What is a VPN?
How VPNs work and why you should use one.
What is a VPN service?
A VPN, which stands for virtual private network, establishes a digital connection between your computer and a remote server owned by a VPN provider, creating a point-to-point tunnel that encrypts your personal data, masks your IP address, and lets you sidestep website blocks and firewalls on the internet. This ensures that your online experiences are private, protected, and more secure.
By its very definition, a VPN connection is:
- Virtual because no physical cables are involved in the connection process.
- Private because through this connection, no one else can see your data or browsing activity.
- Networked because multiple devices—your computer and the VPN server—work together to maintain an established link.
Now that you know the meaning behind VPN, as well as what VPN stands for, let's explore the many benefits of a VPN, and why it might be advantageous to use one.
Why should I use a VPN service?
For anyone seeking a safer, freer, and more secure online experience, the benefits of using a VPN are myriad. A VPN protects its users by encrypting their data and masking their IP address, leaving their browsing history and location untraceable. This greater anonymity allows for greater privacy, as well as greater freedom for those who wish to access blocked or region-bound content.
Here are some common reasons as to why you might use a VPN:
Secure your data
Sensitive data like work emails, payment information, and location tagging is constantly being transmitted online. This information is trackable and easy to exploit, especially on a public network, where anyone who has access to the network has potential access your personal data. A VPN connection scrambles your data into code and renders it unreadable to anyone without an encryption key. It hides your browsing activity so that no one else can see it.
Work from home
Today, remote work is more widespread than ever before. With a VPN, remote workers can access company resources over a private connection from anywhere, so long as they are able to get online. This provides employees with a greater sense of flexibility, while also ensuring that company data remains protected and secure, even on a public Wi-Fi network.
Access or stream regional content from anywhere
Some sites and services restrict their media content based on geographic location, which means you may not have access to certain kinds of content. A VPN disguises, or spoofs, the location of your local server so that it appears as if it's based elsewhere, such as in another country.
Bypass censorship and surveillance
Some regions may not have access to certain sites or services due to government restrictions, censorship, or surveillance. Location spoofing gives these users the ability to circumvent firewalls, view blocked websites, and move freely online.
Prevent ISP and third-party tracking
Internet service providers (ISPs) log and track your browsing history through your device's unique IP address. This information could potentially be sold to third-party advertisers, given to the government, or left vulnerable in the face a security compromise. By routing to a remote VPN server instead of your ISP's servers, a VPN masks your IP address, prevents ISP tracking, and keeps your personal data private.
Types of VPN connections
Today, you'll find a wide variety of VPNs for computers and mobile, both premium and free, available for professional and personal use. Here are some of the most common types:
Name | Type | Connection method | Use Case |
---|---|---|---|
Remote access VPN (also known as client-to-site VPN) | Home | Connect to a private network or third-party server via SSL/TSL | For remote workers who need access to company files and resources over a private connection, or for users who wish to browse the public Internet over an encrypted connection |
Site-to-site VPN | Private | Network connects to another network via LAN, WAN | For large organizations that need to link their internal networks across multiple sites in different locations, while maintaining a secure connection |
VPN applications | Mobile | Connect to a private network via VPN app on mobile or smartphone device | For mobile users who wish to take advantage of the benefits of a VPN while on the go, or while experiencing an unstable Internet connection |
Remote access VPN (also known as client-to-site VPN)
One of the most widely used types of VPN for the computer, a remote access VPN, gives off-site users the ability to connect to an organization's network, or a remote server, from their personal device. This can be accomplished by entering your authentication credentials via a login page, which then authorizes you to make the connection through your web browser.
Users may also connect to the VPN through a virtual desktop client or VPN app, which also connects to a network or server after you enter your credentials. A client provides its users with an easy interface to work with, connectivity information, and the ability to toggle between the VPN's various features.
A remote access VPN can be used for both professional and personal use, which is why it's one of the most common forms of VPN. It gives remote workers the ability to access company files and resources without having to be in the office, and it safeguards the private data of remote-first companies so that it's likely to stay private. As for individual users who simply wish to browse the public Internet with increased autonomy and anonymity, a remote access VPN is integral to avoiding content blocks, firewalls, and ISP tracking.
Site-to-site VPN
Large organizations in need of a more robust, custom solution may opt for site-to-site VPNs. A site-to-site VPN is a private, internal network comprised of multiple networks within an organization, which are connected to each other’s local area networks (LANs) through the public Internet. This setup allows users across two separate networks, either within or adjacent to the organization, to share resources with each other while still limiting full access to all their resources, ensuring that communication within the company remains as private and as secure as possible. Due to the scale and complexity of site-to-site VPNs, this type of connection is best suited for enterprise-level companies with departments across multiple locations.
Within site-to-site VPNs, there are two network types:
Intranet
An intranet site-to-site VPN links several sites from the same organization together by way of LAN. This is useful when multiple departments across multiple locations need to collaborate with each other within a closed, private network. Through a site-to-site connection, these departments can securely and efficiently exchange resources with each other.
Extranet
An extranet site-to-site VPN links several sites from different organizations together by way of LAN. An organization that frequently collaborates with third-party suppliers, partners, or business vendors may need the ability to form this network. Organizations may also customize the scope of access between each network, so that only some resources are shared, while others remain private.
Mobile VPN
While long-standing VPN providers typically cater toward desktop users, smartphones have spurred a huge uptick in growth among VPNs for mobile—and for good reason. For smartphone users looking for greater security and protection while on the go, a mobile VPN is a necessity.
Mobile VPNs not only provide the benefits of a traditional VPN, but they also continue to safeguard data when Internet connectivity is spotty or unstable, or when toggling between mobile data and Wi-Fi. So long as the app is running, the VPN connection remains secure, and your device remains protected. Because of the flexibility, a mobile VPN is ideal for users who travel, or for those who don’t have access to a reliable internet connection.
How does a VPN work?
So how does a VPN protect you? Let's look under the hood and see how things work.
Protocol name | Encryption | Routing | Use Case |
---|---|---|---|
OpenVPN | 256-bit AES encryption using OpenSSL | TCP and UDP, SSL/TSL | Best overall use |
SSTP | 256-bit AES encryption | TCP, SSL/TSL | Best option for Windows |
IKEv2 / IPSec | 256-bit AES encryption | UDP | Best option for mobile browsing |
L2TP / IPSec | 256-bit AES encryption | UDP | Best option for basic setup |
PPTP | 128-bit encryption | TCP | None; obsolete |
WireGuard | 256-bit AES encryption | UDP | Best option for early adopters |
When an attempted connection is made to the VPN provider's remote server, the server authenticates the user and creates an encrypted tunnel for their data to run through. The data that funnels through this tunnel gets scrambled into code and rendered illegible by anyone who does not have access to the encryption key, and therefore does not have permission to read it. Once this data reaches the server, the server uses its own private key to decrypt the data and make it readable. The server sends the decrypted data, along with a new IP address, back to the site you’re attempting to connect with.
How this encryption process occurs—and whether it's fully secure—depends on the type of protocol, or system of instructions, used to make the connection. A VPN service can only guarantee security and peace of mind when backed by a strong protocol. It's the engine that keeps a VPN running.
You'll find a wide variety of protocols among VPN providers, each with their own routing methods, each with their own use cases. Here are some of the most common options to look out for:
OpenVPN
One of the most widely used protocols in the space, OpenVPN is generally considered to be an industry standard for its security, stability, and flexibility. It features 256-bit encryption technology, provides tunneling through SSL/TSL, and uses open-source technology, which means anyone can view its source code and address any potential vulnerabilities. This level of transparency ensures that your data will never be sold or given to third-party advertisers.
SSTP
SSTP, which stands for Secure Socket Tunneling Protocol, is another industry-standard protocol that features 256-bit encryption and SSL/TSL certifications for authentication. It’s natively built into Windows OS and supported by Microsoft, which makes it the best option for Windows users.
IKEv2 / IPSec
IKEv2, which stands for Internet Key Exchange version 2, is a protocol that is usually paired with IPSec, Internet Protocol Security, for optimal security and speed. IKEv2/IPSec maintains your connection under unstable Internet conditions, even when toggling between cellular data and Wi-Fi. It’s the best protocol to use for mobile VPNs.
L2TP / IPSec
L2TP, which stands for Layer 2 Tunneling Protocol, is another protocol that is frequently paired with IPSec for added security. Like SSTP, it's natively built into Windows OS, and is generally easy to set up, though many providers no longer support this protocol since there are now better options available.
PPTP
PPTP, which stands for Point-to-Point Tunneling Protocol, was the original predecessor to L2TP, and has since been rendered obsolete. Some free VPNs may still use this protocol, though due to its many known security flaws, it is no longer considered a reliable option for secure connections.
WireGuard
WireGuard is a newer, up-and-coming protocol that continues to gain traction in the VPN space. It touts a leaner codebase, more modern encryption technology, and greater mobile compatibility. Like OpenVPN, it’s an open-source project, which means anyone can review the source code, report bugs, and keep their providers accountable.
How a VPN protects your IP address
In addition to encryption, a VPN also masks your IP address from the public internet, in turn masking your identity. When a user successfully connects their computer to the VPN server, the VPN not only secures their data, it also assigns them a new IP address that conceals their real IP address. This may come in the form of a shared IP address, which groups multiple users into a single IP so that activity from any one individual user becomes difficult to discern. This new IP address may also correspond with the IP address of the VPN server, which means the more servers there are across the globe, the more IP addresses you have to choose from. Depending on your needs, this can be configured in the settings of your VPN client.
When a VPN hides your IP address, it also spoofs, or hides, your location as well. This is useful for bypassing content blocks and firewalls, which rely on your IP to initiate the blocking. IP masking has also proven effective against doxing, where your private identity is made public online, as well as DDoS attacks, or distributed denial of service attacks. If no one knows your real IP address, then no one can launch an attack against you.
How secure is a VPN?
Even with the strongest protocols, a VPN does not guarantee iron-clad security. For one, it doesn't protect against viruses. And even though a VPN can prevent an advertiser from using your cookies to target ads, it doesn't prevent the cookies themselves. Security flaws, bugs, and other vulnerabilities may arise, which is why it's important to keep your software up to date. Less reputable providers may log your browsing activity and use the data to sell you ads. And while the best providers offer the highest level of encryption and IP masking, ISPs and other third-party entities are growing savvier every day.
Despite these minor challenges, your online experience is still more secure and more flexible with a VPN service than without. If you're looking to bring an added layer of online privacy to your daily browsing, then a VPN is necessary. With the winning combination of strong encryption plus IP masking, a VPN works to meet your protection needs.
What does a good VPN do?
Now that you know the advantages of using a VPN, as well as its various types, protocols, and use cases, let's explore what to look for in a VPN provider. There are plenty of options on the market, but you'll want to select a reputable company with clear expertise, a proven track record, and trustworthy values. Here are some of the features you should look for in a good VPN provider:
Strong protocols
The most important feature of any VPN provider is security, so it's essential to choose a service that uses an industry-standard protocol with 256-bit encryption—the same kind of encryption used by banks and military. In today's landscape, this means being aware of the limitations of older protocols like L2TP/IPSec, while avoiding obsolete protocols like PPTP altogether. Instead, opt for services that use OpenVPN, SSTP, IKEv2/IPSec, or WireGuard. The top providers support multiple protocols and should allow you to toggle between them, depending on the use case.
IP address protection
Greater anonymity is a pivotal reason to use a VPN. When looking for a provider, you'll want to choose one that provides you with options for rerouting your IP address. A shared IP address groups multiple users together under one IP, protecting you from within the crowd, while quick and easy server switching allows you to choose your location from wherever your provider's servers are located.
A range of servers across many locations
When using a VPN, you may notice a slowdown in performance if your provider only runs a select number of servers in a select number of locations. By using a service comprised of many servers located near and far, including ones closer to you, your data travels a shorter distance, improving on speed. The more servers there are around the world, the more spread out the users, the faster the performance. And if you're looking to switch to an IP address from a particular region, you'll want to see that your provider has a server there that supports your chosen protocol.
Zero-log policy
You may be hidden from third parties, but in theory, a VPN provider has the power to potentially see everything you do under its protection. Because of this, it's important to go with a company that practices transparency around their logging policy. A zero-log, or no-log VPN provider keeps a record of your email address, payment information, and VPN server, but it shouldn't log or store any data that gets sent while you're securely connected. This includes usage logs, connection logs, session data, or even your IP address.
Kill switch
If your secure VPN connection gets interrupted, your computer reverts to your real IP address, in turn compromising your identity. A kill switch prevents this from happening by cutting off your Internet connection as soon as your VPN connection disrupts.
Mobile compatibility
Mobile activity gets risky when it's happening on an unsecured Wi-Fi network. If you're looking for a safer mobile experience, then it may be useful to look for a provider that offers support for mobile VPN, particularly the ability to switch to the IKEv2/IPSec protocol when roaming. This ensures that your connection is secure, even when you move from public Wi-Fi to cellular data.
Options for authentication
When a computer attempts to connect to a VPN server, the VPN must first authenticate the user before the connection is successful. This typically means entering your credentials via a login page or desktop client, though it's best to consider additional options for authentication. Multi-factor authentication, for instance, requires that you authorize your login with your mobile device through an app. You may also want to use a physical security key, which you plug into your USB port, for even more security.
Customer support
Like other software companies, a VPN provider must have a reliable support team for you to contact for any issues that may arise. This support team should be knowledgeable, helpful, and easy to get in touch with.
Premium pricing
In general, it's best to avoid free VPNs altogether. By choosing a paid provider, you are choosing a real and credible company, backed by quality technology and infrastructure. A paid provider is also less likely to log your activities and sell that information to advertisers. A premium VPN may require a monthly fee, but the value of safety, security, and peace of mind is well worth the cost.
How do VPNs help with identity theft?
Identity theft is a growing problem that continues to shift and evolve in subtle, surprising ways. It's when hackers steal your personal data for the purpose of charging your credit cards, accessing your bank account, taking out a lease, or using your insurance for their gain—all forms of fraud. With the increasing frequency of corporate data breaches, where user information is stolen from a database, the issue of identity theft only seems to be growing bigger. And now that almost every café, business, or airport offers public Wi-Fi for the working, banking, and shopping needs of their patrons, our identities seem more vulnerable than ever.
Although it may not be possible to prevent a data breach from happening, it is possible to protect against online identity theft by using a VPN. Through tunneling, a VPN encrypts your data so that no one else, including fraudsters, can see it, thus securing your information even when you're using an unsecured network. A VPN also masks your IP address so that your online identity and location remain untraceable, making it difficult for cyberthieves to pin you down. Because your IP address is hidden, you're protected against cyberattacks.
Frequently asked questions
-
A VPN, which stands for virtual private network, protects its users by encrypting their data and masking their IP addresses. This hides their browsing activity, identity, and location, allowing for greater privacy and autonomy. Anyone seeking a safer, freer, and more secure online experience could benefit from a VPN.
-
A reputable VPN provider should offer the highest level of encryption, IP address protection, location masking, and failsafe privacy options. Depending on the features offered, you might use a VPN to work remotely, secure sensitive data, access regional content, bypass content blocks, or prevent third-party tracking.
-
A VPN connection is a digital connection established between your computer and a remote server owned by the VPN provider. When the connection is successful, it creates an encrypted tunnel through which all your data runs through. This data gets scrambled into code so that no one else can see it, ensuring that your browsing activity remains private and protected.
-
While VPNs do not protect against cookies, they do protect against ISP tracking, or Internet service provider tracking, as well as third-party advertisers and cybercriminals. This is accomplished by routing your connection to a remote VPN server, which masks your IP address and hides your location. With this information hidden, your identity remains private.
-
A VPN app is a software application that allows you to make a connection to a remote VPN server after you enter your login credentials. This may come in the form of a virtual client for the desktop, or as a mobile app. So long as the client or app is running, your device will remain protected by way of VPN. This is especially useful for smartphone users looking for security and protection while on the go.
Get started with an Azure free account
Enjoy popular services free for 12 months, more than 25 services free always, and USD$200 credit to use in your first 30 days.