When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.
(Image credit: Shutterstock)
More and more people are using virtual private networks (VPNs) to improve their online security and privacy – which isn't surprising when you consider how many opportunistic cybercriminals are out there. VPNs encrypt your personal data, secure the Wi-Fi networks you use, and even protect against hackers.
That's not all, though – the best VPNs also allow you to unblock geo-restricted online content, stop bandwidth and data throttling, find the cheapest deals on the internet, and so much more. However, you might still be wondering how a VPN does all of this – and you're not alone.
VPNs use a lot of crucial tech, like encryption and protocols, that you might not be familiar with (unless you’re an undercover tech expert). Here, I'll explore how VPNs work and suggest a few of my personal favorites.
Written by Written by River Hart Tech Software EditorRiver helps take care of cybersecurity content on Tom's Guide – ranging from breaking news pieces, reviews, and buying guides.
NordVPN is super secure, fast and unblocks just about every streaming service you can think of. All this, plus all its added extras makes it the best VPN overall.
You can choose to just sign up to the VPN, or upgrade your subscription to give you an internet security suite, with secure cloud storage, a password manager and even cyber insurance. You'll also get a 30-day money-back guarantee on all plans, and if you subscribe now you'll even get a free Uber Eats voucher – tasty.
2. The best VPN for beginners: ExpressVPN
ExpressVPN is great for those new to VPNs, with apps that are easy to use. It can also unblock any streaming platforms you can think of, and has great connection sppeds.
Though it's not the cheapest VPN available, you can try ExpressVPN for yourself with a 30-day money-back guarantee, and bag an extra 3 months free, and a year of free backup software from Backblaze, when you sign up for a 12-month plan.
3. Our top pick for a cheap VPN: Surfshark
Surfshark gives you excellent privacy and super fast connection speeds for a very friendly price, making it a great choice for you if you're more budget-conscious.
Not only this, but it offers servers in 100 countries, allowing you to access your favourite content no matter where you are. Plus, it's currently costs just $2.29 per month, with 2 months free.
There are a lot of VPNs available on the market, but they all work in pretty much the same way. As I mentioned earlier, VPNs are software-based tools that provide an end-to-end encrypted tunnel between your device and a VPN server. This routes your traffic away from your internet service provider's (ISP) servers and through its own.
In this tunnel, any web traffic sent to and from your computer is encrypted, all the time. A VPN will also hide your internet protocol (IP) address. This means that cybercriminals, government agencies, your ISP, and other nosy third parties won’t be able to intercept your personal data, track what you're doing online, or determine your location.
It's also worth noting that VPNs know how to have fun, too. Most services have a global network of servers – connect to one, and you can spoof your location to bypass geo-restrictions and unblock online content that would normally only be available in a specific country. I'll cover this topic in more detail a little later – but, basically, VPNs are a streamer's best friend.
One of the most important functions of VPNs is their ability to encrypt personal data and web traffic. Using encryption technologies, VPNs ensure that credit card numbers, passwords, messages, transaction history, browsing data, and other sensitive information travels through an encrypted tunnel in undecipherable code.
Get instant access to breaking news, the hottest reviews, great deals and helpful tips.
By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.
How does this work in practical terms? Well, if you log into your email account, the request will be communicated to the VPN service. After establishing a connection between your device and the VPN server, the VPN then sends your login request to the VPN server through an encrypted tunnel.
Once your request lands on the VPN server, it sends the data to your email provider's server, still encrypted. The email grants the request and returns the data back to the VPN server. At this point, the VPN server also re-encrypts the data and sends it to the VPN service, where the data is deciphered and passed on, finally, to your device. It's sort of like a digital relay race – and your data is the baton.
This might seem like a long and complicated ordeal, especially as your data is encrypted and decrypted at every step of the process, but Surfshark points out that every step "happens in a second" – and sometimes "in a fraction of a second" if you have a fast internet connection. Plus, the majority of VPNs use one of the most robust encryption methods available: AES-256.
Another important piece of the VPN puzzle are the protocols. Essentially, they're commands and processes that decide how web traffic travels from one server to another within an encrypted tunnel.
There are lots of VPN protocols out there, but the most common are:
VPN services are constantly evolving, though, and protocols become outdated as quickly as new ones enter the picture. NordVPN believes every protocol is imperfect, explaining that "each may have potential vulnerabilities, documented or yet to be discovered, that may or may not compromise your security".
Unpacking protocolsNordVPN says every protocol provides a "different solution to the problem of secure, private, and somewhat anonymous internet communication".
Most of today's top VPN providers use OpenVPN and WireGuard as their protocols of choice seeing as they’re highly secure and generally pretty fast. VPNs allow users to switch protocols too – so, if you prefer one over the other, it's not a problem. All you'll need to do is head into the settings menu of your VPN app and make your choice.
Being aware of these different protocols is important because they often determine the overall speed, security, and privacy of your VPN service. Using an outdated VPN protocol could put your data at risk.
Basically, OpenVPN, WireGuard, and proprietary protocols like ExpressVPN's LightWay and Hotspot Shield's Catapult Hydra are widely regarded as safe, with IKEv2 also being useful for mobile VPN apps. Other protocols have their uses, sure, but if you're using a modern VPN (and you want the best balance of speed and security), you'll want to stick with these tried and tested options.
VPNs can do way more than just encrypt your data, however. You'll also be able to access all sorts of streaming platforms, and their region-locked libraries, without being hampered by pesky geo-restrictions.
Want to learn more?Check out our guide to the best Netflix VPNs to see which provider is your best streaming buddy.
The how is pretty straightforward. Most premium VPNs have thousands of servers dotted across the globe. Take your pick of these servers, connect to one, and you'll be given a new IP address based in that same location. This is what fools sites into thinking you're there, too, and means you’ll be able to access country-specific services.
For example, if you're in the UK and want to check out what’s on US Netflix, you'll need to connect to a VPN server in the US. Then, reload Netflix, and the site will see that you're connecting from a US IP address and think you're in the States, too. You'll be served up all the best American Netflix content on a platter – simple.
A VPN redirects your traffic away from your ISP's servers, sending it through its own servers, instead. At the same time, the VPN encrypts the traffic, ensuring that nobody can read it even if it's intercepted.
VPNs use several protocols to transfer your data, with OpenVPN and WireGuard considered today's gold standards.
While VPNs primarily protect your sensitive data, plenty of people use them to unblock streaming content from around the world, too. This is possible thanks to global networks of servers, owned by a particular VPN provider. You can join a server overseas, be assigned an IP address in the same location, and trick sites into thinking you're physically, there, too.
There are a lot of VPNs on the market – and putting them all to the test would take more time than anyone realistically has. Luckily, that's exactly what we do here at Tom's Guide. Me and the rest of the team have ranked the industry's top providers (and some honorable mentions) in the table below.
Swipe to scroll horizontallyProvider | Header Cell - Column 1 | Summary |
---|---|---|
1. NordVPN | ⭐⭐⭐⭐½ | An all-in-one security solution that can't be beaten when it comes to sheer speed and ease of use. |
2. ExpressVPN | ⭐⭐⭐⭐½ | Handy automations and one-click connect make ExpressVPN a great pick for beginners. |
3. Surfshark | ⭐⭐⭐⭐½ | The best budget-friendly VPN available today, jam-packed with features and able to unblock most streaming sites. |
4. Private Internet Access | ⭐⭐⭐⭐½ | Ideal for Linux users, thanks to a dedicated GUI, and a no-logs policy that has been proven in court twice. |
5. Proton VPN | ⭐⭐⭐⭐ | A staunch champion of digital privacy, Proton VPN offers battle-tested security tools and a reliable free plan. |
6. CyberGhost | ⭐⭐⭐⭐ | A speedy service with sleek apps for all devices, and a solid all-rounder that won't disappoint. |
7. Windscribe | ⭐⭐⭐⭐ | If you're looking for a free plan, Windscribe delivers with tough encryption and a lightweight Chrome extension. |
8. IPVanish | ⭐⭐⭐⭐ | IPVanish can't quite keep up with my top picks, but still packs a punch when it comes to safeguarding your day-to-day browsing. |
9. Mullvad | ⭐⭐⭐⭐ | Although it's not a great pick for streaming, Mullvad is a privacy-oriented VPN and a cornerstone of the industry. |
10. Hide.me | ⭐⭐⭐⭐ | With plenty of settings to customize, stylish apps, and fair prices, Hide.me is a VPN you'll want to keep an eye on. |
So, a VPN boosts your security when you're online by encrypting the data you send, keeping it safe from prying eyes. Your ISP can see that you're connected to a VPN (or, at least, that you’re connected to an encrypted server somewhere), but the data traveling through its systems will be encrypted, so the ISP won't be able to make any sense of it.
As a result, your ISP won't be able to leverage your data for its own ends – like selling it on to advertisers or giving up details to authorities if requested.
VPNs can also keep you safe when using unsecure public Wi-Fi hotspots – the kind you find in hotels, cafes, and airports. These hotspots are handy, sure, but they lack security measures, making them hotbeds of cybercriminal activity. With a VPN, though, your data will remain encrypted and unreadable to nefarious hackers.
The short answer is: no. VPNs are perfectly legal in the vast majority of countries – but there are a few exceptions. Some regimes have banned VPNs, with China being the obvious example that springs to mind, but even in this case, it's unclear how this might be enforced, particularly in the case of, say, a traveler using a VPN when visiting the country. There are no reports of any visitor ever being arrested for using a VPN in China.
The main takeaway here is that any activities that are illegal when you’re not using a VPN are still illegal when you are.
A VPN can keep your internet traffic safe from snoopers, but there are a few things that it can’t disguise entirely – like the device you're using. Sites can use browser fingerprinting to collect data about your operating system and browser type to pinpoint your device type.
What's more, your VPN provider itself can, potentially, check out what you do online. Some services log your activity – which, obviously, is less than ideal. To avoid this, you'll need to choose a secure VPN that sticks to a no-logs policy – which prevents it from holding on to information about your browsing.
The IP addresses that a VPN gives you, when you connect to one of its servers, are shared amongst its user base. That means that you could, in theory, be assigned the same IP address as someone else. The shared nature of these addresses means that some sites have wised up to the fact that they belong to VPNs – and then, unfortunately, they block them.
This isn't always the case, though, seeing as most sites won't care too much if you’re using a VPN. Besides, blocking, banning, or otherwise acting against everyone with a VPN would be a massively expensive and time-consuming process.