Everyone is watching what you do online. Advertisers, nation-state adversaries, neighbors, cyber-criminals, even our own government. It's also gotten easier than ever to find a public Wi-Fi hotspot in places like airports, coffee shops, libraries, and public parks. Since you never know who might be virtually looking over your shoulder at what you are up to, a virtual private network (VPN) service is something you really need to protect your identity and preserve your privacy. The hard part is figuring out which one to use.
Understanding VPN
What's a VPN service? If you've ever had to connect to a corporate network while working remotely, you may already be familiar with the technology. In simplest terms, you are creating a secure, encrypted connection between your computer and your company's VPN server. This tunnel essentially makes you part of the company's network, as if you are physically sitting in the office. All your network traffic passes through this protected tunnel, and no one in the hotel you are staying in can see what you are up to. The VPN service is essentially the same idea, except the VPN provider is not letting you have access to its network, but rather offering secure access to the Internet.
Think about it this way: if your car pulls out of your driveway, someone can follow you and see where you are going, how long you are at your destination, and when you are coming back. With a VPN service, you are essentially driving into a closed parking garage, switching to a different car, and driving out, and no one who was originally following you knows where you went.
There is a caveat to this metaphor, though. Just as the person who was following you could figure out where you went if he or she happened to be at the supermarket when you got out of the car, there are complicated timing algorithms that can figure out your activity at the exact moment you leave the encrypted tunnel. VPN services, while tremendously helpful, are not fool-proof. As with anything else on the Internet, don't do anything stupid.
There are several reasons why you should use VPN services: to change your IP address to something else, to prevent anyone from eavesdropping on your online activity while you are connected to Wi-Fi networks, and to make it harder for online advertisers to track you. There are activists who rely on VPN services to get around government censors to communicate with the outside world. Of course, that may be against the law in countries with strict censorship, so be careful.
VPN services are very useful and we highly recommend using them to protect your online activity from malicious snoops. Yes, you can change your IP address to pretend to be from someplace else in order to access content that may be restricted on a geographic basis. But be smart: don't ignore the company's terms of service in order to get around the geographic restrictions for your own personal gratification. You can't complain if you get caught.
How to Pick a VPN Service
The VPN services market has exploded over the past three years. Many providers are capitalizing on the general population's growing concerns about surveillance and cyber-crime, which means it's getting hard to tell when a company is actually providing a secure service and when it's throwing out a lot of fancy words while selling snake oil. It's important to keep a few things in mind when evaluating which VPN service is right for you: reputation, performance, type of encryption used, transparency, ease of use, support, and extra features. Don't just focus on price.
Despite widespread agreement that VPN services are important to online privacy, you don't actually see a lot of big-name security companies getting into the game. Symantec was one of the first security companies to dip its toe into the VPN pool, but it has since discontinued its Norton Hotspot Privacy product. F-Secure (Freedome) and Avast! (SecureLine) are among the few security companies still in the space. Most VPN providers tend to be stand-alone companies, such as Spotflux and AnchorFree (Hotspot Shield Elite), which makes it a little harder to figure out who to trust. I tend to trust companies that have been around a little longer, just because if they are terrible to their customers, then it would be easier to uncover the complaints than if the company just popped up a year ago. But your mileage may vary when looking at the company reputation.
Performance is a must when considering VPN services. When you didn't have a lot of choices, you expected to have hiccups and lags while online. Now that there are services that still give you a great experience online while keeping you secure, there is no reason to accept slow speeds or servers which are frequently offline. We spend about a week testing each service at varying times of the day and from different locations to make sure we get a good idea of what the overall service is like. Look for services that provide a free trial, and take advantage of it. Make sure you are happy with what you sign up for, since most of them will not give you any refunds. This is actually why I also recommend starting out with a short term—a week or a month—to really make sure you are happy. Yes, you may get that discount by signing up for a year, but that's a lot of money to lose if you realize the service doesn't meet your performance needs.
I am not a cryptography expert so I can't verify all of the encryption claims providers make. I do know that when I looked at my network traffic using tools such as Wireshark, they were encrypted. I verified that what URLs I visited and what data I was submitting on forms were not transmitted in plaintext. At the very least, there would be no virtual eavesdropping by the person sitting in the coffee shop. I prefer providers that use OpenVPN—it's a standard, and it's a lot better than the common (and older) PPTP. I am not saying do not use PPTP—it's still preferable to not having anything at all.
Transparency is a big one for me. Is it easy to find the terms and conditions and privacy policy for the service? Does the privacy policy spell out what the service does, what it collects, and what its responsibilities are? There are companies that explain they collect some information but aren't clear on how it is being used. Some—like HideIPVPN—tell you upfront that P2P and torrenting is not allowed, and that they will cancel your account if they suspect you of using it while connected to their service. I appreciated TorGuard's clear explanation of how it keeps track of payment card information without maintaining any logging information. Find out where the company is based—some countries don't have data retention laws so it is easier to keep the "We don't keep any logs" promises.
What kind of user are you? Some people are comfortable setting up the service by downloading a configuration file and importing it into the OpenVPN client. Others just want a simple executable to download, install, and be up and running. Or you may prefer something small and invisible operating in the background you don't have to think about.
A decent VPN service should be easy enough to use that you don't have to worry about support. But you want help available for when things go wrong. Online tutorials and extensive documentation should be a must. Chat support and phone support are definitely useful for those times when you just need to get a person online. If the service accepts alternate payments, that's a good thing to look at. I've yet to use Bitcoin to sign up for any of these services, but I've used pre-paid cards to sign up for some. It's a little bit more work, but sometimes, it's not a bad idea to keep some payments separate from your main credit card.
Finally, know what you are looking for. Do you just want a vanilla VPN service that just encrypts your connection and gives you a brand-new IP address? Or are you looking for something more? I personally prefer a service which acts proactively and shuts down certain applications if my VPN connection drops suddenly (Kill Switch). Perhaps you want the service to automatically turn on—or prompt you to turn on—if you launch a browser. Or you want some kind of network metering so that you can track your usage. Perhaps you want to block aggressive advertising trackers. If you are a heavy BitTorrent user, don't select a VPN service which specifically says it won't allow P2P or torrents.
Pick a VPN Service, Already
Connect With Us