VPNs are appearing on more and more internet-connected devices every day. It isn't surprising when you consider the assaults on internet privacy around the world, and the attempts by corporations and governments to control what you see and think.
VPNs help you fight against these trends by boosting your privacy and security while helping you evade censorship and get access to the content you want, regardless of where in the world it is available. In this 7,000+ word mega-guide to VPNs, we'll talk about all the reasons to use VPNs while also explaining how they do what they do, and answering common questions that people have about VPNs.
Before you dive into this, let's go over some terms that will pop up again and again (and again) throughout this guide.
VPN terminology you should know
This whole guide is going to be a lot easier to follow if you know what a few key terms mean.
VPN – VPN is an acronym for Virtual Private Network. A virtual private network consists of hardware and software that collectively let you use the internet while protecting your privacy. It does this by encrypting communication between the VPN client on your computer or other device and a VPN server. The encryption makes the messages secure against any unauthorized entity trying to read them.
VPN service – A VPN service (also known as a VPN provider) is the organization that controls the hardware and software of a VPN. You will typically pay the VPN service for a subscription to the VPN and will get access to VPN apps (also known as VPN clients) that will connect your devices to the VPN.
VPN client – A VPN client (also known as a VPN app) is the software that you install on your devices to connect to the VPN.
VPN server – A VPN server is a physical or virtual server that your VPN client will connect to in order to encrypt your internet traffic and communicate with the rest of the internet.
VPN protocol – A VPN protocol is the set of rules that control how a VPN client connects to a VPN server. The amount of software needed to implement a VPN protocol varies greatly. The OpenVPN protocol requires several hundred thousand lines of code while the WireGuard protocol requires approximately four thousand lines of code.
IP address – An IP address (Internet Protocol address) is the address of a device on the internet. Every device (desktops, laptops, phones, routers, refrigerators, etc.) connected to the internet gets assigned an IP address. In addition to identifying a particular device, an IP address contains data about your physical location.
When you connect to a VPN server, your real IP address (assigned by your internet service provider) will be replaced by the VPN server's IP address. Every bit of information that passes through the internet contains both the IP address of the sender and the IP address of the recipient. Because the VPN replaces your IP address with its own, it looks like any message you send is coming from the VPN, not from you.
That's it. While you will encounter other technical terms as we go along, if you have a good handle on these six, things will be much easier from here on out.
How a VPN works
VPNs create encrypted connections between the VPN clients on subscriber's devices and the VPN servers provided by the service. The encryption functions like the walls of a virtual tunnel through the internet, preventing outsiders from accessing the messages flowing between a VPN client and VPN server.
When a message from your device reaches the VPN server, the server decrypts the message and sends it along to the correct destination. However, the message goes out with the IP address of the VPN server in the sender field instead of your IP address. As far as the recipient will be able to tell, the message originated at the VPN server, not at your device. And this makes all the difference.
The encrypted tunnel prevents hostile entities from reading messages flowing between your VPN client and the VPN server, so your connection is secure. And the substitution of the VPN server IP address for your address means no one can tell the messages are coming from your device, so your privacy is protected.
Those are the basics, but it gets even better. The best VPN providers have thousands of VPN servers located in dozens of countries around the world. If you connect your VPN client to a VPN server in a different country, the websites and services you visit will think that you are physically located in that country! This presents a number of benefits, which we will touch on now.
Why you need a VPN now more than ever
VPNs are great tools for privacy and security while you conduct your activities online. This is important because every day, the internet becomes more infested with entities that want to violate your privacy, exploit your data, and control what you see and do online. Here are some of the ways a VPN can protect you from these problems:
A VPN adds a layer of encryption around your messages as they travel across the internet. This additional layer of security prevents any third parties (including your Internet Service Provider (ISP)) from reading those messages. If your messages are not secure, attackers may be able to extract crucial information from your connection.
This extra security is particularly important if you use public WiFi networks. These networks tend to have weak security and are favorite hunting grounds for hackers seeking easy targets. They may be able to bypass the WiFi network's security, but if you are using a VPN all that they will see of your messages is the encrypted form of those messages. For the hacker, this will just look like unintelligible gibberish.
Most of the spying done on the internet depends on acquiring your IP address. That's because an IP address can be used to identify a specific device connected to the internet. IP addresses can also be correlated to real world physical locations. With your IP address, snoops can track your online activities and basically obliterate your online privacy.
VPNs also give their users valuable capabilities that non-VPN users simply can't match. Many website use geo-blocking systems to control who can view their content. The systems use your IP address to determine your approximate physical location. Based on your location, they then decide whether or not you are allowed to view their content. The best VPNs can defeat geo-blocking systems, allowing you to view content anywhere in the world.
A VPN can also have real benefits for viewing content that is not geo-blocked. You often will not want other people to be able to know which content you are watching. For example, you probably don't want your insurance company to know that you are watching videos about some exotic disease. Likewise, you probably wouldn't want advertisers to know you are watching videos about prenatal care if you are an underage kid living at home with your strict parents.
Or you might be into torrenting, P2P file downloads, or streaming content from video sites that have copyrighted material on them. Movie companies and other content creators have been known to monitor these sites and sue people for violating their copyrights. While I don't advocate using a VPN to do anything illegal, using a VPN to hide your true identity when visiting “controversial” sites can help keep you out of trouble.
Finally, using a VPN and connecting to certain websites from different locations could save you money. The airline industry is famous for offering different prices for the same seat to people from different locations. When you visit a travel website, you might find one price for a ticket if you use a VPN server located in say, Chicago USA, and a different price if you log in using a server in say, Buenos Aires Argentina. Online shopping sites are also known to offer different prices depending on where your IP address says you are located.
Now that we’ve covered some of the best reasons to use a VPN, let's get right to the heart of the matter.
Here are the criteria I used to find the best VPNs
Based on our testing, here are the three best VPNs available today. In choosing them, I used the following criteria:
Excellent security – The best VPNs use strong encryption and have built-in leak protection.
Privacy-friendly jurisdiction – A VPN provider must abide by the laws of the country it is based in. VPNs based in countries like the US or UK could be forced to disclose information about their users by the local government. That's why I prefer VPNs based in privacy-friendly jurisdictions like Panama or the British Virgin Islands (BVI).
Solid reputation – A VPN needs to be backed by a solid company and have a record of protecting their users' privacy. If you can't trust the company behind the VPN, you are putting your privacy at risk.
A full suite of apps – A VPN is useless (to you) if it doesn't have apps that will work on the devices you use. All the VPNs we recommend have apps for the major mobile and desktop operating systems, along with more than a few of the less common systems and devices.
User friendly – A VPN needs to be easy to use without requiring the user (you) to be an expert in the intricacies of virtual private networks.
Streaming and torrenting – The best VPNs are capable of defeating the geo-blocking systems used by major streaming media. They are also fast and protect your privacy when you are using them for streaming or torrenting.
Excellent performance – All VPNs slow down your web browsing to some extent. But if the VPN impacts your speed too much, you won't use it.
24/7 live technical support – If you ever have a problem with your VPN, you're going to want instant support to get back online. That means the VPN service needs to provide 24/7 live chat support.
30 day money-back guarantee – While all of my recommended VPNs are excellent services, you'll still want to test them out for yourself. Considering that none of them give free trials, you can take advantage of their 30 day money-back guarantees to give them a solid test drive before making a long-term commitment.
Here are the 3 Best VPNs
Based on these criteria, here are the top three VPNs available today:
In the next few sections we will do a quick overview of each of these virtual private networks. While all three of them are good options, the overviews should help you choose the one that will be best for you.
NordVPN is a popular VPN service based in the privacy-friendly jurisdiction of Panama. It fills every one of the criteria I use for selecting a VPN, and brings several additional benefits besides. This VPN service has 5,200 VPN servers located in 60 countries around the world. That huge network allows NordVPN to offer a range of specialized servers, including multi-hop VPN servers and Onion-over-VPN servers.
NordVPN has user-friendly apps for virtually any device you might want to use. Their apps include kill-switches to ensure that your data doesn't inadvertently get dumped onto the internet in unencrypted form if something happens to the connection between your device and the VPN. This virtual private network even works on many popular routers and comes preinstalled on the high-end Vilfo VPN router.
NordVPN is the fastest VPN I have ever seen. This is thanks to their new NordLynx protocol. NordLynx takes the speed of the Wireguard protocol and adds in their own tweak to eliminate WireGuard's built in privacy limitations.
NordVPN gives you strong privacy protections and security features like CyberSec which blocks ads, trackers, and other malware. That's on top of their strong encryption and VPN protocols (AES-256 when using the OpenVPN protocol and ChaCha20 for NordLynx). This VPN service keeps no logs, a fact that has been verified by outside auditors.
NordVPN does a great job of defeating geo-blocking systems, including that of Netflix, which has perhaps the strongest system out there. We've successfully tested it with numerous other streaming media services as well. Its speed makes for great HD video viewing as well, without any of the stuttering or delays that lesser services subject you to.
Note: NordVPN tops our list of the best VPNs for Netflix.
Finally, NordVPN has a strong support team that you can connect to whenever necessary, thanks to their 24/7 live chat system. And of course you also get a 30 day money-back guarantee so you have lots of time to test out the service. This is good because you'll get the best price on NordVPN if you go with their 2-year plan. Right now, if you use the discount coupon below, that 2-year plan will work out to a monthly cost of only $3.29, a lower price than the typical VPN provider would charge.
Surfshark is only a few years old but has established itself as one of the premier VPN providers in the world. Based in the British Virgin Islands (another excellent pro-privacy jurisdiction), Surfshark combines many of the best features of NordVPN and ExpressVPN, along with a potentially game-changing feature all their own.
Surfshark, like NordVPN, has added WireGuard support to their VPN server and VPN client. The result: Surfshark is the second fastest VPN service I have ever seen. It has a large VPN server network, with over 3,200 servers in 65 countries.
Surfshark offers quality VPN apps for many popular devices, including various Smart TVs, but they do not have any apps for routers. Their apps use strong encryption and VPN protocols, and have built-in kill switches, along with CleanWeb (the Surfshark equivalent of CyberSec). Like NordVPN, Surfshark is a no-logs VPN.
Surfshark also does a great job with unblocking streaming services and protecting your identity when you are torrenting. And they have 24/7 live chat support, a 30 day money-back guarantee, and a 24-month plan much cheaper than NordVPN's 2-year plan.
What's the potentially game-changing feature you ask? Most VPN services place a limit on the number of devices you can have connected to their network at any one time (usually 5 or 6). Surfshark does not. Surfshark offers unlimited simultaneous connections to their network. This is a great benefit.
Think about how many internet-connected computers, tablets, and laptops you have connected to your home network. Once you have that number, add in all the Smart TVs, intelligent security devices and other gizmos you might want protected by the VPN. The standard 5 or 6 free VPN connections may be too few to handle everything you have now, much less what you will add this year. If this describes you, you'll definitely want to take a look at Surfshark.
ExpressVPN is another virtual private network based in the British Virgin Islands (BVI). Long the king of VPNs, I find that ExpressVPN has been edged out by NordVPN and Surfshark. However, this doesn't mean that ExpressVPN is a bad VPN. Far from it. Here at SecurityTech, we rank ExpressVPN as the 3rd best VPN available.
Like the others in our list, ExpressVPN has rolled out its own new VPN protocol in the last several months. But while NordVPN and Surfshark built their protocols around WireGuard, ExpressVPN went its own way and created the Lightway protocol. Lightway promised faster speeds and better security.
And it delivered. Unfortunately, while Lightway was speeding up ExpressVPN somewhat, the new protocols coming out of Surfshark and NordVPN were even faster, boosting those VPNs even more.
Note: It is particularly important to use the Lightway protocol whenever possible. In our most recent testing we found that ExpressVPN was rather slow when we used OpenVPN instead of Lightway.
Happily, there is still much to like about ExpressVPN. They have a full range of very secure, easy to use apps that run on all your favorite mobile and desktop operating systems, routers, smart home devices, even select game consoles. In our testing, we found their apps to be very reliable, with no leaks and built-in kill switches. These apps are connected to a network of 3,000+ secure VPN servers with locations in 94 countries.
Like the other two services here, ExpressVPN keeps no logs of your online activities. This has been shown both by third party security audits, and out in the real world, where one of their servers was physically seized by a foreign government looking for evidence in a criminal case. They found nothing since ExpressVPN records nothing.
ExpressVPN does an excellent job of defeating the geo-blocking systems of Netflix and other major streaming services. However, you may find it to be too slow for smooth HD video playback, particularly if you make the connection using OpenVPN instead of Lightway.
ExpressVPN has a well-deserved reputation for excellent customer support. I've found their 24/7 live chat support line to be staffed with responsive, knowledgeable people who quickly addressed my questions and concerns.
You also get a 30 day money-back guarantee, giving you plenty of time to put ExpressVPN through its paces. That is important, because ExpressVPN is one of the more expensive VPN services. At the time of this review, their best price was a 12 month plan that cost $8.32 per month.
Here's a link to our complete ExpressVPN review.
What you need to know about VPN protocols and encryption
We touched on VPN protocols earlier. Now we need to talk about them in a little more detail. Most VPNs support several protocols and allow you to choose which one they will use at your discretion. To do that intelligently, you'll need to know a little bit about each.
We'll also talk a bit about encryption. Not an attempt to explain it, but simply so you can have some familiarity with the types of encryption used in VPN protocols.
While all VPN protocols exist to make a secure and encrypted connection between your device and a VPN server, there are tradeoffs in doing so. I'm just going to give you a short summary of each of the current protocols along with its pros and cons. That way, you'll be able to choose between them if necessary.
Note: Most of the time you will do fine if you let your VPN client choose a VPN protocol for you. With that said, if your VPN client offers you the choice of OpenVPN or WireGuard, I suggest you at least try the WireGuard protocol for a while. I think you will be impressed with its performance.
OpenVPN has been the most popular and secure VPN protocol for some time. It is open source software that supports several different authentication methods and a wide range of devices.
OpenVPN also has a lot of features, including support for both UDP and TCP. Unfortunately, implementing such a versatile protocol has required hundreds of thousands of lines of code. This makes OpenVPN a big target for hackers and not as fast as you might like.
WireGuard is a new VPN protocol that provides better security and better performance (is faster) than OpenVPN and other VPN protocols. WireGuard by itself doesn't provide the level of privacy that no-logs VPNs promise. But VPN services have found ways to address the issue. NordVPN, for example, has created NordLynx, their own custom VPN protocol. It combines the speed and security of WireGuard, with a privacy fix that eliminates my privacy concerns.
What kind of speed advantage does WireGuard have over OpenVPN? Testing shows that on average WireGuard is 58% faster than OpenVPN.
IKEv2/IPSec (Internet Protocol Security with Internet Key Exchange version 2) is another fast, secure VPN protocol that is built into several leading operating system. It is automatically pre-configured in many operating systems, such as Windows, Mac OS, and iOS. One of IKEv2/IPSec‘s talents is quickly reconnecting to a network, something particularly valuable for mobile usage. Unfortunately, the IKEv2 was developed by Cisco and Microsoft, who have not made the code open source.
L2TP/IPSec (Layer 2 Tunneling Protocol with Internet Protocol Security) is built into many operating systems and frequently used on mobile devices. It is secure, but not particularly fast.
Sometimes other protocols may show up as options in your VPN client. But unless you have some very unusual circumstances, I recommend that you choose one of the four protocols I have listed here.
There are lots of encryption algorithms in use around the world, but fortunately for us, only two main ones you are likely to run into in VPNs these days.
AES (Advanced Encryption Standard) is the #1 cryptographic cipher used for VPNs today. Since 2002, AES has been the U.S. federal standard for encryption. The majority of VPNs use AES with a 256-bit key length (AES-256), although some will opt for AES-128, which is weaker but still considered secure. There are also variants of AES you may see, such as AES-256-GCM or AES-256-CBC.
Streaming and Torrenting – Getting the content you need safely
Streaming and torrenting are two of the most popular uses for VPNs. The question is, since you can do both those activities without a VPN why would you do them with a VPN? Let me explain…
You would use a VPN for streaming because it can give you access to content that is censored or geo-blocked. The ability to defeat impediments like these makes a strong streaming VPN into a great tool for getting the content you need, wherever it is located around the world. Getting a little more specific, here are some of the most common streaming activities for VPN users:
- Streaming content from Netflix, Disney Plus, and other streaming media services. These services use geo-blocking to control who can view their content. A good streaming VPN can outsmart the geo-blocking system and give you access to the specific content you want regardless of the location of the library that contains it.
- Streaming content from Kodi. Many Kodi add-ons are only available in specific regions of the world. Using a VPN that works well with Kodi will let you benefit from all of Kodi's add-ons.
- Streaming sporting events and TV specials. Some sporting events, TV specials, and other useful content is geo-blocked too. A VPN can get you around those blocks.
- Hiding your streaming from your internet service provider (ISP). Some Internet service providers log your online activities. Others put limits on the streaming activities of their users. In either case, when you use a VPN to stream, your ISP won't know what you are doing. All they will know is that you are using a VPN for something or other. That means they wont be able to log or interfere with your streaming activities.
It is clear that a VPN can help with streaming. But what about torrenting? Here the goal is safety. In some locations, it is illegal to download (or torrent) certain kinds of files. Downloading copyrighted material can get you in deep trouble. We're not just talking about some hit song or the latest Avengers movie. Software and university textbooks are other kinds of coyrighted content that people download from torrents or P2P file sharing sites.
Now I don't recommend illegally downloading copyrighted content. And I'm sure you wouldn't do it either. But you still need to use a VPN when downloading anything. That's because you could inadvertently get caught up in a sting operation looking for copyright violators.
Media companies have been known to run networks of monitoring nodes, that join torrenting swarms to gather whatever information they can about the users in the swarm. They will then work with ISPs to try and identify users they claim violated their copyrights. Then they sue the hell out of anyone they can identify.
The best way to avoid getting caught up in this kind of mess is to always use a VPN when torrenting or doing P2P downloads. Since your real IP address never gets exposed to the swarm, the media companies won't know who you are so won't be able to take action (justified or not) against you.
VPN logs – a major threat to your privacy
Earlier in this report, I pointed out that all three of my picks for best VPN are no log VPNs. Let's talk about the various types of logs. You'll quickly see why this is an important topic.
Here are the types of VPN logs:
Usage (browsing) logs – Usage logs are something you definitely want to avoid. This type of log can include a huge amount of information about your online activities. Things like: browsing history, log on and log off times, you IP address and those of the sites you visit, metadata, and so on. If you are concerned about your online privacy you should avoid any VPN that generates usage logs.
Connection logs – Connection logs are not as bad as usage logs. Connection logs typically include: dates and times of VPN use, connection data, and perhaps IP addresses. A VPN has good reasons for generating connection logs. They can use the data for things like optimizing their network of VPN servers, as well as for dealing with user problems and other issues. If a VPN keeps this kind of log, you should question them about how securely the logs are stored and how often they delete the log information.
Your best bet for finding a real no logs VPN is to select one that has been audited by a third party testing organization… like the three VPNs we're talking about in this article.
VPN speed – the issue no one wants to talk about
People in the space don't like to talk about it, but using a VPN always has a cost. That cost is measured in lost speed. Here are the reasons why:
- VPNs require CPU time. The VPN app needs to encrypt and decrypt packets of data that pass through the internet. All this work takes up time and uses CPU cycles, slowing you down a bit.
- All your data passes through one (or more) additional servers. Instead of taking the most direct route between your device and a website, your data has to pass through the VPN server where it gets encrypted or decrypted. This work takes time too.
- Data can only travel so fast through the internet. While we seldom think about it, the internet is made up of countless miles of copper wire and optical fiber. It takes signals some time to travel through all this physical infrastructure. Depending on the location of the VPN server relative to your device and the server that houses the website you connect to, using the VPN could add thousands of miles to the overall distance your messages must travel. Those miles slow you down too.
What can you do to minimize the speed impact of a VPN? I have two suggestions:
- Choose the closest server that meets your needs. Say you are in France, and want to stream videos from a geo-blocked service in the United States. You need to use a VPN server that is located in the United States, but there are lots of servers to choose from. You'll get the best results if you select a VPN server in New York, rather than one in Texas, because New York is closer to France than Texas. Doing this should minimize the overall length of the connection and give you the best speed.
- Choose a fast VPN. For whatever reason, some VPNs are faster than others. A fast VPN might cost you 5% or 10% of the speed of your connection, while a slow VPN can cost you 50% or more. Since they added WireGuard support through their NordLynx protocol, NordVPN has become the fastest VPN I have ever seen. Here's a result from one test, using a 500 Mbps fiber optic internet connection.
Given the importance of VPN speeds, we always test for that. The best VPNs not only offer fast speeds, but the speed is consistent across their VPN server network.
With a fast VPN, you shouldn't notice any speed loss while doing basic computer tasks like sending email or using chat apps. You should also find that you can view streaming media without any issues. Most VPNs don't measure up to this standard, but our three favorite VPNs do.
VPN leaks: How to deal with them
Some VPNs have problems with leaks. That is, they leak data onto the internet when that data should be safely protected inside the VPN tunnel. Here are the three types of leaks that plague lower-end VPN services:
- DNS leaks – Many VPNs provide their own DNS service. Instead of sending DNS requests to the DNS service preferred by your internet service provider, they pass the requests through the VPN tunnel and use a private DNS. This prevents your ISP (or anyone else) from monitoring your DNS requests and IP address and using that information to log the websites you visit. A DNS leak occurs when your DNS requests get passed to the DNS your internet service provider wants you to use.
- IP address leaks – IP address leaks are similar in that they expose personal information (your IP address) to the internet instead of keeping your address shielded within the VPN tunnel. These can occur if something happens to your connection to the VPN and the VPN client doesn't stop the leak with a kill switch. This kind of leak can be a short term temporary problem or a long term continuous leak. VPNs that don't handle IPv6 addresses properly can have long term IP address leaks.
- WebRTC leaks – WebRTC leaks affect certain web browsers. They expose your IP address even if you are using a leak-free VPN. Browser based on Chromium (Firefox, Chrome, Brave, and others) are susceptible to this problem.
Note: If you are using a browser that is susceptible to WebRTC leaks, let us know in the comments below. If enough people need it, we will create a guide to eliminating WebRTC leaks.
None of the VPNs I recommend in this article had any leaks during testing. That said, it is worthwhile to test your system every so often. I suggest using ipleak.net for this. In just a few seconds this site can tell you if your VPN / browser combination is subject to any of the leaks we just discussed. Your test results will look something like this:
How you can defeat VPN blocks
Some countries just don't want their people using VPNs. Imagine if the peons could evade the government censorship efforts and see what's really going on in the world. Fortunately, only a few countries such as China and various middle eastern nations go this far.
While using a VPN is legal throughout most of the world, there are still circumstances where you might find yourself blocked from using a VPN. These include:
- School networks – Schools sometimes block VPNs. One reason is that they want to be able to monitor the online activities of their students. The other is that they want to prevent students from streaming, torrenting, or otherwise doing things that use up a lot of bandwidth on the school network.
- Work networks – Work networks sometimes block VPNs too. They might have the same reasons as schools. In addition, they might be concerned about industrial espionage, where an employee sends company secrets to a competitor.
Obfuscation is the best way to defeat VPN blocking. A VPN's obfuscation feature will make VPN traffic look like HTTPS (Hypertext Transfer Protocol Secure) traffic. Because the vast majority of websites these days support or require browsers to connect using HTTPS the censors can't block this kind of traffic.
All three of my recommended VPNs offer obfuscation features. NordVPN and ExpressVPN offer ‘standard' obfuscated servers. Surfshark also offers obfuscation, although they call it Camouflage mode.
One last thing. Unless you are actively being blocked, you should avoid using your VPN's obfuscation feature. Using it may affect your performance, and tie up limited obfuscation resources for someone who really needs them.
Using a VPN on Android and iOS devices
Using a VPN on an Android or iOS device is a great idea. Most people's smartphones are chock full of important personal information. We use these incredible devices constantly, for everything from talking with friends, to managing our finances.
Worse, we love to use them in coffee shops, restaurants, public parks, anywhere that someone is offering free WiFi. This whole scenario is a privacy nightmare.
I might go so far as to say that using a VPN on Android and iOS devices is even more important than doing so on the devices in your home. Your mobile devices are exposed to more different networks and sources of danger in a day than your home computer sees in a month? A year? A long time for sure.
To protect yourself with the least amount of effort, you can choose a VPN with its own custom VPN app, like the one provided by NordVPN.
Note: Some VPNs don't provide their own custom app, and leave it up to you to install a third-party VPN app like OpenVPN. Still others expect you to use the VPN features built into Android and iOS devices. While these are usable solutions, the fastest, easiest, and safest way to go is to use the official mobile VPN apps from the VPN providers themselves.
Installing a VPN on a router
When you get a subscription to NordVPN or ExpressVPN you are limited in the number of simultaneous connections to their network you can have. One way around this problem is to install the VPN on your router. This extends VPN protection to every device connected to the router. Installing a VPN on a router is more complicated than installing a VPN app on your computer of mobile device.
Both NordVPN and ExpressVPN can be installed on various routers. Each has a section of their website dedicated to helping you set this up. You can either buy a router with the VPN preinstalled, or you can install it on your current router (if that router is one that is supported by the VPN provider). Whichever way you go, your entire network will be protected.
If you like the idea of setting up a home VPN router appeals to you, I suggest you focus on NordVPN and ExpressVPN. While some home routers can support these VPNs, there is a problem. Most consumer-grade routers don't have a powerful enough CPU (Central Processing Unit) to let your VPN run at full speed. Both NordVPN and ExpressVPN have lists of recommended routers, but even those represent something of a compromise.
If you are planning to set up a VPN router, and have more than a handful of devices you would like to connection, I recommend you check out the Vilfo VPN router. Designed by the Swedish creators of OVPN, this router packs plenty of processing power and comes with NordVPN, ExpressVPN (and numerous others) preinstalled. Although I haven't done a formal review of it yet, I have had one of these in my lab for over a year now and it handles whatever I can throw at it.
VPNs and Tor – how you can use them together
You know that a VPN is a tool to protect your online privacy. Tor is another online privacy tool but it works very differently than a VPN. You can use them together to increase your privacy but before I explain how, we need to cover a little background info.
Tor stands for The Onion Router. It is a network of specialized servers with a custom web browser. The Tor network is designed to allow you to use Tor to browse the internet anonymously. Conceptually, this is great. And for the time that it was created (2002), Tor was a real boon.
However, there are several things that concern me about Tor. You should know about them before we get into using Tor together with a VPN.
First off, Tor was created by the US government to allow its agents to communicate anonymously. Even today, Tor still gets much of its funding from the US government. Considering the extent of the United States efforts to surveil everyone everywhere all the time, there seems to be a big conflict of interest here.
Beyond the involvement of the US government in Tor, there are a few other issues to consider:
- The Tor network may have been compromised. In a 2016 court case it was revealed that Carnegie Mellon University (CMU) had been hired in 2014 by the US Department of Defense to break Tor.
- Microsoft’s DRM and simply viewing PDF documents while using Tor can cause your identity to leak out.
- Due to the relatively small size and number of users of the Tor network, an entity with sufficient resources (like the US government) might be able to use end-to-end timing attacks to identify individual users.
- There have also been reports of malicious Tor nodes, servers that are being used to spy on Tor users, rather than protect their identity. According to a 2020 ZDNet article, researchers identified more than 100 Tor nodes that appeared to be spying on network activity.
- Aside from all the spooky stuff, Tor is extremely slow, making it impractical for most uses.
If you are still interested in using Tor, using it with a VPN can reduce some of the risk. There are two good ways to do so:
- The Tor-over-VPN approach. To do this, you simply start your VPN and connect it to a VPN server. Then you open the Tor browser and use Tor normally. This works because the Tor network never sees your IP address. Anyone spying on the network will see the VPN server's IP address rather than yours. You can do this with any of the VPNs I recommend in this report.
- Use NordVPN's Onion Over VPN feature. This feature gives you the “anonymity” of Tor with the security of NordVPN, without you having to do anything other than use the correct NordVPN server.
Whichever approach you choose, including a VPN in the mix if you use Tor is a good defensive move.
The VPN FAQ
Here are quick answers to several VPN questions that seem to come up time and again.
VPNs are safe to use in virtually all situations. However, you need to use a quality VPN. Some VPNs keep logs of your online activities that they can share with the local authorities (or anyone waving some money around). Some VPNs try to protect you but their tech isn't up to the job. These are the ones that have data leaks, or use encryption that isn't up to current standards. And some VPN services are simply dishonest or untrustworthy. For all these reasons, we think you should stick with one of the VPNs we recommend here on SecurityTech.
Is using a VPN legal?
It is legal to use a VPN in the vast majority of countries. Unless you are living in places like China, Russia, North Korea, or a Middle Eastern theocracy, it is almost certainly legal to use a VPN.
There is one thing you should be aware of here. If you use a VPN to commit a crime, you are still committing a crime. The fact that you use a VPN doesn't provide any sort of legal immunity.
Will a VPN drain my battery?
In most circumstances, a VPN won't be able to help you stream video. If you can stream video from a particular service without your VPN turned on, then you won't get any benefit from activating it. A quality VPN may be able to help you stream video when you cannot do so without the VPN active. This typically occurs when you are trying to stream video from a service that uses geoblocking technology.
With geoblocking, a streaming video service uses your IP address to decide if you are located within the geographic region it supports. For example, if you are in the United States and want to stream something from the Mexican Netflix library, you may be blocked because you are not in the geographic region service by Netflix Mexico.
Some VPNs have the ability to get around geoblocking attempts by streaming video services like Netflix, so in this situation a VPN may be the only way you can stream the content you want.
Can you be tracked through a VPN?
A quality VPN will prevent you from being tracked through it since your IP address will be hidden from the sites you visit. However, there are other ways that you can be tracked online, some of which will function even if you are using a VPN.
If you are logged into Google or Facebook while using the VPN, those companies may be able to see which sites you visit regardless of whether your VPN is on or off. In addition, if you click on an ad while using the VPN, that ad may employ tracking technologies that a VPN cannot block.
The world is a scary place for anyone who believes in privacy. Major Western governments are turning into surveillance states, expending vast amounts of treasure trying to spy on everyone all the time. Place like China are even worse, with their AI powered “social scoring” system that not only records everything, but uses what it records to make your life hell if you don't do exactly what the government wants.
In a world like this, it makes sense to do what you can to protect your privacy wherever possible. Using a quality VPN like the three I currently recommend is a simple step you can take to protect yourself. And leaving aside the nightmare “Big Brother” scenarios, VPNs can protect you from all sorts of snoops and troublemakers.
The use of VPNs is booming around the world. It is one trend you should probably join yourself.
This in-depth guide to VPNs was last updated January 8, 2022.