Are you sure you need one?
For a variety of reasons, VPNs, or Virtual Private Networks, have become quite popular. It seems like you can’t open a tech website or news source without hearing that VPNs are the solution to all your security and privacy issues.
Sadly, that’s not the case.
But VPNs can be useful in several specific cases.
Become a Patron of Ask Leo! and go ad-free!
VPNs can solve certain specific problems:
- Sniffing: protecting your communications from being intercepted and viewed by hackers.
- Relocation: appearing as if you are located somewhere other than your actual location.
- Surveillance: protecting your communications from being monitored by network providers.
Exactly what to look for in a VPN depends on which of these problems you’re trying to solve.
When you use an open Wi-Fi hotspot, you’re broadcasting your information in such a way that anyone within range of the wireless signal can listen to or “sniff” your data.
Encryption is the solution. If someone does manage to see your communications, all they’ll get is unintelligible noise.
When using a browser, connecting via an https connection does this. Https encrypts your data as it travels between your computer and the site or service you’re using.
But what about everything else? How do we ensure the privacy of http connections as well as connections made by other software on your computer?
A VPN solves this by creating an encrypted “tunnel” through which all internet communications are routed. This tunnel between your computer and the VPN provider protects all of your communications crossing the sniffable Wi-Fi connection.
Most reputable VPN services accomplish this quite nicely. Look for how easy the software is to set up and configure and the overall performance impact when the VPN is in use. A good VPN will be both easy to set up and have minimal impact on your online experience.
A VPN creates an encrypted tunnel between your computer and the VPN’s servers. This makes it look like you’re located wherever those servers are located.
When I use my VPN here in Woodinville, for example, it appears as if I’m located in New York. Several VPN providers allow you to choose the location from which you want to appear. I can change my VPN settings to make it appear as if I were in The Netherlands, Australia, or any number of other countries in which my VPN has servers.
This virtual relocation can be used to bypass country or location-specific blocks. A VPN might be used to view video content made available to residents of one country but not another, or to access content otherwise blocked to residents of a specific locale. Unfortunately, those putting the blocks in place realize this and often specifically block known VPNs.
Some VPN providers are better at providing this relocation service than others. Some don’t focus on it at all. When choosing a VPN with this in mind, it’s important to determine whether this is a priority and whether they’re willing to take steps to overcome periodic blocks. When streaming video, the performance impact of the VPN service should be as minimal as possible — something difficult to accomplish when traversing long distances.
Recent news encourages you to look to VPNs to protect yourself from surveillance by your government or internet service provider (ISP).
The good news is almost any VPN that can perform the first two tasks (protection from sniffing and virtual relocation) is a candidate for solving this problem, too. The same encryption that prevents a Wi-Fi connection from being sniffed also hides the information from your ISP. The same relocation that makes it appear as if you’re in a different country also removes your traffic from being monitoring by the country in which you are.
Unfortunately, there are several possibly serious problems:
- Your ISP will still be able to see that you’re using a VPN and which VPN you’re using.
- Your government will be able to see you’re using a VPN and which VPN you’re using.
- Your VPN service takes the place of your ISP; now they can monitor your connection.
- Depending on where they’re based, your VPN service may be subject to laws and regulations.
- You may not be as protected as you think, since a VPN encrypts only your connection and does nothing to protect you from the many other ways your activity can be tracked by the websites you visit and the services you use.
Choosing a VPN provider to protect you from surveillance is perhaps the most difficult of all. Not only do you need speed, encryption, and relocation features; you also need a complete assurance of privacy. Even when stated publicly as policy, you’ll need assurance that the policy will be followed.
In the worst-case scenario, a malicious VPN service could collect all the information your ISP might have and more, and share that with government agencies or even post it publicly.
Specific VPN providers
I’ve used two different VPN services at various times.
Both seem reliable and have met my needs: primarily sniffing protection, with occasional relocation.
If you’re looking for more recommendations, I’ll point you at this list from Tom’s Hardware.
VPN providers to avoid
There is one class of VPN I would avoid completely: free ones.
VPNs are not inexpensive to set up and run. Providers of free VPNs usually make their money in some other way, putting your privacy — the very reason to use a VPN — at risk. At a practical level, free VPN services are usually more restrictive and perform less well than the alternatives.
If you believe you really need a VPN, I strongly recommend you pay for a reputable, paid service.
Do you really need a VPN?
The ultimate question, of course, is: are you sure you need the expense, complexity, and added risk of using a VPN?
My position remains that unless you travel frequently or are regularly involved in highly sensitive communications, you probably don’t need one. It’s very likely that it’s enough to remain aware of the steps to use a Wi-Fi hotspot safely, and apply those to any potentially suspect internet connection.
On the other hand, if you do travel regularly, if you do need your connection to “appear” to be located in another country, or if you really have reason to distrust your ISP or local government, then carefully selecting a VPN service may be an appropriate step.
First, determine if you even need a VPN — chances are you don’t.
If you do, select either of the ones I’ve used or check out trusted recommendations from others. Avoid free VPNs (although free trials can often be a way to determine whether or not the VPN meets your needs).
Then, subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.
Footnotes & References
- Electronic Frontier Foundation: Choosing the VPN That’s Right for You
- Electronic Frontier Foundation: Here’s How to Protect Your Privacy From Your Internet Service Provider