If you only do one thing to better protect your online privacy, start using a VPN. A VPN, or virtual private network, is a decades-old technology that was once used mostly by big companies to give employees access to their private intranets. About a decade ago, VPN use grew as techies began embracing the technology for personal use–especially so they could get around geo-blocked services, such as streaming services that aren’t available everywhere. As privacy concerns have skyrocketed in the last few years, VPNs have begun to be adopted by everyday consumers.
As with most things relating to networking, the technical aspects behind how a virtual private network works are complex. In simple terms, a VPN encrypts the network data on your computer so others–such as your ISP or someone snooping on a public Wi-Fi network you’re using–can’t read it. The VPN then routes all your encrypted internet traffic through a secure server before sending it on to the website you want to access. By doing this, it ensures that websites and other online services won’t be able to see your true IP address or know where in the world your computer is actually located; they’ll only see the location of the VPN’s server. That means your true identity, location, and what you do online is–to a large extent–concealed from prying eyes.
The ability of VPNs to protect your privacy are all the more relevant considering that your ISP can now legally record your web activity and sell your history to advertisers and other organizations that want to know something about you. When you are already paying your ISP money to use their service, why also let them take your personal data and sell it? Using a VPN will prevent your ISP from knowing where you go online.
VPNs also make Wi-Fi networks–like the free public ones at coffee shops, for example–much more secure. Using a VPN makes it much harder for hackers, stalkers, and other bad actors to track you and your activity around the web. That’s why a VPN is a staple privacy tool in any journalist’s arsenal–especially journalists in countries that don’t allow an open and free press. VPNs are also used by citizens in countries that restrict access to the larger internet and censor online content, such as China.
VPNs have their limits
As VPNs have risen in popularity among typical web users, they’ve gained an almost mythical status. While VPNs do provide some degree of online anonymity, it’s important to stress that they aren’t magical invisibility cloaks ala Harry Potter. A VPN alone will not magically wipe your online activity from existence.
Even if you use a VPN, any websites that requires you to log in will still be able to track what you do. For example, it’s impossible to hide your browsing activity from Google if you are logged into your Google account–even over a VPN. The same goes for social media sites, shopping websites, and financial sites.
And even though using a VPN will mask your real IP address from websites you don’t log in to, the VPN provider itself must know your real IP address so that its servers know where to direct the data you are requesting. The VPN provider will also probably know your name and address based on your payment information; it could, in theory, identify your online activity if it wanted to–or if it was forced to by a government agency.
This is why any VPN provider worth considering will have a “no logs” policy. That means it will never store logs of your actual IP address or the websites your IP address visited through its servers. With this policy in place, a VPN provider would be unable to turn over your browsing records even if a court order mandated it to do so.
Yes, VPNs are worth paying for
There’s no shortage of “free” VPN services out there–but I would highly recommend avoiding them. Ultimately, VPNs are built on trust. For instance, you’ll never have any way of verifying that a VPN service is being honest when it says it has a no-logs policy–you’ll just need to trust it.
Free VPN providers don’t pay for servers and bandwidth out of the goodness of their heart. Case in point: Facebook used to offer a “free” VPN service called Onavo–but it wasn’t really free. You paid for it with your browsing history. People who used Onavo sent all their web traffic through Facebook’s servers, which the company then mined for data.
Considering that anyone with a little networking knowledge can set up a VPN company and offer service for free, what’s to stop data thieves or hackers from doing just that? Not all free VPNs are nefarious–but if you really want increased privacy, it’s worth paying for a VPN service from a company with a good reputation.
Prices for paid VPNs vary widely depending on the plan you choose and the company you go with. They’re subscription-based services, so you’ll generally be paying a monthly fee, just like you do with Netflix. However, some VPN providers do sell annual installment plans that allow you to pay for a year’s worth of service up front–and usually save quite a bit over the standard monthly cost. In general, expect to pay anywhere from $3 to $10 a month for monthly service or between $30 and $80 a year if you go with an annual plan.
Which VPN service should you use?
I’ll recommend four VPN providers to give you a good place to start looking–but I would suggest you don’t sign up for any of them without researching them yourself and even contacting the companies to clarify their data-retention policies.
One VPN that ranks highly among privacy experts is Private Internet Access. That’s because its promise that it’s a true “no logs” VPN has been tested twice in court. In two separate investigations, one involving a hacking case and the other a hoax bomb threat, government agencies requested information about two of Private Internet Access’s customers. But as court records showed, the company was unable to provide any records. It just doesn’t retain data on user activity.
Speaking of court cases, ExpressVPN is another VPN service that has had its no logs policy tested–this time internationally. In 2017 Turkish authorities demanded the logs of an ExpressVPN user while investigating an assassination. ExpressVPN cooperated with authorities investigating the case, yet could not hand over the requested logs, because no logs were kept–confirming the company’s claims of such a policy.
NordVPN is another highly regarded VPN service. Along with offering a strong no-logs policy, NordVPN allows customers to pay in cryptocurrencies so you can also avoid ever giving the company the standard payment-related details about yourself. Finally, StrongVPN is another highly regarded service, again thanks to a robust no-logs policy.
There are other VPN services that offer no-logs policies too, of course. I encourage you to research as many as you can before making a decision. But no matter what, as hacking and surveillance only become more commonplace, paying for a VPN is the best possible kind of New Year’s resolution.
This article was originally published in December 2018 and updated in September 2020.