by Bill Hess, PixelPrivacy
A laptop and mobile device user visits her favorite coffee shop, connecting to the free Wi-Fi hotspot to access the internet. She uses the unprotected hotspot to pay bills, do her banking and shop on Amazon. Meanwhile, a quiet young man sits in the corner, sipping his latte and monitoring her internet connection, stealing valuable personal and business information.
A business traveller visits a foreign country and finds she no longer has access to her company’s servers, as well as a number of other websites and online services she requires to properly perform her job-related tasks online. Even worse, she also cannot access the latest episode of “House of Cards” on Netflix.
A citizen of a country ruled by a totalitarian government longs to be able to visit websites that are blocked out of hand by the government due to the websites’ allegedly radical information, which the government feels may do damage to the rulers’ approved ways of thinking.
All three examples above are textbook cases for problems that a Virtual Private Network (VPN) could be used to solve, protecting users’ personal and business data, as well as opening up access to web-based content and services that might not normally be available due to to government or geographically-based restrictions.
By using a VPN, internet users can protect their valuable personal and business-related data from prying eyes. In addition to enhanced security, a VPN connection can also open up a world of information that might not normally be available.
In this article, I’ll explain to you what a VPN is, what it does and why you should be using one to protect the internet connection on your computers and mobile devices.
What is a VPN?
A Virtual Private Network offers a secure, protected network connection between a computer or mobile device and another network via the internet.
A VPN accomplishes this by forwarding all of the connected device’s data traffic through a private network, allowing the user to access local network resources, no matter where the user’s location is.
Using a VPN also hides a computer’s true IP address. This allows users to access web content and services that might not normally be available in their actual location. What’s more, a VPN encrypts all data transmitted via the connection, adding an additional layer of protection for users.
A VPN is created by establishing a point-to-point connection through the internet – a private tunnel of sorts. The tunneled connection offers users the same benefits as if they were connecting to the target network from within that network, looking and acting, for all purposes, like a local connection.
What Can a VPN Be Used For?
Sure, a VPN sounds like a fine thing, but why would you ever need one?
In today’s world, I feel that a VPN is a must-have for the toolkit of any internet user. Whether you do business on the web, check your banking accounts via the internet, or only peruse Facebook, someone could be monitoring your internet connection.
A VPN allows users to freely use the internet as it was intended, accessing any and all available content and services, with no restriction by your ISP or government. It also prevents said Internet Service Provider or government from selling your personal usage stats or keeping a record of that usage to use against you in court.
A VPN allows users to:
1 Access a Private Business Network While on the Road
VPNs were originally used mostly by business people who traveled, but still wanted to be able to connect to their company’s network and its resources while out of the office, without exposing the network directly to the internet.
2 Hide Internet-Browsing Activity from Prying Eyes
A bill passed by Congress and signed into law by President Trump revokes Federal Communications Commission (FCC) regulations preventing Internet Service Providers (ISPs) from monitoring their users’ internet traffic and sharing that usage information with advertisers.
ISPs will now be allowed to gather such information without the express consent of their customers.
A well-crafted VPN is particularly good at hiding browsing and other internet activity from the prying eyes of hackers, ISPs (as mentioned above), the government and other bad guys. A VPN cloaks your internet activity, making it look like a single connection to one address. This makes a VPN an excellent tool for hiding your activity from your ISP.
A VPN also encrypts your connection, adding an additional layer of protection from nosy neighbors. Even if an outsider could tap into your VPN connection, they would be faced with a secure level of encryption, making it much more difficult for them to monitor and steal the data being sent and received via the connection.
Anyone who makes regular use of public Wi-Fi hotspots should always use a VPN connection to protect their connection. Otherwise, you might as well go from table-to-table and hand out your credit cards one-by-one.
3 Access Geo-Restricted Content and Bypass Censorship
By allowing users to appear as if their internet connection originated from another region, a VPN enables users to access content that might be either restricted geographically or censored by a restrictive government.
Users can make use of a VPN to access geo-restricted content – such as Netflix, Hulu, Pandora and other streaming services – that, due to contracts with content owners, only offer certain content within certain count
VPNs also allow internet users in countries ruled by oppressive regimes to access websites and other content that wouldn’t normally be available to them due to government censorship.
This includes countries such as China and its “Great Firewall of China,” which blocks access to websites and services like Facebook and other social networks.
4 Download Files from P2P/Torrent Sites
Everyone pretends they don’t do this, but torrenting is one of the top reasons for using a VPN connection. A VPN connection keeps your file-sharing connections completely private. What your ISP can’t see, they can’t report.
VPNs can also be useful for perfectly legal file sharing. Some ISPs throttle P2P traffic on their networks. Again, if your ISP can’t see what you’re doing, they can’t throttle you for it.
What Type of Security Does a VPN Offer?
A Virtual Private Network offers data connection protection via any of a number of secure tunneling protocols. The protocols encrypt the network traffic so that, even if the traffic is sniffed out at the network level, all anyone who analyzed the network packets would see was encrypted data.
VPNs can offer the following types of security (listed in order of quality of protection):
OpenVPN, while not as fast as other protocols, offers improved security. The protocol is the default for many currently-available VPN services and their associated apps. OpenVPN is definitely the protocol to use if it is available for your setup.
OpenVPN makes use of open-source technologies, including the OpenSSL encryption library and the SSL v3/TLS v1 protocols. OpenVPN can be configured to run over any port, which allows OpenVPN traffic to appear as standard HTTPS traffic. This makes it impossible for ISPs and governments to easily block the connection.
2 Secure Socket Tunneling Protocol (SSTP)
SSTP makes use of the HTTPS protocol over TCP port 443. This allows traffic to pass through firewalls and web proxies that might block PPTP and L2TP/IPsec traffic. It is a proprietary Microsoft protocol.
SSTP is integrated in the Windows operating system as of Windows Vista Service Pack 1 and later. This offers stability for Windows users, as it is built into the platform. The protocol offers abilities similar to OpenVPN, but it’s mostly just for use on Windows.
3 Layer Two Tunneling Protocol/IPSec (L2TP/IPSec)
L2TP as a VPN protocol offers no encryption of its own. Therefore, it is usually paired with IPSec encryption. L2TP/IPSec offers encryption for multiprotocol traffic that can be sent via point-to-point delivery.
As it uses UDP port 500, it is impossible to disguise – making it easier to block.
4 Point-to-Point Tunneling Protocol (PPTP)
PPTP allows internet traffic to be encrypted and then encapsulated in an IP header to be sent across a public IP network such as the internet. PPTP works well with remote access and site-to-site VPN connection applications.
PPTP should be avoided if at all possible. While it is a popular protocol, and has been around since the WIndows 95 days, it is that early time of development and lack of strong encryption that makes it a lesser choice among modern protocols.
TL;DR version: If OpenVPN is available, always use it. If you’re on the Windows platform, and OpenVPN isn’t available through your VPN provider, use SSTP. As for the other two protocols, always use L2TP/IPSec over PPTP, which should be avoided if at all possible.
What to Look for in a VPN Provider
It seems as if a new VPN provider appears on the scene almost daily. There are a number of fine VPN providers out there, just as there are also a number of fly-by-night operators.
When searching for a VPN provider, you need to keep a number of important requirements in mind. You’ll want to keep in mind that a VPN provider should offer a good balance between ease of use and security. If possible, give up a bit of the ease of use in favor of better security.
1 Server Locations and Availability
A VPN provider should, preferably, offer a large number of connection options, with a larger number of server connections, available in as many countries as possible.
The higher the number of connection locations, the better the chance you’ll find a service that will offer good protection, as well as good performance – providing a high-speed connection for a more satisfactory internet experience.
2 Simultaneous Connections
Another consideration when deciding on a VPN provider is the number of simultaneous connections the provider allows you to make.
While it’s possible you might only be using the VPN on your laptop or mobile device, extra connections would allow business associates or family members to connect at the same time.
3 Look for OpenVPN
Keep in mind that OpenVPN is usually only available on desktop versions of VPN applications. For mobile devices, most providers still only offer L2TP/IPsec.
4 No Bandwidth Throttling
Make sure the VPN provider you’re considering doesn’t throttle your bandwidth. In today’s world of streaming video and audio, teleconferencing and other bandwidth-hungry applications, unlimited bandwidth is more important than ever.
Also, make sure the provider allows P2P and torrenting. You never know when you might need that.
5 No Logs!
While most VPNs don’t keep activity logs of any kind, there are still some that do. There is no reason for a VPN who is truly privacy-minded to keep logs of your online activity. A reputable VPN provider should have no interest in keeping track of your internet usage.
A lack of usage logs also means if the government or a content provider comes-a-knocking on the VPN provider’s door, they won’t be able to furnish any logs that could be used against you – for the simple fact that there aren’t any logs to hand over!
6 A Kill Switch
If your main reason for making use of a VPN is anonymity, you’ll also want to make sure that any provider you consider offers a “kill switch.”
A kill switch automatically shuts down a connection if the VPN connection fails. This keeps your computer from defaulting to an unprotected open internet connection, possibly leaving your connection open to prying eyes.
7 Anonymous Payment Methods
If you’re simply looking to use a VPN to protect yourself from hackers on unprotected Wi-Fi hotspots, or you want to ensure that you’ll be able to access online content or web services while traveling internationally, almost any type of payment option will likely be acceptable.
All VPN providers that I have tried offer credit/debit card, PayPal and other popular payment methods.
However, if you’re looking to keep your internet usage as anonymous as possible, paying by credit card or PayPal just won’t do it for you, as both leave a payment trail to follow for anyone looking to figure out who you are.
Luckily, a growing number of VPN providers offer payment via cryptocurrency, such as Bitcoin. By using Bitcoin, alongside a disposable email address, there will be no way for anyone to make a connection between you and your VPN provider subscription.
Another anonymous payment option that is growing in popularity is the retailer gift card option.
A number of VPN providers will allow you to make use of an unused balance on a retailer gift card from such major stores as Walmart or Target (or even Starbucks) to pay for VPN subscriptions. It’s a great option for privacy-minded individuals who lack a cryptocurrency account.
Still Can’t Decide?
If you’re still having issues deciding on which VPN provider to use, make sure to check out my complete reviews of the top 10 VPN providers, which are available on this website.
If you’re pressed for time, I’ll share my top 3 choices with you here.
#1 – ExpressVPN
ExpressVPN (full review here) offers an efficient, secure VPN service. The provider features apps for most major desktop and mobile computing platforms. I found the connections offered by ExpressVPN were speedy and reliable.
This particular provider is based in the British Virgin Islands. While the British Virgin Islands are considered a British possession, they are not governed directly by the folks back in the United Kingdom, and at present they are not bound to the rather privacy-indifferent laws of the U.K.
ExpressVPN also keeps no logs of a user’s online activity, making it perfect for those users who are concerned with online anonymity. Even if the provider was asked to turn over usage logs, they couldn’t – because they do not exist.
While ExpressVPN’s pricing could be better, I am also a believer in the adage “you get what you pay for.” The service offers excellent connection quality, a wide variety of server locations around the world and excellent customer support.
ExpressVPN provides a variety of payment options, Bitcoin included, so anonymous payment is available for those concerned with such things.
#2 – NordVPN
NordVPN (full review here) provides solid connections with excellent speeds. The provider offers support for the major desktop and mobile platforms. NordVPN offered 1,109 servers in 61 countries at the time of this writing.
NordVPN is based in the country of Panama and is subject to the privacy-friendly data retention laws of that country. Panama does not require VPN providers to keep logs of their customers’ online activity. NordVPN keeps no logs of this type, and as such couldn’t be compelled to turn over any information of this type.
This provider allows usage of P2P and Bittorrent connections via their VPN servers, but restricts such traffic to servers they have specifically set aside for that purpose.
NordVPN is among the pricier VPN options available, but offers excellent connections, and their customer service is second to none.
NordVPN provides a variety of payment options, including Bitcoin and the ability to make use of the unused balances on retailer gift cards you might have lying around the house. Both are excellent options for users concerned with keeping their identities completely under wraps.
#3 – VyprVPN
VyprVPN (full review here) offers great service at a reasonable price. It even provides a free 1GB try-before-you-buy offer. At the time of this writing, it offered 200,000+ global IPs and 700+ VPN servers in 70+ locations across 6 continents.
One thing I remember particularly liking about the service was that it offered a free messaging app that provided end-to-end encryption of all text messages. Using the app doesn’t require a subscription to VyprVPN, which is nice.
VyprVPN is based in the privacy-friendly country of Switzerland, so it is not subject to the data retention laws many European countries slap down on online businesses these days. The company says it keeps no user or activity logs of any kind.
The provider offers apps for the usual suspects, on both desktop and mobile platforms. It provides OpenVPN protocol on most of its apps.
VyprVPN says it’s cool with its subscribers using P2P and BitTorrent connections via their servers and doesn’t monitor any such traffic. However, they will terminate users who are repeat copyright infringers (due to complaints from content copyright holders.)
While VyprVPN offers a good number of payment options, Bitcoin and retailer gift card payments are not included among them. So, users interested in complete anonymity will be required to look elsewhere for their VPN needs.
How Can I Be Sure My VPN Connection Is Secure?
If you are expecting to rely on a VPN service to help protect your online privacy, you’ll want to ensure your VPN provider of choice does a good job keeping your internet connection under wraps.
If a VPN provider doesn’t offer full protection, or if your VPN connection is incorrectly set up, you could be leaking data, making you vulnerable to online eavesdropping and monitoring by hackers, ISPs, governments and other bad guys.
Luckily, there are many ways for you to confirm that your connection is properly secured. A few visits to a handful of websites can tell you if your VPN provider is offering the protection you’re paying for.
When conducting the following tests, it is advised to use the OpenVPN protocol for your VPN connection if it’s available on your computing platform. OpenVPN offers the best level of protection currently available.
Test #1: The “IP Address Leaks” Test
The first test to run when making sure your VPN connection is working properly is to check your IP address.
Your device’s IP address can disclose your location to anyone who is attempting to track your internet connection. A working VPN connection will mask your actual IP address and will display the IP of the VPN server you are currently connected to.
I suggest making use of websites such as IP Chicken and What Is My IP Address for checking your IP address, masked or otherwise. Both websites can also be handy if you need to find out your current IP address for troubleshooting in the future.
The first screenshot below shows what information is revealed about my IP address by the “What Is My IP Address” website when I am not using my VPN provider. As you can see, it accurately shows my IP address, the name of my Internet Service Provider, and the city and state I am currently visiting.
The second screenshot, to the right, was taken after I routed my internet connection through my VPN provider’s servers. As you can see, it now appears that I am hundreds of miles away, somewhere in St. Louis, Missouri. That’s some quality IP-masking right there, folks!
If the IP Address Test shows leaks, make sure to check that your VPN service is actually activated, and that you’re connected to the service. Run the test again. If you still show a leak, shut down everything on your computer or device, restart the device, reconnect to the VPN service and try the test again.
If you still show a leak, contact your VPN provider’s customer support, ask if the issue is with their service and ask them to check their system.
If they refuse, or cannot remedy the issue, close your account and ask for a refund. Try another VPN provider.
Test #2: The “DNS Leaks” Test
Another important thing to check for while testing your VPN connection are DNS leaks.
A DNS leak is an issue with a VPN connection that leads to a loss of online privacy due to its sending DNS queries over unsecure links instead of the VPN connection.
A DNS query is what happens when you type in the name of a website, such as Facebook.com. That name is sent to a DNS server, which translates that hostname into an actual IP address, which is then used to connect to the requested server.
When you are connected to the internet via a VPN connection, it is vital that all of your traffic, including these DNS inquiries, go through the encrypted VPN tunnel, as unprotected DNS inquiries can reveal your online activity if they are “leaked.”
The first screenshot shown below is my usual internet connection, without the benefit of a VPN connection. I use OpenDNS as my DNS server in place of my ISP’s often unreliable DNS servers.
As you can see, it shows all of my DNS requests are being routed by the OpenDNS servers.
The screenshot below shows what my queries look like when routed through my VPN provider. As you can see, there is no match to my unprotected connection details in the previous screenshot. That’s what we want to see.
If your tests show DNS leaks, follow the same steps I laid out above for the IP Address Leaks Test.
Test #3: The “P2P Torrent IP Address” Test
Let’s be honest: many of you are going to be using a VPN connection for P2P and torrenting. While a good amount of P2P file sharing is used for peer-to-peer sharing of perfectly legal files, there are those users who occasionally enjoy downloading a file or two that may not normally be available to the public.
These folks, possibly fans of a baseball team in Pittsburgh, will not want their Internet Service Provider, or certain content copyright holders, to notice they are downloading said content via their actual IP addresses.
Let’s say this section is for those people. Not that any of them are reading this article at this particular moment…
Running a P2P Torrent IP Address Test will display the IP address that is being used to download a file from a Torrent source. If you are connected via your VPN app, then the test should show the IP address of your VPN’s server, and not the one your local router has to your ISP.
For this test, I used the Torrent Address Detection function at ipleak.net. You’ll need to scroll down the screen in your browser a bit to find it. Click the “Activate” button you’ll see there and follow the on-screen instructions.