Technology in terms you understand. Sign up for my weekly newsletter, "Confident Computing", for more solutions you can use to make your life easier. Click here.

What VPN Should I Use?

For a variety of reasons, VPNs, or Virtual Private Networks, have suddenly become quite popular. It seems like you can’t open a tech web site or news source without hearing that VPNs are the solution to all your security and privacy issues.

Sadly, that’s not the case.

VPNs can be useful to solve a handful of specific problems:

  • Sniffing: protecting your communications from being intercepted when using open WiFi hotspots.
  • Relocation: making it appear as if you are located somewhere other than your actual location.
  • Surveillance: protecting your communications from being monitored by certain third parties, such as your ISP.

Exactly what to look for in a VPN provider varies depending on exactly which of these problems you’re attempting to solve.

Become a Patron of Ask Leo! and go ad-free!

Sniffing

When you use an open WiFi hotspot, you’re broadcasting your information in such a way that anyone within range of the wireless signal can listen in, or “sniff.” Encryption is the solution. Even if someone does manage to see your communications, all they’ll see is unintelligible encrypted data.

When using a browser, ensuring that you’re connecting via an https connection achieves this quite nicely; by definition, https encrypts your data as it travels the entire path between your computer and the site or service with which you’re communicating.

The issue remains, what about everything else? How do we ensure the privacy of not only non-https connections made by your browser, but all the other communications between software on your computer and the internet?

A VPN solves this by creating an encrypted “tunnel” through which all internet-communications are routed. This tunnel is set up between your computer and the VPN provider, thus protecting all of your communications crossing the sniffable WiFi connection.

The good news here is that most reputable VPN services accomplish this quite nicely. The things to look for will be how easy the software is to set up and configure, and the overall performance impact when the VPN is in use. A good VPN will be both easy to set up and have minimal impact on your online experience.

Relocation

A VPN creates an encrypted tunnel between your computer and the VPN service’s servers, which has the side effect of making it “look like” you are wherever those servers are located. When I use my VPN here in Woodinville, for example, it appears as if I’m located in New York. Several VPN providers allow you to choose the location from which you want to appear. I could easily change my VPN settings to make it appear as if I were in The Netherlands, Australia, or any number of other countries in which my VPN has servers.

This “virtual relocation” can be used to bypass country or location-specific blocks. Most commonly, a VPN might be used to view video content that is made available to residents of one country but not another, or to access content otherwise blocked or restricted to residents of a specific locale. Unfortunately, those putting the blocks in place realize this, and often specifically block known VPNs.

Some VPN providers are better at providing this virtual relocation service than others. Some don’t focus on it at all. When selecting a VPN with this end in mind, it’s important to determine whether this is a priority, and whether they’re willing to take steps to overcome periodic blocks. Particularly when streaming video, the performance impact of the VPN service should be as minimal as possible — something that can be difficult to accomplish when traversing long distances.

Surveillance protection

Recent news encourages people to look to VPNs to protect themselves from surveillance by their local government or their internet service providers (ISPs).

The good news is that almost any VPN that can perform the first two tasks (protection from sniffing and virtual relocation) is a candidate for solving this problem too. The same encryption that prevents a WiFi connection from being sniffed also hides the information from your ISP. The same relocation that makes it appear as if you’re in a different country also removes your traffic from monitoring by the country in which you are located.

Unfortunately, there are several potentially serious problems that may arise:

  • Your ISP will still be able to see that you’re using a VPN service, and which VPN service you’re using.
  • Your local government will be able to see that you’re using a VPN, and which one. This may raise suspicion.
  • Your VPN service takes the place of your ISP; now they can monitor your connection.
  • Your VPN service may be subject to a completely different set of laws and regulations based on where their offices and servers happen to be located.
  • You may not be as protected as you think, since a VPN encrypts only your connection, and does nothing to protect you from the many other ways your activity can be tracked by the websites you visit and the services you use.

Choosing a VPN provider to protect you from surveillance is perhaps the most difficult of all. Not only do you need speed, encryption, and relocation features at the technical level, you also need a complete assurance of privacy. Even when stated publicly as policy, you’ll need assurance that the policy will be followed.

In the worst case scenario, a malicious VPN service could collect all the information your ISP might have, and more, and share that with government agencies or even post it publicly.

Specific VPN providers

I have no specific VPN recommendation. The field is too complex, and as you’ve seen, the characteristics of what you need from a VPN service varies depending on your reasons for electing to use one.

Instead, I’ll offer a handful of the VPN providers that appear to have good reputations within the industry, and/or rank relatively highly in the VPN Section of That One Privacy Site.

Consider this list a starting point for your own more in-depth investigations according to your own requirements.

In addition, I happen to use TunnelBear, out of Canada. (I use a VPN primarily to encrypt my open WiFi connections.)

You’ll note that I’ve listed the country in which the company appears to be located. That can be significant in the case of any attempted legal action.

I believe each of the providers above also provide what are called “affiliate links”. (The TunnelBear link, for example, is an affiliate link. I may or may not update the others on the list to be affiliate links at some point.) While I firmly believe all of the providers listed above are legitimate, beware of sites promoting VPNs in general, as they sometimes exist not to provide objective information, but rather to steer you towards services that have higher-paying affiliate programs.

VPN providers to avoid

Speaking of avoiding, there is one class of VPN that I would avoid completely: free ones.

VPNs are not inexpensive to setup and run. Providers of free VPNs usually make their money in some other way, putting your privacy — the very reason you might be looking to use a VPN — at risk. At a practical level, free VPN services are usually more restrictive and perform less well than the alternatives.

If you believe you really need a VPN, I strongly recommend you spring for a reputable, paid service.

Do you really need a VPN?

The ultimate question, of course, is: are you sure you need the expense, complexity, and added risk of using a VPN at all?

My position remains that unless you travel frequently, or are regularly involved in highly sensitive communications, you may not need one. It’s very likely that simply remaining aware of the steps to use a WiFi hotspot safely, and applying those to any potentially suspect internet connection, could well be enough.

On the other hand, if you do travel regularly, if you do need your connection to “appear” to be located in another country, or if you really have reason to distrust your ISP or local government, then carefully selecting a VPN service may be an appropriate step.

This article, like any article on Ask Leo!, may contain "affiliate links". Without affecting the price you pay, or my decision to include them, using affiliate links may result in my being paid a commission should you purchase the product mentioned. More detailed information.

Podcast audio

Play

33 comments on “What VPN Should I Use?”

  1. 100% agree. Free VPNs should be avoided like the plague. I use {removed} and the reason I like it so much is because they don’t keep logs (also, they’re one of the few companies to offer network locks on their windows apps).

    • I removed your recommendation. In a previous article Leo said:

      Now the one thing that I have to avoid in this particular case, is I’m going to be very, very careful about VPN recommendations because I suspect that some of you have experience with specific VPN providers and might like to mention who they are. That being said, I’m going to keep an eye out, because it’s also an opportunity for spammers to come in and spam their less than reputable VPN providers.

      • I am in Turkey so I need my bbc programs etc etc… I now have {removed} x 2 years and am very happy with it.. I had {removed} over a year ago and had some problems but it was not too bad then i got a billing as it was on Auto Billing of late and had a big fight getting a refund ? So beware of auto billing is all i can say… Michael .

  2. I agree with Leo’s comment about “free” VPN’s.
    A friend of mine used one some time ago (to watch TV programs that had a location restriction) only to be ‘banned’ from it days later.
    His investigations found out that the free VPN he had used had attempted to use his machine (and his bandwidth) as a staging platform – downloading data to his machine then attempting to upload it somewhere else. Sinse his firewall automatically blocked outgoing connections unless they were ‘whitelisted’, he surmised that the VPN had tried to upload data, failed a number of times, then blocked his IP.

  3. One thing that doesn’t get mentioned when talking about VPNs is that services like gmail and Facebook check if the access is different than normal. If you sign in to Facebook (or other social networks) from the Netherlands in the morning and Australia in the afternoon, your account gets flagged and you have to verify it was really you. That is a good thing, security wise, but people using VPNs should be prepared for it to happen.

    • Hotmail is huge on this. They lock people out of accounts if the location suddenly changes. I wonder if “reverse VPN” of a sorts would get them back in. Like find a VPN that makes it look like you are still home.

  4. I’m a bit of a novice in this area. But I use Opera, and it offers free VPN through Canada. So far (a few months now) other than being slightly slower it seems to work. Given that it’s based out of the USA it seems a logical choice. Anybody have any thoughts / experience on this? Or ideas on how does one test a VPN for quality of service?

    • I’m using Opera too, so I’d be interested too what you think about it.
      Btw you can choose between Canada, US, Singapore, Germany, and Netherlands VPNs.

    • Opera’s VPN is not a true VPN. A VPN forces all internet activity through the VPN: email, all browsers, torrents, program updates FTP etc. The VPN offered by Opera just routes its browser’s traffic through their encrypted proxy. That’s fine for many purposes, but it’s good to know the difference and its limitations.

  5. I’m considering a paid VPN primarily to avoid Sniffing – and primarily for my kids using open WIFI with their phones (1 iPhone, 1 Android). As near as I can tell, I have no real need for Relocation. As for Surveillance…I do have some interest in this, and I get that you are simply transferring your trust from your ISP to your VPN provider. All that having been said, my research of paid VPNs – that support Windows, IOS and Android – has basically brought to me the VPN provider recommended by my ISP ({removed}, headquartered in Finland). Would using them be a mistake for any reason? I’ve yet to see any VPN article that addresses this scenario. {removed} must be doing something behind the scenes to get my ISP’s endorsement…should this concern me? Our, does the fact that they are partners likely decrease the possibility of performance issues? Thanks.

  6. Hello Leo thank you for this great article.
    You mentioned TunnelBear is what you used and I myself as well, but the part I got confused was when stated “Speaking of avoiding, there is one class of VPN that I would avoid completely: free ones.”
    You see the free one I use is TunnelBear.
    Can you explain to me where I’m lost.
    Thank you in advanced
    Robert

    • TunnelBear is a paid service with a limited bandwidth for free. That’s essentially a trial version with the idea that people will move up to the paid version if they like it. Many paid services do things like that.

      • Mark,
        Thank you for your reply on TunnelBear free confusion. It now makes sense. Side note I think this is a great topic to talk about.
        Have a great day.

    • It’s effectively a free trial. You’ll find that the limits are such that you’ll want to upgrade to the paid version (as I did) eventually.

  7. I use a VPN to avoid sniffing while traveling, and it’s free, but it’s mine. My combination DSL Modem/Router/WiFi Access Point/Cordless Telephone Base Station (DECT/GAP standard), an AVM Fritz!BoxFon (very popular here in Germany), can host a VPN, and it’s not difficult to set up. They also have a smart phone app that allows the smart phone to connect to the base station via WiFi, making it an extension on the land line. When the smart phone uses the VPN connection, it’s part of the home network and I can make calls from my home land line from anywhere in the world I have WiFi access, avoiding roaming charges. Unfortunately, some open hot-spot providers (some shopping centers and a few hotels) seem to block connections using VPN protocals.

  8. One of the other reasons for not having a VPN (that wasn’t mentioned in your fine article) is when you’re provided a Fictitious Address from your VPN and, then you do on-line banking (like I do from here in the Philippines with my Financial Institution located in the U.S.), the first time I attempted to perform an Electronic Funds Transfer (EFT) from my U.S. Financial Institution to my bank here in the Philippines where I have a U.S. Dollar Savings Account (as this is what most Military Retirees have here in the Philippines, to get their money EFTd from their U.S. Financial Institution), my Financial Institution asked of me: “Did you move back to the U.S. and not inform us?” as my “Ghost Address” was located somewhere near San Diego, CA. Since I perform an EFT twice a month, (as that is how I was paid while serving my country and, later on when I was employed and retired from Civil Service too) I realized that having a VPN wasn’t the best idea, because you would have to remember to close down the VPN to perform an EFT and, then re-open a new VPN until you needed to perform another EFT (which is tiresome at the least).

  9. What about TOR? How does that compare to a VPN?
    At one point there was a TOR browser. Not sure whether the package has expanded to include all comm traffic.

    • TOR is an anonymous browser. It’s similar, yet distinct, from a VPN. I don’t believe becoming a full VPN for all comm traffic is part of their mandate.

  10. Yes, free VPN services should be avoided. It’s rare to even find reliable providers who offer free trials. {removed} offers a short trial but quickly makes you upgrade your account.

    Paid VPN are the way to go though. I’ve had great luck with connection speed and customer service when using both {removed} and {removed} in the past. Sometimes it’s nicer to use the smaller companies and get a but of personal touch with support should you need it.

    • Your recommendation of using smaller companies is great. One big advantage of smaller VPNs is that it takes sites like Netflix much longer to identify and block them, if ever. Sometimes they tend to be more expensive, and it can be hard determining which ones are good as they haven’t built up a reputation.

      I’ve removed the links from this comment as it’s difficult for us to determine the safety and validity of recommended products.

  11. Leo, I’ve noticed using my VPN slows my internet speed down by 2/3. I know this because checking my speed on Okla without the VPN is around 100 mbps and around 33 mbps with it. Is that common? Is that the price you pay for the extra security?

    • Yes, that would be common. A VPN, basically, re-routs you, so you would be limited by the size and speed of their servers, coupled with whatever minute difference the extra distance may add.

    • If you have a choice of countries, and cities in your VPN, you need to experiment with different ones to see which gives you the best speed. Server speed can vary wildly from place to place, especially in some Baltic countries. Some places will greatly surprise you by giving you a far better speed than you are paying for at home. Also, if your VPN does not tell you that it does not log it clients, then you need to change to one that does not log what you do.

      • “Some places will greatly surprise you by giving you a far better speed than you are paying for at home.” Not really, because the connection between your computer and the VPN is limited to your assigned bandwidth.

  12. Leo, as a follow up to clarify my previous question, I noticed you said free versions limited your bandwidth. I use a paid subscription to Express VPN. Does that make a difference?

    • All VPNs decrease your bandwidth, even the best ones, simply by virtue of having to pass through the VPN server. Free ones do so to a greater degree, often because they dedicate fewer resources to non-paying customers. I would expect a free trial to run at full speed, so as to make a good impression and win customers.

    • What would make a difference is the service that the company gives you. In this case, bandwidth. It just stands to reason that a free service would not be able to offer as much as a paid service.

    • Depends entirely on the provider. You’ll have to check with them. I don’t know about Express. It could, or it could be completely irrelevant.

  13. Great article, helpful for someone like me who’s new to the vpn stuff. Although, I’ve subscribed with astrill as of late and would say, it’s working flawlessly. I’m in Asia, so you’d understand why this is important to a college student like me. You might want to add them on vpn providers to try list that you have, cheap and fast.

  14. It is VERY important to routinely live test a VPN to see if it is working correctly. I suggest testing using http://whoer.net, just ignore the VPN advert at the top of the page. More extensive testing for DNS leakage can be done at https://www.dnsleaktest.com/

    [Background Info] I paid for and used a VPN (proXPN) in April 2016 and was amazed to find that when I started a Bittorrent client the VPN consistently reverted to using my PCs actual IP address and the DNS reverted to using my ISP’s DNS server. The VPN would also randomly stop protecting my PC even when the Bittorrent client was not running. Sometimes the VPN Client would report errors but it would still tell me my PC was protected even though it was not. The VPN client would sometimes switch my chosen destination server, i.e. change countries without asking. In all cases the VPN client told me that my PC was protected even though it was NOT. As I said it is VERY important to live test a VPN to see if it is working correctly.

Leave a reply:

Before commenting please:

  • Read the article. Comments indicating you've not read the article will be removed.
  • Comment on the article. New question? Start with search, at the top of the page. Off-topic comments will be removed.
  • No personal information. Email addresses, phone numbers and such will be removed.
  • Add to the discussion. Comments that do not — typically off-topic or content-free comments — will be removed.

All comments containing links will be moderated before publication. Anything that looks the least bit like spam will be removed.

I want comments to be valuable for everyone, including those who come later and take the time to read.