Why aren't more VPNs rotating IP addresses?

Hand drawn doodles and textures depicting mass surveillance and thin line between privacy and security
(Image credit: Getty Images)

Digital marketing is big business, so it's no surprise that marketers develop increasingly sophisticated (and sneaky) ways to track your online activities.

It's just one more reason to invest in your digital privacy. Today's best VPNs can help you stay one step ahead of ever-present online surveillance but it's important to choose the right service with the right tools - like rotating IP addresses.

Keep reading, and I'll explain why rotating IP addresses to randomize your internet footprint can help maintain your anonymity.

How are IPs assigned?

Each Internet Protocol address – or IP address – is unique, and identifies your computer on the internet. When you communicate with another device over the web, you send your IP address to the device so that it can respond and send data back to you. Basically, your IP address is your internet mailing address.

There are a few different ways you can be assigned an IP when you connect to the internet. A "static" IP is assigned to you by your Internet Service Provider (ISP) for as long as you need it. You might see VPN providers offering static and dedicated IPs – and, in this context, a dedicated IP is just a static IP that only you use. Static ISP IPs tend to be dedicated by default but there are exceptions to the rule.

You can also be assigned a "dynamic" IP. This means that the ISP looks through its pool of available IPs that aren't in use, assigns you one for the duration of your session, and then ends the lease when your connection to the ISP closes (for example, if you lose power). When you reconnect, your ISP assigns you a new IP all over again.

Want to learn more?

IPv6 is being gradually rolled out to replace IPv4 – and solve the scarcity issue. This spiritual successor has its differences, however, which you can check out in our guide to IPv4 vs. IPv6.

There are two key reasons your ISP might pick and choose which IP to dish out – although they're basically the same issue on different scales. First and foremost, there's a global pool of IPv4 addresses and it's running out quickly. When the internet was shiny and new, nobody ever thought there’d be one internet connection for every household, let alone several devices all with their own unique internet connections. As such, although there are roughly 3.6 billion IP addresses available using IPv4, it's just not enough to provide everyone (and every device) with a static IP.

This leads to reason two: IP addresses are leased on a per-provider basis, and they're getting more expensive as supply dries up. To keep costs down, ISPs maintain a pool of IP addresses that they assign at will, meaning they only use what they need instead of assigning one per customer.

How does a VPN use your IP?

It's impossible to communicate online without revealing your IP address. However, there are forwarding services, like VPNs, that can send and receive traffic on your behalf.

A VPN acts as an intermediary: you send all your data to the VPN, which then forwards it to your destination using the VPN's IP address. The VPN receives the data and sends it back to you through an encrypted tunnel. This means your ISP cannot see your data and your IP address is hidden from the endpoint. Plus, when you communicate with another device online, it'll look like it's the VPN talking to it.

There are several situations where this is useful. If you're in the middle of an online game, for example, you may worry about hackers disconnecting you from the server by flooding your connection with malicious traffic. Hiding your original IP address makes it nearly impossible for a hacker to connect directly to your computer, however, rendering DDoS attacks much harder to carry out.

So, even if a hacker manages to knock you offline for a moment, you'll be able to connect to another server and get back into the game.

What is a rotating IP?

A rotating IP is a type of dynamic IP that changes when you want it to. Depending on what you plan on doing, you can set up a rotating IP to automatically change the IP address assigned to your device or connection at regular intervals or under certain conditions. This change can occur each time you establish a new connection, periodically after a set time, or based on specific triggers such as data transfer thresholds.

The main reason folks use rotating IPs on a VPN is to enhance their digital anonymity. By regularly changing your IP address, rotating IPs make it more difficult for websites, services, and potential attackers to track your online activities.

What types of rotating IPs are there?

Most rotating IPs work in roughly the same way – but there's a lot of variation in how they're triggered. The rotating IPs I've covered so far are session-based rotations where an IP is assigned every time a user connects to a system (in this case, turning on their router and connecting to the ISP).

There are other relevant types of rotating IPs, however, that really illustrate how VPN-based rotating IPs work.

  • The simplest form is manual rotation. You'll have access to a pool of IP addresses and assign one manually as you need it. If you've ever used a proxy service where you've had to manually input the IP address into your browser, you've done manual IP rotation. Of course, the expectation is that you'll have more than one proxy address to choose from.
  • There's also trigger-based IP rotation – which is exactly what it sounds like. The IP rotation occurs based on a specific trigger, like when a certain amount of data is transferred or when a request to a particular website is made. Data analysts and marketers are most likely to use trigger-based IP rotation because they have a predictable use case and need to be able to change IPs as soon as that use case is fulfilled.
  • Finally, there's time-based rotation. This type of rotating IP changes at fixed time intervals or after a certain duration of use. For example, every 10 minutes, 1 hour, or day. Time-based rotation boosts your anonymity without the hassle of manual triggering – although you could argue that time-based is just another type of trigger. However, it's important to remember that, no matter what you're doing online, you'll always be cycling through IP addresses.

Do VPNs use rotating IPs?

Almost all VPNs use session-based rotation to ensure that each online session starts with a fresh IP address, which reduces the likelihood of tracking based on past sessions. Some providers offer both static and dedicated IPs, but you'll have to manually opt in to each. In most cases, dedicated IPs are a paid extra because of the whole "IPs are expensive" thing I discussed earlier.

You can also manually rotate your address by connecting to a new server or a different location. However, when VPN providers talk about offering "rotating IPs", what they're usually talking about is time-based rotation.

Dive into the details

VPNs are incredibly handy bits of software that you use just like any other app or service. We've explored their ins and outs in our "How does a VPN work?" guide.

When you use a rotating IP, your connection works similarly to a standard VPN: your data is encrypted and sent to the VPN server, which then forwards it to your destination. However, with rotating IPs, the VPN server will assign you a new IP address periodically without interrupting your connection.

The main advantage of using a time-based rotating IP is enhanced anonymity. By frequently changing your IP address, it becomes much more difficult for anyone to track your online activities or build a profile based on your internet usage. It pushes VPN users onto different IPs at regular intervals to create a "mixing" effect where it's nearly impossible to associate a single IP address with an individual user. This can also be useful if you regularly carry out web scraping, want to bypass geolocation restrictions, or avoid IP-based bans.

Who uses rotating IPs?

There are all sorts of reasons to use a rotating IP – and I've picked out some of the most common use cases below:

  1. Digital marketers and SEO companies: trigger-based rotating IPs are invaluable when it comes to web scraping and data mining tasks. Rotating IPs help gather data from websites without being blocked or flagged for excessive requests. These companies also use rotating IPs for tasks like market research and competitor analysis.
  2. Cybersecurity consultants: ethical hackers and penetration testers regularly rotate IP addresses when carrying out vulnerability assessments. Doing this makes it harder for their activities to be picked up by internal security teams and programs.
  3. Gamers: Online gamers use rotating IPs to avoid DDoS attacks. By changing their IP address frequently, they make it more challenging for attackers to target their sessions.
  4. The privacy-conscious: everyday internet users concerned about online privacy rely on rotating IPs to prevent websites, advertisers, and even their ISPs from tracking their online activities.

Who offers rotating IPs?

Most VPNs allow you to rotate IPs manually but very few offer a rotating IP service. Why? Well, it's a technical process that's difficult to set up, and only the most secure VPNs will go the extra mile to buy additional IPs needed to support ongoing IP rotation. Just like ISPs, VPN providers need to lease out all of the IPs they use for their service.

So, if you're looking for a reliable VPN with rotating IPs, you should check out Surfshark. The services Nexus technology seamlessly updates your VPN’s IP on the fly: no disconnections, no interruptions, no annoying popups.

Surfshark allows you to define when you want your IP to change or use a randomizer that updates your IP every time you visit a site for maximum anonymity.

If you fancy checking out Surfshark's Nexus power for yourself, be sure to make good use of the provider's 30-day money-back guarantee to take it for a month-long, risk-free test drive.

Sam Dawson
VPN and cybersecurity expert

Sam Dawson is a cybersecurity expert who has over four years of experience reviewing security-related software products. He focuses his writing on VPNs and security, previously writing for ProPrivacy before freelancing for Future PLC's brands, including TechRadar. Between running a penetration testing company and finishing a PhD focusing on speculative execution attacks at the University of Kent, he still somehow finds the time to keep an eye on how technology is impacting current affairs.