VPNs are privacy tools that funnel their users’ data through specially-designed servers before it reaches the internet, concealing their Internet Protocol (IP) address in the process. The most secure VPNs also add encryption to the mix and offer supplementary security features to keep users safe.
VPNs have a variety of use cases, from protecting journalists working under authoritarian regimes and unblocking censored content, to helping movie buffs unblock streaming services that restrict the films users can watch by location.
VPNs like Surfshark provide additional security tools, multiple VPN protocols, and a huge, wide-reaching server network made up of thousands of servers. In this guide, we cover exactly what a VPN is, explain how the technology works, and reveal what features and functions you should look for when choosing a VPN.
What Is a VPN?
VPN stands for virtual private network. In a nutshell, a VPN is a privacy tool that masks user IP addresses, shielding them from any organization or individual trying to track their internet activity and/or collect their personal data. This includes most websites, marketing companies, governments, and cybercriminals.
Around one-third of all internet users (31%) use VPNs, which is a total of 1.6 billion people. There are four different types of VPNs and they have different use cases, both from a business and a consumer standpoint. In this guide to VPNs, we’ll discuss all of them.
How Do VPNs Work?
Think of VPNs as a security conscious middle-man between your device and the internet, encrypting your data and enhancing your privacy whenever you connect to one.
When you’re using an internet-connected device or application, every website you visit collects data about your digital footprint, whether it's checking the final score of a basketball game or using social media sites.
One of the key bits of information collected is your Internet IP address. Why? Well, when you click on a link to a website in the Google search results, what you’re actually doing is sending a “request” to the website’s server (i.e. “please show me your home page”).
The server then uses your IP address to know which device on the internet to send that data to, just like home addresses are used by the postal services to get your mail to you every day.
🔎 Want to browse the web privately? 🌎 Or appear as if you're in another country?
Get a huge 86% off Surfshark with this special tech.co offer.
However, your IP address contains information about your location – often quite specific information – and can be used to track your internet activity. VPNs mask your IP address by funneling your data through one of their encrypted servers before it reaches any websites or servers connected to the internet.
This means that websites you visit will see the VPN server’s IP address when you're connected to it, rather than yours. This is why VPNs are useful for streaming content from the services you subscribe to, no matter where you are in the world.
If you pick a server in back in your home country where you want to stream from, the service will think it's business as usual, even if it normally geo-restricts its content. In other words, Americans can still tune in to Hulu and UK residents can still watch BBC iPlayer, even when they're travelling.
The downside to VPNs is that you’re making your data go a slightly longer journey when it reaches the internet, which is why VPNs tend to have a small but negative impact on connection speeds. With providers like Surfshark and NordVPN, however, it’s effectively unnoticeable.
There are, however, a couple of instances where using a VPN might actually increase your speed. For instance, if you’re playing a video game and you connect to a VPN server closer to your gaming server than your real location, you might be able to reduce your ping time.
Below is an example of a standard head-to-head speed test pitting ExpressVPN vs NordVPN that Tech.co conducted recently:
If your VPN is too slow or you're experiencing other speed-based VPN issues, simply try and connect to another server – it might be a little less busy. Closing and re-opening your VPN app is another quick fix that will help you get back up and running.
I've been testing and using VPNs for several years now, and if you're concerned about speed, Surfshark, NordVPN and ExpressVPN are your best bets. Having used all three extensively – as well as many of their competitors – I find they have the least impact on internet speeds out of the industry's major players. Importantly, they're also reputable providers that adhere to the latest encryption standards and the most secure VPN protocols.
A lot of free VPNs market themselves as speedy alternatives to heavyweight VPNs, but often, this is because they aren't really doing what a VPN is supposed to do at all. The only reason some of these companies can guarantee their quick speeds is because they're not implementing all of the security measures that providers like NordVPN are.
Different Types of VPNs
There are four main types of VPNs: Consumer VPNs, Site-to-Site VPNs, remote access VPNs, and mobile VPNs. Here's a quick rundown of what they do and how they differ from one another:
Consumer or general-purpose VPNs are the most common type of VPN you’ll run into – you’ve probably heard of the likes of NordVPN, ExpressVPN, and Surfshark, which all have widely downloaded, reliable consumer offerings.
Consumer VPNs provide a simple encrypted connection between your device and a server before they funnel your data onto the internet. They’re designed for personal or family use, rather than for businesses, although freelancers, journalists, and activists use them for work.
Remote access VPNs
Remote Access VPNs connect client devices – such as those used by employees working from home – to company servers. This ensures there is a secure connection between employees and company resources, even if they’re using their home Wi-Fi network.
This type of VPN is sometimes referred to as a Client-to-Site VPN as it connects different clients (i.e. staff members) to a site (i.e. an office).
Site-to-site business VPNs connect multiple local area networks (LANs) together – such as the ones that will be used by different office branches. They are sometimes called Router-to-Router VPNs or cloud-based VPNs.
This type of VPN functions by connecting different networks through VPN gateways, encrypting the data that travels between them in the process. This means that individual devices don’t need VPN software to be protected.
Mobile VPNs are effectively consumer VPNs for your mobile. These VPNs are more lightweight than standard desktop offerings and sometimes features are omitted. When using a VPN on mobile, there are different considerations than when using one on a laptop.
For example, some VPNs have had problems with their kill switch function on iPhones, because the device is built to not let other apps meddle with the internet connection.
Common VPN Protocols
Protocols are effectively sets of rules that, in the context of network computing, determine how data is transferred between devices. A relevant example is the Internet protocol, which determines how data is routed across the Internet and why we all have an IP address.
VPN protocols are used to govern the transfer of data through virtual private networks. Different VPN protocols have different levels of encryption and provide varying levels of stability, and some provide a faster connection than others. They run on top of two foundational protocols used across the internet:
- Transmission control protocol (TCP): focuses on reliability over speed
- User datagram protocol (UDP): focuses on speed over reliability
Here are the main VPN protocols that you’ll run into while you’re using consumer VPN devices like Surfshark, ExpressVPN or NordVPN, which let you choose between different protocols depending on your use case.
5 VPN Protocols Explained
IKEv2/IPsec: A secure VPN protocol developed by Microsoft that is known to be particularly useful for mobile devices. IKEv2/IPsec doesn’t use up much bandwidth, and uses UDP to minimize latency. Unlike OpenVPN, however, strict licensing means you cannot simply audit this protocol.
WireGuard: A recently developed VPN protocol with fewer lines of code and state-of-the-art cryptography, making it quicker, less vulnerable to exploits, and less reliant on codebase audits. WireGuard only uses UDP.
SSTP: A closed-source VPN protocol, also developed by Microsoft, that implements the AES-256 encryption standard and is therefore secure. It’s known for being hard to block and can help users bypass firewalls, and uses the TCP port by default.
PPTP: Compared to WireGuard, this is an ancient protocol. As it’s been around for so long, it’s not considered anywhere near as secure as some of the other protocols mentioned in this article. However, as its codebase is more rudimentary, it’s one of the fastest. However, most VPN companies no longer off it due to security considerations.
VPN Encryption Standards
The VPN protocols listed above utilize various encryption methods and techniques within their rulesets. However, VPNs also deploy their own encryption standards in order to ensure their users’ data is kept safe and hidden from whoever is watching.
The encryption standard that is currently seen as the baseline encryption standard for VPNs to use is called AES-256 encryption – this is the same standard used by the US government.
There is no known technology currently capable of cracking networks secured by AES-256.
The “256” is related to the encryption key size – there are 2^256 combinations (2 to the power of 256) which means you’d need more computing resources than currently exist on earth to run through them all. In theory, this encryption standard could be cracked – as can all encryption standards – but it would take millions upon millions of years to do this, so it's effectively foolproof.
VPN Features and Functionality
When you use a consumer VPN like ExpressVPN for the first time, you’re going to see a lot of components and features you’ve probably never seen in a software tool before. However, you'll soon realize that they're pretty simple apps.
Although most top-tier VPNs have some of their own, unique features. For example, NordVPN has an Onion-Over-VPN feature that will hook your VPN up to the Tor network and make your connection even more private. Here, we'll discuss some of the foundational, core features that any VPN worth its salt will provide.
A kill switch is a function included in the vast majority of VPNs. When turned on, if your VPN connection drops, the VPN will ensure your internet connection drops with it.
This means that you’ll never spend any time disconnected from your VPN and still on the internet. VPN connects sometimes drop at random if you lose connection to the server, and if you don’t have your kill switch on, this will expose your real IP address.
In ExpressVPN's desktop app, you can turn on the provider's “Network Lock” feature by checking the box next to the sentence “stop all internet traffic if the VPN disconnects unexpectedly:
ExpressVPN's settings page. Source: Tech.co.
A VPN with a split tunneling function will let you funnel some of your traffic (such as traffic from certain apps or browsers) through your VPN, while other traffic remains unencrypted.
This is sometimes used to speed up a VPN if it's slow – the less data you’re sending through it, the less work it actually has to do. However, it does take a while to properly configure split tunneling settings in most top VPN software apps.
All VPNs provide their users with a server list to choose from. In 2023, most VPNs have a smart selection tool that will recommend the best server based on capacity and speeds. Some VPNs provide specific servers with certain IP addresses that are optimized to unblock different streaming services.
How to access streaming servers in CyberGhost. Source: CyberGhost.
It's really important to look closely at a VPN's server list if you want a proper idea of the kind of infrastructure they're running. For instance, Private Internet Access has over 35,000 servers – many more than NordVPN or Surfshark – but almost half of them are based in the USA, meaning it'll be a lot easier to stream American content than anything else.
DNS leak protection
Domain name systems (DNS) on the internet translate human-generated, plain text queries (such as searching “NBC News” on Google) into IP addresses, which are used to ensure that internet-connected devices receive the correct information. DNS leaks are a way your information can be exposed while you're using a VPN via these types of requests.
A DNS leak can occur if your DNS requests are inadvertently sent to a server that isn't hosted by your VPN provider of choice, such as one owned by your ISP. Leaks also occur if your DNS requests aren't passed through a VPN tunnel and therefore aren't encrypted. Reliable VPNs mitigate this, however, by blocking DNS requests that aren't sent to their own servers.
Good VPNs will provide you with a crystal-clear no-logs commitment, which effectively means that they won’t keep any logs of your activity while you’re connected to their servers, including website traffic and your IP address. However, they will naturally hold things like your email address that you need to sign in.
VPNs that have such a commitment usually put it front and center of their brand marketing – beware of any VPN that isn’t explicitly touting its own no-logs policy – if the provider you're considering has one, you'll know about it. Companies like NordVPN often submit themselves for independent audits of their infrastructure to enforce their no-logs claims.
The Lowdown on VPN Servers
VPN servers will advertise often that they have “X number of servers in Y number of countries” – but, if you’ve used a VPN for a while, you’ll know these numbers often change.
This is because they are part of a VPN server network, which has to be constantly monitored and maintained. The largest consumer VPN networks consist of thousands of servers across a variety of different countries and territories.
Owned vs rented networks
Some VPNs own their networks, including the servers themselves, while other countries rent them. VyprVPN has tight control over its network, owning and maintaining the whole thing, including the spaces where it keeps servers.
This has some advantages. It’s considered more secure for a VPN company to do this in most instances because it means no third-party employees will have access to the servers. If a VPN company is simply renting space in a server farm, the owner of the server can let whoever they want into the building – including the authorities.
However, VyprVPN is a lone star in this regard in a heavily crowded VPN market. Almost all top VPNs rent at least some proportion of their network infrastructure from third-party companies, be it physical spaces or servers.
Bare metal vs shared servers
The best VPN companies will ensure all of their servers are bare metal. They will either own these servers outright or rent these servers from a third-party company. A bare metal server is home to only one tenant (in this case, a VPN company) and isn’t shared with any other company. The rest of the server, then, is just “bare metal”.
Shared servers are, as the name suggests, servers with more than one tenant or company using them. These aren’t commonly used by well-known VPN companies. Bare metal servers are considered more secure than shared servers as shared servers have other entities, organizations, and stakeholders who could argue that they have a right to access the server.
RAM vs disc-based servers
Most top VPNs now run diskless servers powered by Random Access Memory (RAM). In RAM servers, user data isn’t written to computer disks and is completely wiped every time the server powers down because RAM requires power to store data.
Previously, most VPNs ran on disk-based servers, which are nowhere near as secure because data is written to something physical (i.e. the disc) and the owner would have to continually wipe it in order to keep their no-logs promise.
Virtual servers vs physical servers
When you connect to a VPN server, it's almost always located in the country that the software says it is located in. If you connect to a VPN in San Francisco, for instance, it’s probably going to be in a server farm somewhere in the city.
However, some VPN companies also deploy virtual servers. ExpressVPN says around 5% of its throughput goes through virtual servers. Virtual servers perform in the same way that physical servers do, but they’re often not located within the country – it’s just a server with the relevant IP addresses, located somewhere else in the world.
In the wake of India passing a far-reaching data collection law that would have required VPNs to hand over customer data, ExpressVPN – as well as many other mainstream VPN companies – have upped sticks and left the country.
However, you can still connect to an India server with ExpressVPN, but as the company explains on its website, these servers are actually now located in Singapore and the United Kingdom.
Advantages of VPNs: Why Should I Use a VPN?
Using a VPN has a myriad of advantages. Of course, the first is the increased privacy it brings. If websites and other entities are unable to see your IP address, it’s a lot harder to track your traffic and data online. Importantly, VPNs are a relatively cheap way to do this.
The other big advantage is the ability to access a much wider range of content. If you pick a VPN like ExpressVPN, which has servers in more than 90 countries, you’re going to have a lot more choices when it comes to journalism, TV shows, and movies.
Many top VPNs like Surfshark and NordVPN offer a variety of other security features too, such as malicious website warnings and ad-blocking functions. So, you’re not just getting a VPN, you’re also getting a much more multi-faceted security tool.
Virtual private networks actually provide a defense against the bandwidth throttling techniques internet service providers often implement to slow down the speeds of people using. If your ISP can’t see it’s you doing, it won’t throttle your bandwidth.
How to Choose the Right VPN
When choosing a VPN, the most important think about first is your use case. If you just want to use it to stream sports or movies, and you live in a country like the United States, you’re going to want to go for speed over security. In this case, it might be worth looking at Smart DNS services too, because they also help you spoof your location but don’t encrypt your traffic.
Another consideration is how many people will be using your account, and/or how many devices you want to protect. Some VPN providers like NordVPN will let you connect up to six devices per subscription, while Surfshark offers unlimited simultaneous connections.
If you’re like many millions of people across the world who don’t want to be tracked or surveilled while they’re on the internet, then you’re going to want to opt for a really secure provider. The best VPN providers will:
- Implement the AES-256 encryption standard
- Have submitted itself for independent audits
- Provide multiple protocols for you to choose from
- Not have servers in countries with data collection laws (e.g. India)
- Offer features like a kill switch for maximum protection
- Have detailed, crystal clear No Logs & privacy policies
- Maintain servers in a wide variety of territories
- Have a clean track record when it comes to data breaches
- Provide some sort of round-the-clock (24/7) support
VPNs You Should Avoid
An important thing to remember is that not all VPNs are the same – just like other software, some providers are more secure than others. That means there are some VPNs you should definitely avoid at all costs.
Although there are some good free VPNs and free versions of paid VPN services, most free VPNs should be treated with caution. Their goal is to get people to sign up, rather than retain users, and as they don’t charge subscription fees, there’s very little motivation for them to properly maintain their server infrastructure and stay up to date with the latest security developments.
Some free VPNs – like Hola VPN – can barely be described as VPNs, and there’s evidence that they collect user data and use it for advertising processes. Other VPNs, like SuperVPN, have suffered from damaging data breaches.
Final Thoughts on VPNs
VPNs are one of the easiest ways to enhance your privacy online. In 2023, reliable consumer VPNs are available for a couple of dollars a month, while business VPNs that connect staff devices and different branches together are more widely used than ever.
VPNs are used every day to secure company resources, stream TV shows, reduce ping time on video games consume independent journalism without fear of reprisal from authoritarian governments.
However, it’s important to remember that while a VPN certainly makes your internet experience more private, it doesn’t make you anonymous – it helps obfuscate and obscure your traffic, rather than wipe it from the face of the earth.