During the past year, I've been slowly moving my family to more secure options for their phones and computers. Password managers — to promote the use of longer and stronger passwords — were the first step. Then we all moved to more secure messaging.
Now it's time for the big one, the one I'd been dreading: VPNs.
I've been using VPNs for years. Almost exclusively for work, but I was plenty familiar with the principle. While I'm certainly no expert in networking, I wasn't looking forward to trying to explain all of this to my wife and kids. And it's still a work in progress.
The main questions:
- What is a VPN?
- Why would you need a VPN?
- When do you need to use a VPN?
- OK, fine. Now how do I use a VPN?
- Which VPN should I use?
They're not overly difficult questions, right? But when you're taking something that just works — our phones and our computers — and adding yet another layer of complexity atop what already has become more annoying with incomprehensible passwords and 17 different messaging apps ... well, I get it. Is a VPN something you really need to use?
Yeah, it is.
I'll (try to) keep this relatively short.
What is a VPN?
A VPN is like a private tunnel created within the Internet stream to which you're connected. Whether you're at home, at work, in public — wherever.
A VPN is far from foolproof, but you'd be a fool to not use one.
When you're using a VPN, all of your data will flow — encrypted — through the VPN to the end destination and look like it's coming from something other than your computer. So instead of looking like it's coming from computer aaa.bbb.c.c, it'll look like it's coming from xxx.yyy.z.z., for example. And if you choose a VPN provider with exit points outside of your home country, you can disguise your location, which is handy for when you're traveling and are unable to get to your home content.
Why would you need a VPN?
Any time you want to have a strong layer of security around your internet traffic is when you'll want to use a VPN. That may be all the time. That may be only part of the time. That part's up to you.
Sometimes content isn't available where you are, so you want to look like you're somewhere else. When I was on a work trip in China a couple years ago, things like Facebook and Twitter and loads of other services were unavailable behind the government firewall. For other folks, it's about being able to see content (sports, for example) outside of the home area.
Or maybe you just want to disguise your location on principle.
More recently, and for many folks more concerning, has been the recent Net Neutrality rollback making its way through Washington, D.C. Ignoring the politics of the matter, it really comes down to whether you trust your internet service provider (ISP) or mobile provider to not do something with your data that you'd disapprove of.
It's not just about trusting your ISP — it's about having to worry as much whether you can trust your ISP.
It's your data. It should stay that way.
When should you use a VPN?
We've all walked into a coffee shop, leeched off the free Wifi longer than we were supposed to, logging into all sorts of things while we were there.
Free, unsecured Wi-Fi. At the gym ... at the mall ... on a plane ... in the grocery store. ... Think of the number of places you've connected to an unsecured network without giving it a second thought. Is it likely someone was sniffing packets while you were doing your thing? Who knows. But if someone wanted to, they could see any unencrypted traffic you were passing along. I don't know about you, but that's not really the sort of thing I keep track of.
At a bare minimum, that's when you're going to want to use a VPN. It's pretty much the only time I worry about it, other than when I have specific things I need to do for work that require a VPN.
Using a VPN has gotten much easier — remembering to do so may be the hardest part.
As for the rest of the time, it's a matter of trust. Do you trust your ISP to not hand over your data — where you've gone online, and what you've potentially done while you were there — or to not inject its own ads (or worse) whenever and however it wants? VPNs help guard against this.
How do you use a VPN?
The good news: This has gotten easier over the years. Yes, there are plenty of lightweight clients that let you load configuration files manually. And if you're OK with that, great.
Most services out there also have standalone apps that take care of the details for you. You load up their app on your phone or computer, enter your username and password (which, by the way, probably shouldn't be something someone could recognize you by, since the idea here is to be a little more secretive than usual), and off you go.
Yes, it's an extra step and a few clicks. But it's not too much more than that.
Which VPN should you use?
Honestly? I don't know.
There are dozens and dozens of VPN providers out there. They all do things differently. Some are free. Some aren't. The basic rule of thumb, though, is that if you're not paying for a product, then you are the product. And when you're trying to protect your data it's the not time to skimp.
You're going to want to do a little homework here. Read reviews. Read the blog posts from VPN companies. Check out the VPN subreddit. (I thought this piece from ProtonMail was really good.) Ask lots of questions. And don't be afraid to change providers if one does something you're not comfortable with. Commercial products are there to make money, first and foremost. That doesn't mean there aren't good commercial VPNs out there, but stay vigilant.
I'd recommend reading That One Privacy Site, which has an excellent comparison chart of VPN services. And for the more technically inclined, Ars Technica has a good tutorial on rolling your own VPN, but even I haven't gone that far — yet.
The bottom line
If it seems like VPN providers are thirsty, that's because they are. Security and privacy are more important than ever, and they'll continue to be for a long, long time. That means there's a lot of money to be had.
Be wary of deals that sound too good to be true. But also don't be afraid to pay for a service. Just remember that you're paying it to protect your data. And above all, remember to use your VPN once you've got it.
We test and review VPN services in the context of legal recreational uses. For example:
1. Accessing a service from another country (subject to the terms and conditions of that service).
2. Protecting your online security and strengthening your online privacy when abroad.
We do not support or condone the illegal or malicious use of VPN services. Consuming pirated content that is paid-for is neither endorsed nor approved by Future Publishing.