Many people are familiar with using a VPN to connect to work resources such as your email or documents when you're away from the office, but what about ordinary people? Should you use a VPN when you're away from home? What exactly is a VPN and how does it work? How do you choose a VPN? We've rounded up some answers to those questions.
How does a VPN work?
‘VPN’ stands for ‘virtual private network’ and it’s sometimes described as a ‘tunnel’, which is a good metaphor. When you’re in your car on the open road, anyone can see into your windows and see who’s in the car with you, what you’re wearing and where you’re going. But when you go into a tunnel, nobody else can see into your car.
A VPN creates a tunnel to connect you to its server. Anything you do while you’re connected to that server is private. Nobody can see into your car when you’re in a tunnel, and nobody can see what you’re doing online when you’re in a VPN tunnel.
In most cases, when you connect to a VPN, your data is encrypted. That means that even if someone could see the data you’re sending back and forth between the server, it would be scrambled and they wouldn’t be able to make any sense of it.
When you connect securely via the tunnel to the VPN’s server, it then sends what you want to do online – check your bank account, access office resources, do online shopping, send emails – out from its end. That means it stands between you and the internet: it replaces the IP address of where you’re connecting from with one it gives you, thus hiding where you are and making it look as if you’re connecting from somewhere else.
Do I need a VPN?
Maybe. It depends on who you are and what you’re going to be doing online. Most ordinary people probably don’t need one for ordinary tasks, but if you’re connecting to the office, your IT department might well insist on you using a VPN.
If you’re abroad and want to access content that’s banned or just not available where you are, you’ll need a VPN. For example, you won’t be able to access social media or some western news websites from China. Or if you’re on holiday and want to be able to access the UK version of a streaming service, you choose a VPN that makes it look as if you’re at home in the UK.
Activists concerned that their online activity could be tracked and put them at risk need a VPN, and they particularly need to choose one carefully: not all VPNs are created equal.
Even when in Britain and just checking in on social media, it’s a good idea to use a VPN if you connect to public wi-fi (see our feature in the August 2018 issue of Which? Computing for more information on using public wi-fi safely).
What can’t a VPN protect you from?
For most people, a carefully chosen VPN is good enough to give you some privacy in your browsing. But there are a few things a VPN can’t protect you from, and if you need deeper cover than a VPN can provide, you’ll need to take some additional steps.
A VPN doesn’t prevent tracking cookies – you’ll need an adblocker to stop those. Nor does a VPN disguise your browser’s fingerprint, which websites collect. That’s information about what browser you’re using, which version of it you’re on, any browser extensions you’ve got installed, which device you’re using and which version of which operating system you use. All of that is anonymised, but it is still a unique identifier.
VPNs can also leak your real IP address, perhaps via a poorly coded browser extension or a security exploit. Look for a VPN that has a kill switch, which terminates your connection to the web if the VPN drops.
You can use a VPN on any device – laptop, tablet, phone, desktop. All the main operating systems – Windows, macOS, iOS, Android and Linux – come with VPN software built in, without needing to add any other apps.
Some VPN providers however will want you to use either their own app or a third-party app, so if you choose one that wants you to use an app, make sure it has software for all your devices.
One potential downside of using an app, though, is the data it collects. An Android VPN app could for example collect your GPS position, which could give away your location, or it could collect your phone’s Universal Unique Identifier, which could tell someone who your mobile provider is, what phone you’re using and which version of its operating system you’re on.
Facebook’s Onavo Protect VPN app, for example, allowed Facebook to track how you used your phone outside of Facebook, giving it insights into what other apps you use, your location and your wi-fi and mobile data consumption, for example.
Always check what permissions a VPN app wants when you install it, and make sure it’s not compromising the privacy you need.
Free or paid-for VPNs?
As with any free software, there is still a price to be paid. With VPNs, the price can be the privacy you want to protect.
VPNs will collect logs and data, which can range from bare-bones information about how long you stay connected to details of the device you’re using, which websites you visit via the VPN, which IP address you connect from, the IP address the VPN assigns to you while you’re connected, details of files you’ve downloaded and where you downloaded them from.
The best VPNs collect the bare minimum and delete them as soon as possible. Free ones, however, are less scrupulous about what they collect and how long they hang on to those logs. And free VPNs can also sell on details of your browsing to advertisers.
You will get a better connection with a paid-for VPN: it won’t eat up bandwidth by showing you ads, and will offer higher speeds, fewer bottlenecks and either no cap or a much higher cap on how much browsing you can do.
Free VPN apps can also carry malware and viruses – always let your antivirus software scan an app before you use it.
The choice is yours, but security experts always advise paying for a VPN.
For Which? lab tests and further advice, click here.