Why You Need a VPN, and How to Choose the Right One

Although it should work, it’s important to know that a VPN doesn’t make your traffic invisible. Observers can see encrypted traffic, but they shouldn’t be able to see the contents of the traffic. However, the encrypted traffic alone might attract unwanted attention. Some VPNs include modes that aim to disguise VPN traffic as more common HTTPS traffic.

Security experts say you no longer need a VPN — here’s why

When you’re researching what you can do to better protect your personal information online, you’ll see some stock advice, such as creating stronger passwords, using multi-factor authentication and keeping your browsers and software up to date.

Another tip you’ll often get: Use a virtual private network, or VPN, service to hide your internet activity from prying eyes, whether those eyes belong to your internet service provider (ISP), to government agencies, or to hackers and trackers.

Yet the conventional wisdom that touts the importance of paying for one of the best VPNs may be outdated — unless you know you’re being personally targeted by hackers, stalkers or government agents and need to stay anonymous online.

“For most day-to-day browsing, a VPN isn’t needed, and may make things worse,” said Jacob Hoffman-Andrews, a senior staff technologist at the Electronic Frontier Foundation.

Here’s why you may not need to invest your time, effort or money into paying for a VPN — and when using a commercial VPN still makes sense.

Internet snooping is harder than it used to be

In the not-too-distant past, it was relatively easy for your ISP (or your employer, or indeed anyone with the know-how to snoop on public Wi-Fi networks) to see the details of your internet browsing activity.

That’s because only a relatively small percentage of web traffic was encrypted. Using a VPN would provide that encryption, give you more privacy and prevent your ISP from collecting data about your browsing habits that it could sell to marketers and advertisers.

However, today upwards of 90% of web connections are encrypted. This means that your ISP can get only a limited look at the specifics of your browsing behavior, and coffee-shop hacking over public Wi-Fi has become a high-risk, low-reward activity.

Most of the web traffic that remains unencrypted involves marketing and ad trackers. Trackers often collect data you may not want out there, but using a VPN cannot always protect against that.

“If you’re worried about people selling your data, worry about Facebook and Google Ads,” said Chester Wisniewski, principal research scientist with security firm Sophos. “No amount of VPN helps you with that.”

What about the websites you visit?

Operators of commercial VPN services point out that even with encrypted web connections, your ISP can often still see which websites you visit, although it can’t tell exactly what you’re viewing on those sites. That’s because the ISP can log which sites your browser looks up in a DNS server, sort of an internet phone book for web browsers.

“You’re telling third parties — including your ISPs, their partners, and/or the operators of Wi-Fi networks that you’re connected to — what websites and apps you use,” ExpressVPN Vice President Harold Li said.

However, new technology called DNS-over-HTTPS can put a stop to that — and you don’t need a VPN to use it. DNS-over-HTTPS is the default for Mozilla’s Firefox browser, and here’s how to make sure it’s on.

This feature can also be enabled in Chrome, Edge, Brave and related browsers by going to Settings > Security and Privacy > Use secure DNS.

Yet not every website is encrypted, NordVPN security expert Daniel Markuson pointed out, which means you’re still running a risk of being snooped on sometimes.

“[The] argument against VPN services because 99% of websites are encrypted (although they aren’t) is similar to the argument against safety belts, because 99% of your road trips do not end up in an accident,” said Markuson.

Who do you trust more — your VPN or your ISP?

Wisniewski likened entrusting your activity to a commercial VPN provider so you can avoid ISP snooping to “trading the devil you know for the devil you don’t.”

Like an ISP, a VPN provider can see which websites you visit, unless you turn on encrypted DNS.

While we may not love the fact that our ISP has information about our browsing behavior, we generally know more about the ISP’s ownership and its practices than we do about commercial VPN services, which are subject to far less regulation and oversight and are often based in overseas tax havens. Some prominent VPNs have begun to urge greater transparency within the industry.

“Some [VPN providers] make big promises about privacy and not logging data (like what sites you visit), but those are hard to verify and sometimes turn out to be false,” said Hoffman-Andrews. “Also, some VPNs ask you to install their custom VPN client [application]. That process may also install other, unwanted software.”

The choice for you is to balance the risk of using a little-known VPN service with the reward of gaining potentially greater privacy, as well as how much of a hassle a particular VPN service may be to use.

This is especially true when it comes to VPNs that are entirely free to use. If a free VPN isn’t charging you, then it may be selling your personal information or bandwidth. It’s safer to use the free tiers of paid VPN services despite their data limits.

Of course, VPN service providers, and many security experts, say that their tools are safe and crucial for protecting privacy online. As an example, both ExpressVPN’s Li and NordVPN’s Markuson pointed out that it’s hard for the user to tell whether a mobile app on a smartphone or tablet is properly encrypting its internet communications.

“Most of us don’t have the slightest clue how mobile apps are transporting our sensitive data,” said Markuson. “The end user has no way to determine whether their app is following best practices or not. VPN solves that.”

Meanwhile, Mullvad CEO Jan Jonsson stressed the privacy angle of VPNs.

“The main argument for using a VPN, from Mullvad’s standpoint, is privacy and control of your data and yourself,” Jonsson told Tom’s Guide. “The amount of power you give to the big tech [companies] . is stunning.”

So what (or who) is a VPN good for?

None of this is to say that commercial VPNs are obsolete or that they can’t serve an important function for some internet users. For the average person, one potential perk is the ability to get around geofences that prohibit you from accessing certain sites, services or content at your current location.

For example, a VPN might be good for connecting to Netflix when you travel, using YouTube at school or circumventing government censorship in certain countries. Using a VPN may also be helpful, or even required, when connecting to company networks remotely, although most large companies will set up their own VPN servers.

A VPN can also serve as protection for anyone who has what Wisniewski called a “determined adversary” that puts one’s physical or digital safety at risk.

Journalists, politicians, and dissidents, as well as celebrities and those who are victims of abuse or stalking, may benefit from obfuscating their online traffic.

How to protect yourself without a VPN

Those who are worried about privacy but don’t fall into the above categories can use other tools besides a consumer VPN to protect themselves:

• UseTor, a free browser protocol that “anonymizes” your online activities and makes it difficult to track you
• Enable DNS-over-HTTPS in your browser to foil tracking logs
• Use your mobile data connection instead of public Wi-Fi by using your phone as a hotspot for other devices
• Set up a private VPN server on your high-end or gaming router, or “flash” a cheap router with free firmware like DD-WRT or Tomato, so laptops and mobile devices can use your secure home broadband connection while out of the house

“Some of the issues discussed could also be addressed without relying on a VPN service,” admitted Markuson, but added that “commercial VPN services make it easy.”

“Anyone, without having any technical knowledge, can add a layer of security and privacy with a single click,” Markuson added.

Ultimately, though, for the average consumer, VPNs may be a solution to a problem that isn’t much of a problem anymore.

“How much is really secure, how much is mostly secure, and how much should I really be worried about?” said Wisniewski. “I don’t think you need to worry about this.”

Get the Tom’s Guide newsletter!

Instant access to breaking news, the hottest reviews, great deals and helpful tips.

By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

Emily Long is a Utah-based freelance writer who covers consumer technology, privacy and personal finance for Tom’s Guide. She has been reporting and writing for nearly 10 years, and her work has appeared in Wirecutter, Lifehacker, NBC BETTER and CN Traveler, among others. When she’s not working, you can find her trail running, teaching and practicing yoga, or studying for grad school — all fueled by coffee, obviously.

Why You Need a VPN, and How to Choose the Right One

A VPN can protect your privacy, if you use it right. We explain what VPNs do, what they don’t, and how to get the most out of a VPN.

By Max Eddy
Lead Security Analyst
My Experience

Since my start in 2008, I’ve covered a wide variety of topics from space missions to fax service reviews. At PCMag, much of my work has been focused on security and privacy services, as well as a video game or two. I also write the occasional security columns, focused on making information security practical for normal people. I helped organize the Ziff Davis Creators Guild union and currently serve as its Unit Chair.

Updated May 10, 2023
https://www.pcmag.com/how-to/what-is-a-vpn-and-why-you-need-one

(Image: Wright Studio / Shutterstock)

VPNs have gone from being an obscure networking concept to big business. You’ve probably seen the ads from your favorite YouTuber, on podcasts, and even during the Superbowl with claims about how a VPN can make you anonymous or let you access free video streaming. Do the products live up to the hype? Although VPNs can be useful tools for protecting your privacy, it’s important to understand how these tools work so you can decide whether they will help you. We break down what VPNs do and what they don’t do to help you understand why you’d want one and how to pick the one that’s best for you.

Our Top-Rated VPN Services

NordVPN Review

Outstanding
Check Price

Surfshark VPN Review

Check Price

Proton VPN Review

Check Price

TunnelBear VPN Review

Check Price

Private Internet Access VPN Review

Check Price

What Is a VPN?

VPN stands for virtual private network. When we talk about VPNs, we’re usually talking about a commercial VPN being sold directly to consumers for use in day-to-day life, but the idea of VPNs has much broader applications than that. Corporations have long used VPN technology to let workers access digital resources no matter where they are, long before COVID-19 made work from home the norm.

When you switch on a VPN, it creates an encrypted connection (sometimes called a “tunnel”) between your device and a remote server operated by the VPN service. All your internet traffic is routed through this tunnel to the server, which then sends the traffic off to the public internet as usual. Data coming back to your device makes the same trip: from the internet, to the VPN server, through the encrypted connection, and back to your machine.

How a VPN Works

Keep in mind that you don’t need another company to set up a VPN. There are a few options out there to set up your own, such as Outline. Doing so is fairly straightforward, but you’ll either need to maintain a server or rent one, which is less simple. While there are some efforts to make self-hosted VPNs more accessible, it’s something best left to tinkerers who are eager to get their hands (digitally) dirty.

Do VPNs Make You Anonymous Online?

By encrypting your traffic and routing it through a VPN server, it is harder but not impossible for observers to identify you and track your movements online. No VPNs provide total anonymity, but they can help improve your privacy.

For example, your internet service provider (ISP) is probably the single entity with the most insight into what you do online. The FTC issued a report in 2021 outlining exactly how much your ISP knows about what you do online, and it’s a lot. Worse, thanks to Congress, your ISP can sell anonymized data about its customers. If you don’t like that a company you’re already paying is profiting from your data or if you have concerns about ISPs hoarding detailed information about your activities, a VPN will help. Not even your ISP can see your web traffic when you use a VPN.

VPNs also make it harder for advertisers and others to track you online. Normally, data is transmitted from the internet to your device using its IP address. When the VPN is active, your true IP address is hidden, and anyone watching you can only see the IP address of the VPN server. By hiding your real IP address, VPNs deny snoops one tool used to identify and track you online.

Despite that, VPNs do not make you fully anonymous online. Advertisers, for instance, have numerous ways to identify and track you as you move across the web. Trackers and cookies in websites try to uniquely identify you, and then watch for where you appear next.

Sites and advertisers can also identify you by noting several unique characteristics, such as browser version, screen size, and so on. On their own, this information is harmless, but when companies compile enough of these identifiers, they form a unique signature—so much so that the process is called browser fingerprinting.

That’s not to mention the privacy we give up in exchange for services. Amazon, Google, and Meta (formerly Facebook) have become pillars of the modern internet infrastructure, and are impossible to completely avoid. Even if you deleted all your accounts and never used them again, they’d still probably be able to harvest data on you.

These privacy threats require tools other than VPNs. Ad and tracker blockers, like those found in some browsers or as standalone tools like the EFF’s Privacy Badger, address some of these concerns.

Using Tor can guard your privacy even better than a VPN, and grant you access to the Dark Web. Unlike a VPN, Tor bounces your traffic through several volunteer server nodes, making it much harder to trace. It’s also managed by a nonprofit organization and distributed for free. Some VPN services will even connect to Tor via VPN, making this arcane system easier to access. The cost to your internet connection is high, however, as using Tor will degrade your connection much more than a VPN. Tor isn’t perfect either, and it too has plenty of weaknesses to consider.

Keep in mind that law enforcement and government agencies have access to more advanced and invasive techniques. Given enough time, a determined, well-funded adversary can usually get what it’s after.

Do VPNs Protect Against Malware?

Several VPNs say they include some protection against malicious files. Sometimes this is basic protection against known malicious sites and files. Some VPN services include dedicated antivirus tools as well, and some antivirus companies now offer VPNs.

We don’t typically test the malware-detecting abilities of VPNs, since we view VPNs primarily as a privacy service. To address the threat of malware, we believe standalone anti-malware software—whether it’s one you buy or the one that ships with your computer—does a better job. We believe that VPNs should be paying as little attention to your web traffic as possible.

Do VPNs Keep You Safe Online?

A VPN will hide the contents of your web traffic from some observers and can make it harder for you to be tracked online. But a VPN can, at best, provide only limited protection against the threats you’re most likely to encounter on the web: malware, social engineering scams, and phishing sites.

There are better ways to address these threats. Your browser has built-in tools for detecting phishing sites, and so do most antivirus apps, so pay attention when you see a warning. Use common sense if you see a suspicious pop-up window or receive an unusual email prompting you to take some action. Many people reuse passwords and use weak passwords, so get a password manager to generate and store unique and complex passwords for each site and service you use. Finally, protect your online accounts and enable multi-factor authentication wherever it’s available.

What Is Two-Factor Authentication?

Do VPNs Hide Your Torrenting and Online Activity?

When a VPN is active, all your traffic is encrypted. This means your ISP can’t see the sites you’re visiting or the files you’re moving.

But while your ISP maybe can’t see you’re Torrenting the entire run of Great British Bake Off, they can surmise that you’re using a lot of bandwidth. This alone may be a violation of your terms and conditions. Pirating content may also be a violation of your VPN’s terms and conditions, so be sure to check carefully.

Can VPNs Bypass Censorship?

With a VPN, it’s possible to connect to a VPN server in another country and browse the web as if you were physically where the VPN server is. This can, in some cases, get around local content restrictions and other kinds of censorship. It’s easily the noblest use of a VPN, and VPN companies will often play up their role in protecting internet freedom.

Although it should work, it’s important to know that a VPN doesn’t make your traffic invisible. Observers can see encrypted traffic, but they shouldn’t be able to see the contents of the traffic. However, the encrypted traffic alone might attract unwanted attention. Some VPNs include modes that aim to disguise VPN traffic as more common HTTPS traffic.

We don’t test the ability of VPNs to bypass censorship and have grave concerns endorsing a VPN service for this ability could put people’s lives at risk if we got it wrong. Simply using a VPN may get you into legal hot water depending on where you are, so know the risks before you try. Remember, no tool can provide total protection, particularly against a well-funded and capable adversary—a nation-state, for example.

Can VPNs Spoof Your Location?

With a VPN, you can connect to a server in a different country and spoof your location. One of the ways to determine where an internet-connected machine is located is to look at its IP address. These addresses are distributed geographically and can sometimes be quite close to your true location. By hiding your true IP address behind the IP address of a VPN server, your true location can be obscured.

Recommended by Our Editors

But remember that sites and services sometimes have other means of determining your location. Also, many sites are sensitive to changes in expected behavior. If your bank sees someone claiming to be you connecting from Latvia, it may require them to do some additional security checks before granting access. That’s generally a good thing, but it can be daunting when it’s you using a VPN and not a scammer.

Can VPNs Unblock Streaming Content?

Streaming services sometimes offer different content to different countries. Until recently, UK residents could watch Star Trek: Discovery on Netflix, while US residents had to use Paramount+. From the comfort of your home, you can pop over to a far-away VPN server, perhaps to access streaming video unavailable in the US.

Just like government censorship, streaming services know many people use VPNs to access their content and actively work to prevent it. So, while you can use a VPN to stream video online, and we are sure most of you reading this are, it may work but it may also stop working tomorrow.

Can You Trust a VPN?

The biggest problem with VPNs isn’t an issue of technology, but one of trust. Because all your traffic is passing through its systems, a VPN company is in the same position as an ISP. It could, if it wished, see everything you do online and sell that data. It could inject ads into the websites you view. It could keep unnecessary amounts of data it could then be compelled to hand over to law enforcement.

VPNs are eager to receive that trust, but proving they deserve that trust is difficult. When we review a VPN, we pore over its privacy policy and send out a questionnaire to get a sense of what efforts each company makes to protect customers’ privacy. We know they could lie to us, but our goal is to put them on record.

We want to see VPNs taking every possible measure to protect their customers, but we also need to see transparency. Even when we don’t agree with all their choices, we prefer companies that are upfront about their operations. A VPN should also issue a transparency report outlining what requests the company has received from law enforcement and how the company responded.

We also like to see third-party audits of VPN services that validate policies and the security of the company’s infrastructure. We have to acknowledge that audits are imperfect tools. Audits are commissioned by the VPN company and the company also outlines the scope of the audit. Still, it’s a valuable way to demonstrate a company’s commitment to transparency.

Do I Need a VPN?

A few years ago, VPNs had a better-defined place in your privacy and security toolbox. Back then, most traffic traveled via HTTP, sometimes without any encryption whatsoever. Nowadays, most web traffic is sent via HTTPS, which does encrypt your connection. Looking at HTTPS traffic, an ISP or someone spying on your network can only see the highest level of your traffic’s destination. That’s like seeing PCMag.com and not PCMag.com/max-is-great.

Advertisers have also become more sophisticated in their tracking efforts. Browser fingerprinting and other techniques mean a VPN’s anonymizing abilities are curbed somewhat. Even a VPN’s lauded ability to spoof locations, bypass censorship, and unblock streaming is less certain as companies and governments have become increasingly aggressive in detecting and blocking VPN traffic.

The rise of sophisticated tracking methods and HTTPS are often cited as reasons why VPNs aren’t worth the money. But it depends on why you a VPN. If, for whatever reason, you want your traffic to appear to be coming from another country, a VPN will do that. If you want to make it a little harder for advertisers and others to track you as you move across the web, a VPN can help do that, too. And if you want to ensure your ISP knows as little about your online activity as possible, a VPN can help there, too.

A VPN will not make you invincible online, but it can help protect your privacy. It’s a valuable part of your security and privacy toolbox, and like every tool a VPN works best when you use it for the right job.

Like What You’re Reading?

Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.

Thanks for signing up!

Your subscription has been confirmed. Keep an eye on your inbox!