What’s the real deal with in-browser VPNs?

VPN artwork
(Image credit: Shutterstock)

VPNs are big business, and getting bigger, but the prospect of buying a subscription and setting one up can be daunting for a first-timer. However, that’s not your only option. Increasingly, web browsers are offering their own in-browser VPNs (or services described as such). But are they really the same, and how much protection do they offer?

Opera is establishing a niche for itself as a pioneer in online security, willing to experiment, take risks, and introduce new privacy features long before the bigger players. It was the first mainstream browser to launch a built-in VPN, offering it for both desktop and mobile devices.

“Opera introduced our free, built-in no log browser VPN more than three years ago,” an Opera spokesperson told TechRadar. “We saw the rising demand for VPN services: people wanted to protect their online lives better. We decided to help them with this.”

“We are a non-default browser that people have to make a choice to download and use, that’s why we try harder to innovate and offer the best features, as soon as we can”

Opera

(Image credit: Opera)

Opera doesn’t charge for its VPN, instead providing it free as an incentive for people to make the switch from rival browsers. “Our browser’s revenue comes from other, unrelated sources such as agreements with the world's most popular search engines,” the spokesperson explained.

“The reception has been great. People value the fact that our VPN, is no log, free and unlimited. Unlike, for example, Firefox, the Opera browser continues to grow its user base and is now the preferred choice of more than 300 million people worldwide on PC and smartphones.”

Opera is clearly confident, and its service is certainly easy to use (our colleagues at Tom’s Guide have found that it works particularly well with Netflix), but is it really a VPN? Some would argue no.

When is a VPN not a VPN?

In September 2019, Mozilla debuted an experimental tool called Firefox Private Network (FPN). It's currently available free for testing to US desktop users, but may well be a paid-for product when it’s released in the near future. Although it works just like Opera’s tool, Mozilla stopped short of actually calling it a VPN, so we asked why it made the distinction.

“Firefox Private Network was built to ensure the best possible performance and privacy,” a Mozilla spokesperson told TechRadar. “As opposed to a true VPN, which is a piece of software that works on the OS level of a device, the Firefox Private Network is a secure, encrypted path to the web for the Firefox browser using Cloudflare as a proxy”

Because FPN only protects web traffic going through the browser, Mozilla believes ‘proxy’ a more appropriate term. By this measure, Opera’s offering is also a secure proxy, only anonymizing browser traffic.

Firefox Private Network

(Image credit: Mozilla)

Proxies are useful tools for keeping your everyday browsing private – particularly when you’re using a public Wi-Fi hotspot – but it’s important to be aware of their limitations compared to a ‘true’ VPN.

A proxy won’t secure any data sent and received by other applications, including (but not limited to) email clients, media apps, and messaging apps. With online services increasingly urging users to use their own apps rather than a web browser, this is important to bear in mind.

It’s also important to know who is providing your browser’s proxy, where the organization is based (different countries have different data privacy laws), and what logs it keeps.

Reassuringly, Mozilla is particularly transparent about this. “FPN was carefully built by Mozilla’s team of designers and engineers, making sure you get the best possible performance and privacy, tightly integrated with the Firefox browser,” its spokesperson told us. “And true to our commitment to privacy, the data Cloudflare processes for the Firefox Private Network is subject to Mozilla’s privacy policy. All proxy data will be deleted within 24 hours.”

Still, if you want to make sure all your internet traffic is encrypted and anonymized, you'll need to investigate a premium standalone VPN service.

Proxies vs VPNs

ExpressVPN is one of the world's biggest VPN providers, and currently ranks top in our guide to the best VPN. “We are glad to see that a growing number of companies share our view that VPNs are an essential online privacy and security tool,” Harold Li, vice president of ExpressVPN, told us.

“We have also been working with Mozilla since 2018 to offer Firefox Lite users a free seven-day trial of ExpressVPN – helping to educate users about the risks of public Wi-Fi while equipping them with tools to protect themselves”

However, while he agreed that while browser-based proxies can be useful, he also noted that they don’t protect all internet traffic.

He also observed that dedicated VPN services can also invest more in their products, offering services like 24/7 live customer support, premium bandwidth, reliable content unblocking, and state of the art hardware for speed,  stability and securityy. For example, ExpressVPN’s servers run on RAM only, not hard drives, which guarantees that all software and data on the server is erased on every reboot.

That's not something most browser developers will be able to provide - and certainly not for free. However, there is one company with the resources...

What about Chrome?

There are certainly plenty of third-party proxy extensions for Chrome (both free and paid), but there’s no sign of Google implementing a proxy or VPN of its own. With over 60% of the global browser market in September 2019 according to StatCounter, Google certainly doesn’t need to dangle a carrot to tempt new users – but it could if it wished.

It already provides a VPN for customers of its Google Fi mobile phone service, though that’s out of necessity. Google doesn’t control its own mobile network, so it piggybacks on infrastructure belonging to Sprint, T-Mobile, and US Cellular.

Each of these companies has its own security and privacy policies, making it a nightmare for Google to create a standard set of privacy policies, so it chose to get around the issue by installing a VPN on each phone. Data is encrypted and sent to a remote server before it goes to any of those three ISPs, meaning they are unable to see what it is, or where it’s come from.

Google Fi

(Image credit: Shutterstock)

That’s not a cheap service, but it proves that Google is prepared to bolster its services with privacy tools when it must. And if proxies become standard with all other browsers, it might feel compelled to follow suit.

Earlier this year, Google followed the example set by Mozilla and Opera by giving Chrome users the ability to block third-party cookies (despite its insistence that doing so will only cause advertisers to use shadier methods like fingerprinting to track web users).

A true in-browser VPN would be a major asset for Google, particularly if Chrome's popularity starts to wane as users become frustrated by its infamous RAM-guzzling) and would let it leapfrog other browsers that only offer a proxy. Whether users would trust a VPN provided by Google is another matter, but we certainly wouldn't rule out the possibility of one appearing in Chrome in the next couple of years.

Cat Ellis

Cat is the editor of TechRadar's sister site Advnture. She’s a UK Athletics qualified run leader, and in her spare time enjoys nothing more than lacing up her shoes and hitting the roads and trails (the muddier, the better)