VPNs have gone from being an obscure networking utility to big business. You've probably noticed the ads from your favorite YouTuber, on podcasts, or even during the Super Bowl with claims about how a VPN can make you anonymous or let you access free video streaming. Do the products live up to the hype? Although VPNs can be useful tools for protecting your privacy, it's important to understand how these tools work so you can decide whether they will help you. We break down how a VPN works to help you understand why you may want one and how to choose the best one for you.
What Is a VPN?
VPN stands for "virtual private network." When we talk about VPNs, we usually refer to a commercial VPN selling its service directly to consumers. Still, VPNs have much broader applications and have been in use for decades. Corporations have long used VPN technology to let workers access digital resources no matter where they are, long before many of us started working from home.
When you activate a VPN, your device creates an encrypted connection (often referred to as a "tunnel") that connects to a remote server operated by the VPN provider (or in corporate settings, your company IT department). All your internet traffic is routed through this tunnel to the server, which sends the traffic off to the public internet as usual. Data coming back to your device makes the same trip: from the internet, to the VPN server, through the encrypted connection, and back to your machine.
Remember that you don't need another company to set up a VPN. There are a few options to set up your own, such as Outline, or you can build one with some know-how and spare PC parts. Doing so is fairly straightforward, but you'll need to rent or maintain that VPN server on your own, which is definitely more complicated (and prone to security risks) than paying a VPN service to handle it instead. While there are some things you can do to make a self-hosted VPN more accessible, it's usually best left to tinkerers who are eager to get their hands dirty.
Do VPNs Make You Anonymous Online?
Encrypting your traffic and routing it through a VPN server makes it harder (but not impossible) for observers to identify you and track your movements online. No VPN provides total anonymity, but it can help improve the strength of your overall online privacy toolkit.
For example, your home internet service provider (ISP) is probably the single entity with the most insight into what you do online, second only perhaps by your cell phone carrier. The FTC issued a report in 2021 outlining exactly how much your ISP knows about what you do online, and it's a lot. Worse, thanks to Congress, your ISP can sell anonymized customer data. If you don't like that a company you're already paying is profiting from your data, or if you have concerns about ISPs hoarding detailed information about your activities, a VPN will help. Not even your ISP can see your web traffic when you use a VPN.
VPNs also make it harder for advertisers and others to track you online. Normally, data is transmitted from the internet to your device, and vice versa, using the IP address that's been assigned to your device by your ISP. When the VPN is active, your true IP address is hidden, and anyone watching you can only see the IP address of the VPN server.
(Credit: Duarte via Getty)However, as we mentioned, VPNs do not make you fully anonymous. Advertisers have plenty of ways to identify and track you as you move across the web. Website trackers and cookies try to identify you and then watch for where you appear next, and a VPN alone can't do anything about that (although many offer tools to help).
Sites and advertisers can also identify through unique characteristics like your browser version, screen size, and so on. This information is harmless, but when companies compile enough of these identifiers, they form a unique signature—so much so that the process is called browser fingerprinting. Ad and tracker blockers, like those found in some browsers or as standalone tools like the Electronic Frontier Foundation's (EFF) Privacy Badger, address some of these concerns.
Tor can also guard your privacy and grant you access to the dark web. Unlike a VPN, Tor bounces your traffic through several volunteer server nodes, making it harder to trace. It's also managed by a nonprofit organization and distributed for free. Some VPN services will even connect to Tor via VPN, making the network easier to access. However, the performance trade-off is high. Tor can slow down your connection significantly due to the number of hops your data goes through between your device and the internet. Tor isn't a perfect privacy solution, either. It has plenty of weaknesses to consider before you jump in.
Lastly, it's important to remember that law enforcement and government agencies have access to more advanced and invasive techniques than ever before. Given enough time, a determined, well-funded adversary can usually get what it's after, even if you use a VPN, Tor, or any other privacy product.
Do VPNs Protect Against Malware?
Several VPNs say they include some form of protection against malicious files. Sometimes, this is basic protection against known malicious sites and files. More and more VPN services include dedicated antivirus tools as well, though, and many security companies now offer VPNs as part of their security suites. For example, Surfshark One combines antivirus with VPN, and the top NordVPN tier includes a threat protection component. UltraAV, which came to national attention when it took over protection for Kaspersky subscribers, focuses equally on VPN and antivirus protection.
We don’t test malware protection that simply blocks access to known dangerous domains. However, when a VPN promises full-powered antivirus protection, we test that capability in the same way we test any antivirus app. This includes collecting any available test scores from four antivirus labs worldwide. For the most part, the VPN services that have added antivirus protection don't appear in lab reports, though that may be changing.
We also perform hands-on testing, challenging the antivirus component to detect and eliminate all kinds of malware, including ransomware. Results vary. For example, UltraAV scored high in our malware protection test, while NordVPN's score was mediocre.
Do VPNs Keep You Safe Online?
A VPN will hide the contents of your web traffic from some observers and can make it harder for you to be tracked online. But a VPN can only, at best, provide limited protection against the threats you're most likely to encounter on the web: malware, social engineering scams, and phishing sites.
Your VPN can consult a list of dangerous and fraudulent websites, blocking all access to those known undesirable domains. However, this is a heavy-handed approach and unsuitable for real-world situations, such as a phishing page injected into an otherwise safe site or malware distributed from a compromised domain.
There are better ways to address these threats. Your browser has built-in tools for detecting phishing sites, as do most antivirus suites. VPN suites that come with full-on antivirus protection typically build in detection of unwanted web pages as well, and some of them are quite successful. For example, NordVPN and Surfshark One scored 100% in our hands-on phishing protection test. Use common sense if you see a suspicious pop-up window or receive an unusual email urging you to take some action.
Many people reuse or use weak passwords, so get a password manager to generate and store unique, strong passwords for each site and service you use. Finally, protect your online accounts and enable multi-factor authentication whenever available.
Do VPNs Hide Your Torrenting and Online Activity?
When a VPN is active, all your traffic is encrypted. This means your ISP can't see the sites you visit or the files you download and upload.
But while your ISP can't see you're torrenting the entire run of The Great British Bake Off, they can still see you're using a lot of bandwidth. This alone may violate your terms of service, though many ISPs will charge you for more data if you use too much, throttle your connection speeds, or some combination of both. Additionally, pirating content may violate your VPN provider's terms and conditions, the way it definitely violates your ISP's, so check their documentation carefully before signing up.
Can VPNs Bypass Censorship?
With a VPN, it's possible to connect to a VPN server in another country and browse the web as if you were physically located where that server is. In some cases, this can get around local content restrictions and other kinds of censorship. It's easily the noblest use of a VPN, and VPN companies will often play up their role in protecting internet freedom.
(Credit: Proton VPN)A VPN doesn't make your traffic invisible. Observers can see that your traffic is encrypted but won't be able to see the actual content of that traffic. However, the encrypted traffic alone might attract unwanted attention. Some VPNs include proprietary protocols that aim to disguise VPN traffic as more common HTTPS traffic. These include Catapult Hydra, Stealth, and Lightway from UltraVPN (white-labeled by HotspotShield VPN), Proton VPN, and ExpressVPN, respectively.
We don't explicitly test a VPN's ability to bypass censorship, and endorsing a VPN service for this ability could put people's lives at risk if we get it wrong. Simply using a VPN may get you into legal hot water, depending on where you are, so know the risks before you install one on any of your devices. Remember, no tool can provide total protection.
Can VPNs Spoof Your Location?
With a VPN, you can connect to a server in a different country and spoof your location. One of the ways to determine where an internet-connected machine is located is to look at its IP address. These addresses are distributed geographically and sometimes close to your true location. By hiding your true IP address behind the IP address of a VPN server, your location can be obscured.
But remember that sites and services sometimes have other means of determining your location, such as cookies stored on your devices. Also, many sites are sensitive to changes in expected behavior. If your bank sees someone claiming to be you connecting from Latvia, it may require them to do additional security checks before granting access. That's generally a good thing, but it can be annoying when it's you using the VPN and not a scammer.
Can VPNs Unblock Streaming Content?
Streaming services sometimes offer different content in different countries due to licensing agreements in each region. For example, UK residents might be able to watch Star Trek: Discovery on Netflix, while US residents would need to use Paramount+. From the comfort of your home, you can pop over to a faraway VPN server, perhaps to access streaming video unavailable in the US.
Like government censorship, streaming services know many people use VPNs to access their content and actively work to prevent it. The results above are recorded at the time of review, so they may not be consistent with your experience. Libraries we tested as Limited or Blocked during the review could be Open by the time you connect, and something marked Open today may be Limited or Blocked in a few weeks or months.
Can You Trust a VPN?
The biggest problem with VPNs isn't technology but trust. Because all your traffic passes through its network, a VPN company is in the same position as an ISP. It could, if it wished, see everything you do online, sell that data, or use it to identify you if someone asks for it.
VPNs are eager to earn your trust, but proving they deserve it is difficult. When we review a VPN, we pore over its privacy policy and send out a questionnaire to get a sense of what efforts each company makes to protect customers' privacy. We know they could lie to us, but our goal is to put them on record.
(Credit: Shutterstock/DenPhotos)We want VPNs to take every possible measure to protect their customers, but we also want transparency. Even when we don't agree with all their choices, we prefer companies that are up-front about their operations. A VPN should also issue a transparency report outlining what requests the company has received from law enforcement and how the company responded.
We also like to see third-party audits of VPN services that examine the policies and review the security of the company's infrastructure. Audits are imperfect tools, partially because they're commissioned by the VPN company, which also outlines the scope of the audit. Still, it's a valuable way to demonstrate a company's commitment to transparency.
Do I Need a VPN?
In years past, VPNs had a better-defined place in your privacy and security toolbox. Back then, most web traffic traveled via HTTP, sometimes without encryption. Today, most web traffic is sent via HTTPS, which is encrypted. However, an ISP or someone spying on your network can still see the highest level of your traffic's destination, even if it's HTTPS. For example, even though our site uses HTTPS, your ISP could see that you've visited PCMag.com but not pcmag.com/how-to/what-is-a-vpn-and-why-you-need-one.
Advertisers have also become more sophisticated. Browser fingerprinting and other techniques, like cookie storage, can circumvent a VPN's anonymizing abilities. Even a VPN’s ability to spoof locations, bypass censorship, and unblock streaming is less certain as companies and governments have become increasingly aggressive in detecting and blocking VPN traffic.
The rise of sophisticated tracking methods and HTTPS are often cited as reasons VPNs aren't worth the money. But ultimately, it all depends on why you need or want a VPN. If you want your traffic to appear to be coming from another country, a VPN will do that. If you want to make it a little harder for advertisers and others to track you as you move across the web, a VPN can help do that, too. And if you want to ensure your ISP knows as little about your online activity as possible, a VPN can also help there.
A VPN isn't a perfect solution, but it's still a powerful tool to protect your privacy online. It's a valuable part of your toolkit, and like every tool, it works best when you use it for the right job.
If you're ready to get started using one, start with the best VPNs we've tested.
Max Eddy also contributed to this article.