What is a Virtual Private Network (VPN)?
A VPN is an encrypted connection from your device to the VPN provider's server. All your internet traffic is routed through that server. Additionally, your traffic appears to be coming through that server, which can help to obscure your true IP address.
Why do I Need a VPN?
A VPN protects from local attackers. While most of the internet is encrypted, not all of it is, and unfortunately important websites like government websites are typically the worst offenders for this. While unlikely, public wifi is also susceptible to being spoofed or spied on, so a VPN can keep your traffic safe from a malicous or nosey admin. Even at home, your Internet Service Provider can see your traffic and legally can sell your browsing data to marketers or inject their own ads. A VPN also has the advantage of obscuring your IP address, which is an important piece of identifying information about you online, thus helping to protect your privacy. As a peripheral benefit, many VPN providers offer servers in multiple countries so you can bypass geographic content restrictions on sites like Netflix and YouTube.
What Should I Look For in a VPN Provider?
The most important thing is to look for a VPN provider who doesn't keep logs. A provider who logs your activity is no better than your current internet provider in that your traffic can still be sold, censored, or spied on. Unfortunately, "no logs" is a buzzword these days, and numerous providers have been caught lying about this. The best way I've found to verify this claim is to search "[VPN provider] logs" on your privacy-respecting search engine of choice. If the provider has been around for any amount of time and has any positive reputation, you will likely find articles or posts confirming or denying their logging policy in some way. You'll also be alerted to any potential accusations of logging, discussions on that claim, and other information to help you decide if the company is serious or not.
Make sure to see how the provider makes money. Running an VPN server is expensive and requires great technical knowledge. "If a product is free, you are the product." Make sure the company has a viable business plan or else assume they are likely logging and selling your data, or worse. Never trust a free VPN unless it's a trial (or in Proton's case, a limited freemium business model).
|Listed in alphabetical order, not order of recommendation|
|Click here to see my criteria for selecting these services.
For more information on providers not listed here, see Techlore's VPN Toolkit.
DNS Leaks & Custom Resolvers
On the How Network Communication Works page, I suggested changing your DNS resolver on your device, but I also suggested (as well as on the Securing Mobile: Replacement Apps and Securing Your Browser pages) only doing so if you don't plan to use a VPN on your device. This is because using a different DNS resolver can cause DNS leaks. To put it simply, a DNS leak is when your DNS requests are exposed. Using the same DNS provided by your VPN provider dramatically reduces the likelihood of this happening, while in my experience using an alternate DNS with a VPN dramatically increases the likelihood. Depending your threat model, the consequences of a DNS leak could range from "virtually meaningless" to "life threatening." To avoid DNS leaks, I suggest you avoid manually changing your DNS resolver and instead use the DNS resolver provided by your VPN provider. You should only change your DNS resolver if you do not plan to use a VPN.
Tips & Tricks
I recommend using a VPN at all times on all devices. For mobile devices, this will not hide your real location, but this will fool your browser and most apps and more importantly allows for a secure, encrypted connection at all times.
For streaming services like Netflix, some VPN providers offer specific servers that support streaming. Be sure to check their site or contact customer service for more information.
Please note that a VPN is not anonymous. They can be defeated in a variety of ways and do not protect against other advanced tracking features like cookies and browser fingerprinting.
If you enabled DNS-over-HTTPS as I recommended in the Web Browser section, be sure to turn that off or else it may cause DNS leakages and interfere with certain provider features.
While the country a company is based in does matter to an extent (see this blog post for more details on how why), it's worth noting that VPN providers largely fall into unique legal categories. Because the physical servers your traffic routes though may be in different countries than the provider's headquarters, the laws surrounding things like wiretaps and data sharing can quickly become complex and convuluted. Likewise, because VPNs are generally legally not considered telecommunications companies in many countries, the laws surrounding their law enforcement accountability tend to be less strict - in other words, law enforcement usually has a harder time forcing them to comply with wiretap orders, if they can at all. For this reason, country of origin matters significantly less so long as the company in question is not keeping logs, is using proper encryption, and has a track record of pushing back on unlawful requests. However, as with anything, be aware that nothing is bulletproof. Mass surveillance frequently operates outside the law and countries can still choose to cooperate with foreign law enforcement and pressure the companies within their borders to comply "willingly."