VPN: Everything you need to know about Virtual Private Networks

Illustration of the word VPN on a circuit board
(Image credit: Shutterstock)

What is a VPN?

VPN stands for Virtual Private Network. As that name suggests, VPNs create a sort of private network – a link between your device and a remote computer somewhere else in the world owned by the VPN service (known as a VPN server). This link is commonly referred to as a ‘tunnel’ and your data travels down said tunnel, encrypted, giving you extended security and privacy. The linked server effectively becomes a ‘virtual’ part of your home network; hence it’s a Virtual Private Network.

Originally used by businesses to help remote workers privately access the company network whilst still staying secure, VPNs are now commonly used by the masses around the world as an online security tool and much, much, more.

How do VPNs work

Whenever you go online, your device - whether that be a computer, laptop, smartphone or anything else - is constantly sending out requests and receiving information back. Your browser might send a request to Twitter or Facebook for a particular account, for instance, then receive the latest page.

Some of this data can be seen by your ISP (Internet Service Provider), and if you're using a public Wi-Fi hotspot, it might also be intercepted by the hotspot operator or any nearby hacker. 

The website you're visiting may also be able to see your approximate location, and perhaps build up a history of your site activities.

Use a VPN, and your device connects directly to a server owned by the VPN provider, then heads out to its real destination. The connection is encrypted, effectively scrambling your data to make it unreadable, and ensuring that even the best-equipped hackers now can't see what you're doing online.

What's more, websites see requests coming from the VPN server, rather than your own location, making it more difficult for sites or advertisers to track what you're doing.

Infographic showing how a VPN works

VPNs channel all of your internet traffic through encrypted tunnels so that it can't be seen by hackers, governments or ISPs (Image credit: ExpressVPN)

How can a VPN improve my life?

Online security

Connect to a VPN when using public Wi-Fi and its encryption hides everything you're doing online, immediately protecting you from hackers, rogue hotspot operators, and others who might want to steal your personal information.

Bypass web censorship

Sometimes a network prevents access to specific sites - your school might block YouTube, for instance. Connect to a VPN, and the network can't see the sites you're visiting any more. That means it can't block them, either, and you'll be able to browse the web as usual.

Similarly, visit a country where content is censored, and you might find social networks, international sites and other areas of the web are unavailable. But again, connecting to a VPN means the censorship systems can't see or block the sites you're visiting, and you can access whatever content you wish.

Get around geo-blocking

Streaming sites often restrict content to viewers in particular countries, a strategy known as geo-blocking. If a show is only on US Netflix, for instance, you won't be able to view it in the UK. Connect to your VPN's New York server, though, and Netflix may think you've relocated, and allow you to stream whatever US-specific content you need (although you should note that some providers work better than other VPNs for Netflix).

The same goes for live streaming. If there is sporting event happening on TV in your home country, but you are abroad on holiday, it's 99% likely that the broadcaster will geo-block that coverage. Using a VPN, you can change your location so your laptop, tablet, phone or TV streaming device thinks its back in your country. That should let you watch as normal.

Travel

Using a VPN to get a new virtual country can bring financial benefits. Flights, hotel rooms, all kinds of web services may be priced very differently around the world, and appearing to be in a different country could get you a much better deal.

Anonymity

Simply connecting to a VPN immediately makes you more anonymous online, helps to conceal your identity from websites and advertisers, and reduces the chance of anyone tracing a particular internet activity back to you.

How can’t a VPN improve my life?

Complete anonymity

Even the best VPN can't protect you completely in every situation. If you log into a social media or other account, then that site knows exactly who you are... whether you're using a VPN or not. And websites can use cookies or other tricks to try and recognize you, and log information about your activities. VPNs help, but they don't guarantee total online anonymity.

Avoiding malware

Although there's a move in the industry for more and more VPNs to bundle in virus protection (and vice versa - see our list of the best internet security suites), virtual private networks can't themselves deter or erase viruses, malware or online scams. For that, you'll still need a suitable antivirus program.

Getting free TV streams

You may see a lot of providers talking about how they're a great VPN for streaming and, as described above, that's true enough when it comes to watching overseas shows and sports. But a VPN won't suddenly give you a free account to Netflix, Disney Plus, Amazon Prime Video or any other paid-for streaming service.

What devices can I use a VPN on?

Custom apps

It's typically very easy to use a VPN on desktops, laptops, mobiles and tablets, even if you're a total beginner. Most VPN providers have software for Windows, Mac, Android and iOS, and getting started can be as easy as installing the appropriate app for your device.

Some providers have support for other platforms. They might have apps for routers, Amazon Fire TV, Android TV, Chrome OS, Linux and more. That's handy if you're unblocking US Netflix or other content, as you're able to stream it directly on your smart TV. 

Manual setup

The best VPNs have detailed guides on setting up their services on other devices. Take ExpressVPN, for example. It doesn't just have a powerful range of mobile and desktop apps, it also has setup guides for Apple TV, Chromebook, Nvidia Shield, PlayStation, Roku, Xbox, LG and Samsung Smart TVs, and more.

NordVPN being used across numerous different devices

VPNs can be used on computers, laptops, mobile, routers, TV streaming devices and games consoles (Image credit: Future)

How many devices can I use a VPN on?

Most providers allow you to set up the VPN on as many devices as you like, but there is one potential catch: they'll often restrict the number of devices which can be connected at the same time. This limit can be as low as five, so if your family is sitting around the smart TV, two using the VPN on mobiles, two on apps, all while you're streaming US Netflix, you won't be able to connect another device until you disconnect one of the others.

If this might be a problem, look out for VPNs which give you extra support. Many now support ten simultaneous connections, and some have no fixed limits at all (like Surfshark). Most providers clearly display their limit on the website, but they might describe it in one of two ways: 'we support up to five devices', or 'we support up to five simultaneous connections'.

How much do VPNs cost?

Average pricing

Premium VPNs range anywhere from around $2 to $12 a month, largely depending on the length of the subscription. Free VPN trials are available from most providers (often in the form of a moneyback guarantee) if you'd just like to see how the technology works.

One thing to be aware of is that although VPN providers pretty much always show their pricing in terms of monthly cost, they will still charge you for the full price upfront when you sign up.

VPN plan lengths

Commercial VPN companies typically offer monthly and annually-billed plans, with some offering subscriptions of up to five years. In most cases, the longer the subscription, the better value you'll see.

Monthly plans are typically priced at $10-$13. Pay for a year up-front, and this usually drops to around $4-$8. Sign up for a long-term plan and there are even more savings to be found. The likes of PureVPN and Ivacy have been known to charge less than $2 a month for plans of three to five years, and occasionally we've seen other providers ask less than a dollar a month.

These ultra-low headline prices might catch your eye, but think carefully before you sign up. A good VPN needs lots of fast servers, knowledgeable developers to write top-quality apps and keep them updated, and expert support staff available 24/7 to help you solve any technical issues. That's expensive, and if a VPN isn't charging enough money to cover everything it should be doing, that's inevitably going to compromise the quality of the service.

Here's an up-to-date list of the best VPN deals currently being offered by today's top providers:

Free VPNs

Some VPNs are entirely free and unrestricted. These have a lot of appeal, but beware: free VPN apps have previously been used to install malware, log your browsing history, inject ads into web pages and more. Even if the provider is entirely honest, providing a fast and reliable service with regularly updated apps and helpful support is expensive. No free VPN can compete with the top paid providers.

We have more information further down this article on free plans - just click this link to head straight there.

How to choose a VPN

There are several factors to consider when you're choosing a VPN - their importance will depend on what you'll be using yours for.

A VPN with lots of servers is a good sign, but check whether they have them in the locations you care about. If you're planning to use your VPN on a multitude of laptops, mobiles, streaming devices and routers at once, then make sure that there are enough simultaneous connections to cover them all.

If you want to use your VPN for streaming then check that it unlocks your favorite streaming service, while keen torrenters will want a VPN with plenty of P2P servers and working kill switches.

Of course there's price to consider - more expensive doesn't always mean better, and there are some great value options available on this list. And you can always give the best VPNs a whirl with a free trial, too.

Are VPNs legal?

VPNs are legal to use in most countries worldwide, but there are some exceptions.

Iraq, North Korea and Turkmenistan all ban VPNs entirely. China allows you to sign up for a VPN, but only if it's a government-approved provider. The UAE, Oman and other countries have regulations which may make some VPN use illegal. Russia and Turkey haven't banned VPNs, but they may block access to some VPN servers and provider's sites.

This isn't an exhaustive list, and the rules may change at any time as countries introduce new regulations. The key point to remember is it's your responsibility to understand the rules, so do some research before you travel.

Although VPNs are entirely legal in North and South America, Western Europe, Oceania and most of the rest of the world, there are a couple of points to keep in mind.

First, VPNs are often used to fool streaming platforms into thinking you're in another country, for example allowing you to access US-only Netflix content from anywhere in the world. That's not illegal, but the streaming companies don't like it, and some say they might close your account if they catch you doing this. (It's very unlikely to happen, but be careful - don't complain to their customer support if a VPN doesn't work.)

The second is that even where VPNs are legal, they're still often used for illegal activities. If you share copyrighted material, hack a network, or sell on the dark web, then you can still get into trouble if you're caught. If in doubt, check the VPN provider's terms and conditions page; there's almost always a list of activities it doesn't allow.

VPN networks across the world

VPNs are mostly legal the world over - but there are exceptions. including Iraq, North Korea and Turkmenistan (Image credit: Pixabay)

Are VPN services trustworthy?

We believe the top VPNs are trustworthy, and doing their very best to protect you and your privacy.

Secure technology

You can see this in the comprehensive technologies they'll develop to keep users safe. ExpressVPN's TrustedServer scheme uses multiple layers of protection to ensure every server is running using the exact same software, for instance, making it far more difficult for an attacker to compromise. 

Even if we imagine a movie-type scenario where a hacker breaks into the ExpressVPN offices and tries to insert a secret back door into the server code, that still wouldn't be enough. The system won't accept changes until a developer has gone through authentication to prove their identity, and the code has been reviewed by someone else.

VPN audit

Many providers are increasingly demonstrating their privacy credentials by putting themselves through third-party VPN audits. Typically, these allow experts from respected names like PricewaterhouseCoopers or cybersecurity consultancy Cure53 to inspect their apps, check their servers, look at code, run in-depth technical tests, and generally confirm they're protecting your data.

Audits are helpful, because they're not just about catching fraudulent VPNs might log your browsing: they can also confirm the apps and servers are working properly, and don't have any bugs or other deficiencies which might leave you exposed.

These steps can't guarantee a VPN is safe, but they're a very positive indicator. And although it's important to look for a trustworthy VPN, it's worth keeping the issue in perspective. Password managers, web hosts, cloud backup companies and many other services also have huge responsibilities when it comes to looking after your data, but most make little effort to prove they're doing this properly. The best VPNs do considerably more to reassure potential customers and show how they're protected.

Do VPNs affect performance?

Connect to a VPN and the service must encrypt and decrypt your traffic, then route it through the VPN server. The extra overhead is likely to reduce your internet speeds. Distance matters, so the effect will be even more noticeable if you're using a server on the other side of the world.

But in reality, you're unlikely to see any significant difference when using a good premium VPN. We fully test VPN performance in our reviews, and the top providers deliver very high speeds just about everywhere. You should have no trouble with browsing, streaming, or any of your regular web tasks.

There's a possible exception with online gaming, where it's vital to have the best possible speeds. But you can turn off the gaming VPN temporarily to restore your normal performance. 

Alternatively, some VPNs have a feature called 'split tunneling', which allows you to specify apps which bypass the VPN and use your regular connection, instead. Set this up, and you could have most of your traffic protected by the VPN, but allow your games or other performance-sensitive apps to connect as normal for the maximum possible speed. 

Illustration of a man with a laptop sitting on a speedometer

If you use a good VPN, you're unlikely to notice any perceivable impact on your device's performance (Image credit: Shutterstock)

What free VPNs are available?

Some commercial VPNs have limited free plans. Atlas VPN, Hide.me, PrivadoVPN, ProtonVPN, Windscribe and others all allow you to sign up and use a basic version of the service at no cost, for as long as you like.

These free versions often have significant restrictions. Most limit your data use to around 1-10GB a month (although ProtonVPN's free plan supports unlimited usage.) You often won't get access to all a VPN's locations; some free VPN's don't allow you to choose a location at all, they select the nearest for you. And they may leave out significant features, such as the ability to unblock streaming sites.

These limited free plans could be enough for simple tasks, though. Even if you can't live with the restrictions for long, they're a convenient and risk-free way to try out a provider, see how its apps work for you. They're also far more trustworthy than most of the anonymous free competition, because you can clearly see who runs them, how they're funded, read detailed privacy policies and generally understand more about how they work.

Are free VPNs safe?

Search for 'VPN' on Google Play and you'll find apps from more than 200 providers, with many entirely free. It's easy to wonder why you'd ever use anything else, but our experience shows these smaller VPNs usually aren't worth the gamble.

Many seem untrustworthy, for instance. They don't tell you who runs them. They may not have a website. Some are only contactable via a generic Gmail address. They don't tell potential users anything about the encryption or other technologies they use. In some cases, we've even noticed providers who steal the privacy policy from a legitimate VPN and pretend it's their own.

Even if a free VPN is honest, use the service and you're likely to pay in other ways. Constant ads, for instance, every time you do anything on the app. And with all the waiting around you might have to do, because you're connecting to an overloaded server with way too many users.

Yes, true, they're free, but is it really worth trusting your internet activities to a dubious-looking provider, just to save the $2-$4 a month you might pay for some legitimate and high-quality commercial servers? We say not - especially with the high quality of cheap VPNs on offer these days.

If you've zero budget and there's no other option, free VPNs might just about work for unblocking Netflix or other streaming sites. But don't leave them connected (or, ideally, even installed) when you're using the web for anything else, and don't ever use them to protect anything privacy-critical.

How to avoid dodgy VPNs

You're using a VPN because you don't trust your websites and ISP with your data, and that makes sense. But are you sure you can trust your VPN? Are you positive it's not logging your online activities, and selling them off to the highest bidder?

VPN providers know this is a big concern, and most claim that they don't keep logs of the websites you visit, the files you download, or any other details of what you're doing online.

These are reassuring words, but can you really trust them? If a provider is logging and selling your browsing history, it's unlikely to admit this on the website.

To be really safe, it's best to pick a VPN that has put its services through a VPN audit as described above. Many of the best providers are already doing this, calling in independent experts, allowing them to inspect their systems, and verifying that they're living up to their privacy promises.

VPN glossary

AES encryption

A secure form of encryption that defines how to encrypt and decrypt your data. First established in 2001 by the U.S. National Institute of Standards and Technology (NIST), AES now represents the global standard of encryption. From messaging apps like WhatsApp and Signal to privacy software like VPN services, it is now employed for a vast array of technologies. You might have come across different denominations like AES-128, AES-192 and AES-256. The number at the end relates to the length of the cipher’s key. As a rule of thumb, more bits make for stronger encryption. 

Browser history

The list of all the web pages you access with your browser, together with some other metadata like the page title and time you visit the site. Even though your web browsing history is generally locally stored, cookies and other web trackers associated with the pages you visit may collect some of your personal information. The good news is that secure browsers offer a private browsing or incognito mode for extra privacy. This means that both your browsing history and data associated with the session are never recorded. 

Dynamic multipoint VPN

A routing technique generally used by organizations to create a VPN network with multiple sites. It differs from a static VPN as the data moves from one site to another without the need to pass through its central server. A DMVPN gives businesses more flexibility to tailor networks according to their needs and make wide communication easier, while cutting operational costs. This form of dynamic tunneling is supported on Cisco IOS-based routers, Huawei AR G3 routers, and on Unix-like operating systems.

DNS

You can think of the Domain Name System (DNS) as the internet's phone book. Every time you look for a certain site on the web - like techradar.com, for example - you do so by typing the domain name associated with it. At the same time, browsers list websites according to their IP addresses - a unique number linked to each device existing on the net. DNS is the technology that enables your machine to match domain names with their respective IP so that the internet can load the resources you are looking for. 

DNS leak

Using a VPN means that theoretically all of your DNS requests are protected by the encryption tunnel. However, it might happen that your security software fails to properly protect you. When a DNS leak occurs, your data - like browsing activity and your device IP - may be exposed to attackers. Luckily, there are plenty of free DNS leak testing websites around that you can use to check whether or not your security software is doing its job.  

Encryption

The process of scrambling your data to make it unreadable for a third party. This means that if attackers manage to access your data, they won’t be able to decrypt the information. Different encryption algorithms are responsible for defining the formula through which your data is encrypted and transformed in ciphertext, and then decrypted via a cryptographic key. Similar to a physical key, the data can be accessed with the right key only. There are different types of encryption. Symmetric encryption, like AES used in VPNs, is a straightforward process where everyone uses the same secret key. Asymmetric encryption uses a public key to scramble the data and a private key for decryption. 

Gateway

The networking device that links different remote sites, devices and networks together within a VPN infrastructure over a non-secure network like the internet. It can connect multiple VPNs, too. Generally a physical router, a VPN gateway can also be a server, firewall or similar. It allows the routing and blocking of VPN traffic, providing services like IP address assignment and management.  

Geo-restrictions

A technology that restricts access to content according to a user’s geographical location. Internet geolocalization tactics include monitoring users’ IP address, or GPS in case of a mobile connection. Known also as geo-blocking, it is largely used by international streaming services for copyright and licensing reasons. Other web services might apply geo-restrictions to enforce censorship, location-based pricing, as well as fraud prevention and online gambling according to local laws.   

Internet Protocol Security (IPSec)

A secure group of protocols that provides secure encrypted communication between different devices. Often used to build up a VPN tunnel infrastructure, IPsec works by authenticating,  encrypting and decrypting packets of data. It can be operated in a transport mode, like in end to end communications for example, to protect specific data content and in a tunnel mode to encrypt the entire IP packet.  

IP address

If DNS is like the phone-book of the internet, IP addresses are the phone numbers filling the list. A series of numbers that define the type and geographical location of each device existing in a network: from web pages to your laptop, smartphone, home router or printer. Computers use IPs to exchange communications between each other, while defining where everything is on the internet or inside a specific network. 

ISP

Short for “internet service provider”, an ISP is a company that provides both individuals and businesses with an internet connection. ISPs might deliver other services, too. These include browser packages, emails, domain registration and web hosting. They can also differ from the type of connection supported, such as cable, fiber or DSL, as well as according to their broadband speed. Examples of ISPs include AT&T, Comcast, BT, Virgin, and Renater.

Kill switch

A feature found in VPNs that stops your data from leaking to the web. It works by continuously monitoring your connection to fix accidental data exposure. If your VPN connection drops, the kill switch will automatically disconnect your device from the internet until a secure VPN protection is restored. Although not all providers offer a kill switch, they are becoming a standard among the most private VPN services. These generally activate the option by default to ensure extra users’ privacy. 

L2TP

Short for Layer 2 Tunneling Protocol, L2TP is a tunneling protocol used to support VPN connections. While IPsec is used for functionality purposes like encrypting and decrypting information, L2TP creates a secure space where these encrypted data packets can safely move between networks. These two components are always used together, under the denomination of L2TP/IPsec, as without encryption the tunneling will be worthless. 

No-log/zero-log VPN

A security policy offered by the most private VPN services, it guarantees that the provider doesn't store any sensitive users’ data. While some information, like email address and payment preferences, might be recorded for functionality reasons, data that could reveal your identity and online activity is never logged. An increasing number of VPN providers are now undergoing regular independent audits of their security policies in order to support their no-logging claims.  

Remote access VPN

A type of VPN that allows users working remotely to establish secure and encrypted connections between their colleagues, devices and apps used within their network. For a remote access service to work, every device needs to have the VPN client app installed. With remote work getting increasingly popular across different sectors, remote access VPNs can boost businesses’ data security while cutting operations expenses. 

SSL

Formally known as Secure Sockets Layer, SSL is a security protocol responsible for encrypting HTTP traffic. This means all the ongoing connections between users’ devices and web servers. It works by establishing a secure authentication process between two devices known as handshake. SSL ensures a high degree of data privacy and data integrity for every exchange of communications. First developed in 1995, SSL technology has now been replaced by Transport Layer Security (TLS). However, this is still referred to as SSL. 

Simultaneous connections

The number of devices that you can use at the same time with one VPN subscription. However, if you install a VPN on your router, all the devices connected to it will be protected by the VPN connection despite counting for one device. 

Smart DNS

A proxy server that masks your real location by rerouting your DNS in a completely different country. Similarly to a VPN, a SmartDNS allows you to bypass geo-restrictions applied on streaming content. However, instead of simply hiding your IP address, it actually replaces the DNS so that it cannot reveal your real geographical position. The downside is that your devices and data won’t be protected by any form of encryption. This is why many good streaming VPNs nowadays also offer a SmartDNS technology to boost their unlocking abilities, while keeping their users’ privacy secured from snoopers. 

Port forwarding / tunneling

A more straightforward method of moving data inside a defined network, it is a technology that provides a bridge between devices located on an external network (WAN) - like the internet - with those on a private local area network (LAN). VPN port forwarding is generally used for multiplayer gaming, P2P activities, web hosting and remote desktop access. As port forwarding can create security issues, many VPNs don’t actually support the practice, and users are advised to experiment with caution.

Proxy server

The middleman between your device and the internet. Similarly to a VPN, a proxy replaces your IP address with the one linked to its server. You can use a proxy server to bypass geo-restrictions, anonymize your activities, boost your online security and save bandwidth data. Despite acting like a VPN, proxy servers don’t encrypt your data in transit. What’s more, many proxies are free to use meaning they might share users’ information with third-party advertisers.  

VPN connection

A secure and encrypted connection between your device and the internet provided by VPN software. An active VPN connection creates a VPN tunnel to protect users’ data in transit, preventing snoopers from accessing your information. It also spoofs your real IP location so that every time you connect to one of its available servers your device will look like it is based in your chosen location. 

VPN client

An application that allows a user to control a VPN connection. The VPN client is the end point within a VPN infrastructure, and initiates the connection with a chosen server. It first grants access to a specific IP address, then redirects the data in transit through the VPN tunnel. 

VPN protocol

Set of instructions that VPN apps and servers use to establish a secure connection and communicate with each other. A VPN protocol defines every aspect of your VPN connection: from the way the app logs into the server and thus authenticates its identity, to the encryption used to secure your data. VPNs generally offer several protocols that users can choose from. 

VPN provider

The company that provides a specific VPN service to individuals and/or organizations. Different providers might be owned by the same parent company, although they typically operate independently. This is something that you might want to check if you want to make sure who is actually handling your data. For example, ExpressVPN, Private Internet Access (PIA) and Cyberghost are all part of the Kape Technologies group. 

VPN server

You can think of a VPN server as a very powerful computer designed to host and deliver the encrypted tunnel responsible to protect your data. Every time you access a website, the server decrypts your traffic to send it to the intended destination. The VPN server is also the one defining the IP address that your ISP will see when you connect to a VPN. It then encrypts any information before reaching back to your device. VPN servers can be both virtual and physical. However, the latter are more popular as they are considered to be safer.   

WireGuard

The newest VPN protocol on the market. Originally developed for Linux-based operating systems, WireGuard is now widely employed by many VPN services as it offers several advantages. These include a simpler coding infrastructure making it easier to fix bugs and vulnerabilities. WireGuard is also faster and more secure as it uses modern cryptography code that allows more reliable connections. It also has some downsides, like using the same key by default. This means that if a hacker manages to get into the server and steal your key, they may also be able to decrypt your traffic - but almost all implementations of WireGuard remedy this with the addition of some code. 

Mike Williams
Lead security reviewer

Mike is a lead security reviewer at Future, where he stress-tests VPNs, antivirus and more to find out which services are sure to keep you safe, and which are best avoided. Mike began his career as a lead software developer in the engineering world, where his creations were used by big-name companies from Rolls Royce to British Nuclear Fuels and British Aerospace. The early PC viruses caught Mike's attention, and he developed an interest in analyzing malware, and learning the low-level technical details of how Windows and network security work under the hood.

With contributions from