As people become increasingly more aware of how many people want to get their hands on their personal data, more and more of them are turning to virtual private networks (VPNs) to improve their online security and privacy. VPNs can protect you against hackers (or anyone else trying to snoop on your information) by securing the Wi-Fi networks you use and encrypting your personal data.
Beyond increasing your privacy and security, the best VPNs also help you unlock entire realms of content online by getting around geo-restrictions. Plus, they can help stop bandwidth and data throttling, reveal the cheapest deals on the internet and so much more. With all the features, you may be wondering how exactly VPNs are able to do all this.
VPNs are able to provide all these services thanks to crucial pieces of tech, like protocols and encryption, and you'd be forgiven for not being familiar with these. Unless you're a tech expert, chances are you haven't heard of them before. In this article, I'll explore how VPNs work, as well as sharing my personal favourites.
Top 3 VPNs in 2024
What does a VPN do?
There are a lot of VPNs available on the market, but they all work in pretty much the same way. As I mentioned earlier, VPNs are software-based tools that provide an end-to-end encrypted tunnel between your device and a VPN server. This routes your traffic away from your internet service provider's (ISP) servers and through its own.
In this tunnel, any web traffic sent to and from your computer is encrypted, all the time. A VPN will also hide your internet protocol (IP) address. This means that cybercriminals, government agencies, your ISP, and other nosy third parties won’t be able to intercept your personal data, track what you're doing online, or determine your location.
It's also worth noting that VPNs know how to have fun, too. Most services have a global network of servers – connect to one, and you can spoof your location to bypass geo-restrictions and unblock online content that would normally only be available in a specific country. I'll cover this topic in more detail a little later – but, basically, VPNs are a streamer's best friend.
What is VPN encryption?
One of the most important functions of VPNs is their ability to encrypt personal data and web traffic. Using encryption technologies, VPNs ensure that credit card numbers, passwords, messages, transaction history, browsing data, and other sensitive information travels through an encrypted tunnel in undecipherable code.
How does this work in practical terms? Well, if you log into your email account, the request will be communicated to the VPN service. After establishing a connection between your device and the VPN server, the VPN then sends your login request to the VPN server through an encrypted tunnel.
Once your request lands on the VPN server, it sends the data to your email provider's server, still encrypted. The email grants the request and returns the data back to the VPN server. At this point, the VPN server also re-encrypts the data and sends it to the VPN service, where the data is deciphered and passed on, finally, to your device. It's sort of like a digital relay race – and your data is the baton.
This might seem like a long and complicated ordeal, especially as your data is encrypted and decrypted at every step of the process, but Surfshark points out that every step "happens in a second" – and sometimes "in a fraction of a second" if you have a fast internet connection. Plus, the majority of VPNs, including the most secure VPNs, use one of the most robust encryption methods available: AES-256.
What are VPN protocols?
Another important piece of the VPN puzzle are the protocols. Essentially, they're commands and processes that decide how web traffic travels from one server to another within an encrypted tunnel.
There are lots of VPN protocols out there, but the most common are:
- Secure Sockets Layer (SSL)
- Transport Layer Security (TLS)
- Point-to-Point Tunneling Protocol (PPTP)
- IP Security (IPSec)
- Internet Key Exchange (IKEv1 or IKEv2)
- Layer 2 Tunneling Protocol (L2TP)
- WireGuard
- OpenVPN
VPN services are constantly evolving, though, and protocols become outdated as quickly as new ones enter the picture. NordVPN believes every protocol is imperfect, explaining that "each may have potential vulnerabilities, documented or yet to be discovered, that may or may not compromise your security".
NordVPN says every protocol provides a "different solution to the problem of secure, private, and somewhat anonymous internet communication".
Most of today's top VPN providers use OpenVPN and WireGuard as their protocols of choice seeing as they’re highly secure and generally pretty fast. VPNs allow users to switch protocols too – so, if you prefer one over the other, it's not a problem. All you'll need to do is head into the settings menu of your VPN app and make your choice.
Being aware of these different protocols is important because they often determine the overall speed, security, and privacy of your VPN service. Using an outdated VPN protocol could put your data at risk.
Basically, OpenVPN, WireGuard, and proprietary protocols like ExpressVPN's LightWay and Hotspot Shield's Catapult Hydra are widely regarded as safe, with IKEv2 also being used by the best mobile VPN apps. Other protocols have their uses, sure, but if you're using a modern VPN (and you want the best balance of speed and security), you'll want to stick with these tried and tested options.
How do VPNs unblock streaming sites?
VPNs can do way more than just encrypt your data, however. With the help of the best streaming VPN, you'll also be able to access all sorts of streaming platforms, and their region-locked libraries, without being hampered by pesky geo-restrictions.
Check out our guide to the best Netflix VPNs to see which provider is your best streaming buddy.
The how is pretty straightforward. Most premium VPNs have thousands of servers dotted across the globe. Take your pick of these servers, connect to one, and you'll be given a new IP address based in that same location. This is what fools sites into thinking you're there, too, and means you’ll be able to access country-specific services.
For example, if you're in the UK and want to check out what’s on US Netflix, you'll need to connect to a VPN server in the US. Then, reload Netflix, and the site will see that you're connecting from a US IP address and think you're in the States, too. You'll be served up all the best American Netflix content on a platter – simple.
How VPNs work – in a nutshell
A VPN redirects your traffic away from your ISP's servers, sending it through its own servers, instead. At the same time, the VPN encrypts the traffic, ensuring that nobody can read it even if it's intercepted.
VPNs use several protocols to transfer your data, with OpenVPN and WireGuard considered today's gold standards.
While VPNs primarily protect your sensitive data, plenty of people use them to unblock streaming content from around the world, too. This is possible thanks to global networks of servers, owned by a particular VPN provider. You can join a server overseas, be assigned an IP address in the same location, and trick sites into thinking you're physically, there, too.
Tom's Guide VPN rankings
There are a lot of VPNs on the market – and putting them all to the test would take more time than anyone realistically has. Luckily, that's exactly what we do here at Tom's Guide. Me and the rest of the team have ranked the industry's top providers (and some honorable mentions) in the table below.
FAQs
How do VPNs keep me safer online?
So, a VPN boosts your security when you're online by encrypting the data you send, keeping it safe from prying eyes. Your ISP can see that you're connected to a VPN (or, at least, that you’re connected to an encrypted server somewhere), but the data traveling through its systems will be encrypted, so the ISP won't be able to make any sense of it.
As a result, your ISP won't be able to leverage your data for its own ends – like selling it on to advertisers or giving up details to authorities if requested.
VPNs can also keep you safe when using unsecure public Wi-Fi hotspots – the kind you find in hotels, cafes, and airports. These hotspots are handy, sure, but they lack security measures, making them hotbeds of cybercriminal activity. With a VPN, though, your data will remain encrypted and unreadable to nefarious hackers.
Are VPNs illegal?
The short answer is: no. VPNs are perfectly legal in the vast majority of countries – but there are a few exceptions. Some regimes have banned VPNs, with China being the obvious example that springs to mind, but even in this case, it's unclear how this might be enforced, particularly in the case of, say, a traveler using a VPN when visiting the country. There are no reports of any visitor ever being arrested for using a VPN in China.
The main takeaway here is that any activities that are illegal when you’re not using a VPN are still illegal when you are.
What can’t a VPN hide?
A VPN can keep your internet traffic safe from snoopers, but there are a few things that it can’t disguise entirely – like the device you're using. Sites can use browser fingerprinting to collect data about your operating system and browser type to pinpoint your device type.
What's more, your VPN provider itself can, potentially, check out what you do online. Some services log your activity – which, obviously, is less than ideal. To avoid this, you'll need to choose a secure VPN that sticks to a no-logs policy – which prevents it from holding on to information about your browsing.
How do sites know I’m using a VPN?
The IP addresses that a VPN gives you, when you connect to one of its servers, are shared amongst its user base. That means that you could, in theory, be assigned the same IP address as someone else. The shared nature of these addresses means that some sites have wised up to the fact that they belong to VPNs – and then, unfortunately, they block them.
This isn't always the case, though, seeing as most sites won't care too much if you’re using a VPN. Besides, blocking, banning, or otherwise acting against everyone with a VPN would be a massively expensive and time-consuming process.
