflix content from outside the US. Keep in mind that accessing region locked streaming content can breach terms of service, and PCMag cannot supply legal advice for such situations.
Lastly, because a VPN encrypts your data as it’s transmitted from your device, it’s often impossible to access local devices on the same network. A great example is Chromecast. If you’ve got a VPN running, you won’t be able to use Chromecast. You may as well be on a different Wi-Fi network. Some VPNs allow for split-tunneling, where you can designate applications and sites that can travel outside the VPN connection. Others include an option to make traffic visible to LAN devices.
VPNs by the Numbers
Some important things to look for when shopping for a VPN are the number of simultaneous connections the VPN service allows, the number of servers available, and the number of locations in which the company has servers.
Most VPN services allow you to connect up to five devices with a single account. Any service that offers fewer connections is outside the mainstream. Keep in mind that you’ll need to connect every device you wish to protect to the VPN service, so just two or three licenses will barely be enough for even just one person.
This paradigm may be changing, however. Many services now offer far more than five simultaneous connections. Some have even done away with this restriction entirely. Avira Phantom VPN, Encrypt.me VPN, Ghostery Midnight, IPVanish VPN, Surfshark VPN, and Windscribe VPN place no limit on the number of simultaneous connections. Note that Encrypt.me and IPVanish are owned by J2 Global, which in turn owns PCMag’s publisher, Ziff Media.
Of course, there are more than just phones and computers in a home. Game systems, tablets, and smart home devices such as light bulbs and fridges all need to connect to the internet. Many of these things can’t run VPN software on their own. Some VPN companies provide instructions on how to configure a router to use a VPN, which would protect all the devices on the network. There’s some debate on whether or not this will cause even more unforeseen complications. We don’t recommend this solution to anyone other than an experienced and patient tinkerer.
The distribution of VPN servers is a key consideration. The more server locations a VPN has to offer, the more options you have to spoof your location! More importantly, having numerous servers in diverse locales means that no matter where you go on Earth you’ll be able to find a nearby VPN server. The closer the VPN server, the better the speed and reliability of the connection it can offer you. Remember, you don’t need to connect to a far-flung VPN server to gain security benefits. Depending on where you live, a server down the street is as safe as one across the globe.
We also look at how many virtual servers and virtual locations VPN companies use. A virtual server is just what it sounds like—a software-defined server running on server hardware that might have several virtual servers onboard. A virtual location is a server configured to appear somewhere other than where it is physically located. While neither is inherently problematic, it’s a bit worrisome to choose one location and discover you’re actually connected somewhere else entirely. Some VPN companies take a smart view to virtual servers, using them to provide VPN support for regions where it might be too risky to physically house a server. When VPNs use these technologies, we prefer that they are transparent about it.
What’s the Fastest VPN?
When a VPN is active, your web traffic is taking a more circuitous route than usual, often resulting in sluggish download and upload speeds as well as increased latency. The good news is that using a VPN probably isn’t going to remind you of the dial-up days of yore.
Most services provide perfectly adequate internet speed when in use, and can even handle streaming HD video. However, 4K video and other data-intensive tasks like gaming over a VPN are another story.
When we test VPNs, we use the Ookla speed test tool. Note that Ookla is owned by PCMag’s publisher, Ziff Davis. This test provides metrics for latency, download speeds, and upload speeds. Any one of these can be an important measurement depending on your needs, but we tend to view the download speed as the most important. After all, we live in an age of digital consumption.
To evaluate VPNs, we first run several speed tests without the VPN. Then, we compare that figure to speed tests taken with the VPN active and find a percent change. Our speed tests stress comparison and reproducibility. That means we stand by our work, but your individual results may vary. After all, perhaps you live on top of a VPN server, or just happen to have a super-high bandwidth connection. Do read our feature, conveniently named How We Test VPNs, if you want the full details.
In the past, we tested all of our products back to back. This year, we’re using a rolling schedule that will provide fresher data much faster. This change was also necessitated by the limited access we have to the PCMag Labs due to the ongoing COVID-19 pandemic. The chart below shows our most recent speed test results.
Get Yourself a VPN
A VPN is an easy way to protect your privacy online, and can be a tool for circumventing unwanted internet restrictions. None of the services in this list are perfect, and there will surely be times when it won’t make sense to use a VPN. But it’s a valuable tool to have in your personal security toolbox.
Click through the review links of the best VPN services below for detailed analysis and performance results, and feel free to chime in on the comments section below them. Once you’ve picked, be sure to read our feature on how to set up and use a VPN to get the most from your chosen service.
This article originally appeared on https://www.pcmag.com/picks/the-best-vpn-services