The Independent’s journalism is supported by our readers. When you purchase through links on our site, we may earn commission. Why trust us?
Virtual private networks (VPNs) are becoming an increasingly common feature in the online landscape – and for good reason. People are spending more time connected to the internet, using countless digital portals and online services throughout the day, so it’s more important than ever to stay in control of your digital footprint and have a say in who can track your online activity and in what way.
A VPN is a smart way to keep your online activity discrete, which is why usage is high in regions with widespread online surveillance or censored internet. It also has additional perks, such as reducing the risk of hacking or malware and even allowing you to access services not usually available in your location.
In this guide, we’ll explain exactly what a VPN is, how it works and why you might want to consider one. We’ll also answer some frequently asked questions that usually come up when people are choosing their first VPN.
Usually, when you connect to the internet on a phone, laptop or tablet, you connect directly to that location’s internet service provider (ISP). This may be on a private network (e.g. your home’s wifi) or a public network (e.g. a café’s wifi).
Regardless of what kind of network you’re using, a VPN acts as an intermediary, creating a “virtual” network that you connect to instead. It’s essentially a middleperson that obscures the identity and activity of the actual user.
The VPN creates a virtual tunnel – with you at one end and the VPN’s server on the other – to encrypt the data that moves through it, ensuring your security and privacy by scrambling your information so it can’t be easily read or stolen.
Almost any website you visit will have some form of encryption to protect user data, such as the usernames and passwords you enter into online portals, but a VPN encrypts much more of your information overall.
Different VPN providers can have different standards of encryption, with some being possible to hack, although the Advanced Encryption Standard (AES) 256-bit encryption used by most reputable VPN providers is considered very secure. It’s the encryption standard used by the United States federal government, and it’s also used in end-to-end encrypted messaging apps, such as WhatsApp and Signal. This allows you to stay anonymous online, limiting oversight of your activity and side stepping region-specific restrictions to your internet usage. Therefore, if your country of residence heavily censors internet access, it’s possible to tunnel your way out.
Just be sure to check the laws around VPN use in your country; very few countries outlaw them entirely, but some restrict their use or only allow VPN providers that can provide “backdoor” access to governments, limiting their security. We obviously don’t recommend using a VPN for an illicit purpose – it’s still illegal even with a VPN.
At the time of writing, VPNs are outlawed in Iraq, Belarus, North Korea and Turkmenistan, while there are sizable restrictions on VPN use in Iran, Russia, China, Turkey, Oman and the UAE.
So why do people use VPNs? The basic benefit of a VPN is that it helps to protect your data from surveillance and hacking. While a browser’s incognito mode may prevent other users of your device from seeing your internet history, a VPN can stop websites from seeing your real Internet Protocol (IP) address, inhibit your ISP’s attempts to identify you and even protect you from state surveillance.
A VPN is a sensible choice for protection when using public wifi networks, which can be more vulnerable to hacking than closed, private networks and can make it easier for cybercriminals to intercept your data and discover your personal details. Public wifi networks come with the real danger of hackers accessing your email, stealing financial information or infecting your device with malware. This makes a VPN even more important when you use these networks, as it ensures that there’s an intermediary to protect you from attacks and securely encrypt your activity to inhibit any prying eyes.
One added benefit is that VPNs can let you bypass geo-restricted content. VPN providers run servers all around the world, and it’s possible to direct your traffic through a server in another region, allowing you to access services that wouldn’t usually be available to you.
However, VPNs will likely slow down your internet and increase data usage given the added processes in place.
There are three main components to a VPN: the client, server and tunnel.
The VPN client is the software installed on your device that represents you as a user. This is what connects you to the VPN server through a tunnel of encrypted communication that scrambles your identity and IP address while you access the wider internet. You effectively tunnel through the internet, with your data safe inside the tunnel where outside eyes can’t access it.
The tunnelling protocol (essentially a set of instructions that determines how the client and server interact) works by wrapping your data within another layer of information, like sealing a letter in an envelope. This “envelope” carries your data securely to its destination, where it is then opened.
There are various kinds of tunnelling protocols, each with its own benefits and downsides when it comes to security, speed and general utility. WireGuard is a newer protocol with a simple interface and considerable speed, supported by a minimal feature set, while the open-source OpenVPN protocol includes more features and configurations but lags a little behind on speed. There’s no need to panic about knowing how to pick a tunnelling protocol, though. Your VPN provider will generally pick one by default.
Whichever protocol you use, your data will be encrypted by an algorithm designed to conceal your information, creating a randomised encryption key that, in turn, generates successive keys, obscuring the original and making the encryption near impossible to crack.
The AES-256 encryption standard, for example, will encrypt your data 14 times to ensure security – like having 14 keys for 14 doors rather than a single key – with an eye-watering number of possible combinations (78 digits long) that even the world’s most powerful supercomputer would take billions of years to solve. In short, this makes it very secure.
Let’s talk about VPN routing. When you connect to a VPN, your data is directed through a specific path, or “route,” to reach its destination. The routing process determines how your data travels between your device, the VPN server and the internet, creating a detour for your information. To establish this route, VPNs use various protocols, as discussed in the previous section. A VPN provider may offer a handful of protocols for you to choose between or use its own unique proprietary protocol.
The most common VPN protocols are:
By using these protocols to re-route your data, it’s possible for the VPN to access services you couldn’t usually use or bypass firewalls that would usually limit your activity.
However, some sites or services might not cooperate with a VPN, or they may simply block your access when they detect that a VPN is in use since it might violate the terms of use for the service or suggest you’re accessing from a concealed location. This is where “split tunnelling” comes in.
As we’ve said, the tunnel is the protected channel of encrypted information that passes between you and the VPN server. Split tunnelling is an advanced feature that allows you to set certain services or websites to always bypass the VPN so that you don’t run into any issues. You effectively direct some traffic through one channel and other traffic through another. Both NordVPN and ExpressVPN support split tunnelling on all platforms, but other providers might support it only on specific devices or not support it at all.
Employing split tunnelling can also stop your VPN from slowing down certain services, although it does mean you’re accessing those services without the added privacy and protection of a VPN, potentially leaving a weak spot in your online security.
The good thing about VPNs is that once they’re up and running, there’s little else to do but enjoy the added protection and security they provide you. They’re convenient, especially if you’re prone to using public wifi services on the go and want or need the added protection, such as while working on a commuter train or in a hotel lobby. In particular, if you’re working with sensitive information on behalf of your employer, it’s crucial to ensure your online activity isn’t vulnerable to hacking.
For regular travellers, a VPN allows you to use your home country’s servers even when working abroad so you can access the same information or services as you would from your own home or office. If your company’s intranet can only be accessed from a certain geo-location, your VPN can fix that too. While this applies to people who take their work with them on holiday, it’s also a boon for remote workers who don’t have a singular place of employment and often move around.
If you’re concerned about using your Spotify or Netflix accounts while travelling, as they have a content library unique to your country of residence, then a VPN will ensure you’re able to both work and relax in the most convenient way.
VPNs are an increasingly popular software tool for improving the security and privacy of your network connections. They can function as a secure barrier over public wifi networks, conceal your IP address and protect sensitive data in regions where journalists or activists face repressive surveillance. On a lighter note, they can also help you access streaming service libraries you wouldn’t otherwise get in your locality.
If you value your privacy and security in any online dealings – whether it’s protecting your password or sidestepping geo-locked services – there are plenty of great VPNs to choose from. If budget is an issue, you can also usually find reputable cheap VPNs that won’t break the bank, and even a few decent free VPNs – though our researchers have found using a paid service offers more benefits.
Technically, yes. Some VPN subscriptions are available at no cost, although it’s always worth paying for a subscription to ensure your data is safe. You’re likely to get fewer features and less security on a free plan, and it’s possible that the provider might sell user data to cover the cost of the plan or spread malware under the guise of a free service. You can read more in our guide on how free VPNs profit from their users.
There are usually two ways to turn off your VPN: going to the VPN app itself or through your device’s general settings. VPNs generally have a simple on/off feature that’s immediately available when launching the app. Turning it off won’t cancel your subscription. On an iPhone, any VPNs on your device are found under “Settings” > “General”, and Android devices have a VPN overview under their “Connection” or “Connecting & Sharing” settings.
When you disable your VPN, your internet traffic reverts to the usual level of encryption and data sharing of whatever services you use. None of your previous online activity is suddenly visible or retroactively vulnerable, although any new activity will be without the protection of a VPN.
A VPN, no matter how effective, isn’t an impermeable shield against any kind of threat. If you use a VPN to access malware or download viruses, it could still negatively impact your device’s security.
Certain websites will also be able to store some of your personal information. For example, if you log into Facebook or Twitter, those platforms can see your activity even through a VPN. Trackers and cookies can still be used to identify you by storing particular usernames and passwords or using your browsing history to sell you targeted ads across other sites (though a tracker may be fed some unreliable information in the process).
The main risk to using a VPN is thinking that you’re completely invisible on the internet, which isn’t quite the case.