What are VPNs — and why would I use one?

Welcome to Threat Intel’s #WednesdayWisdom column, which aims to help improve your cybersecurity knowledge and keep you informed on important developments.

Online privacy has been in the spotlight recently.

Law enforcement and governments taking aim at end-to-end encryption, and rule changes in the U.S. that allow internet service providers (ISPs) to sell your data without asking for your permission, mean people are becoming increasingly worried about maintaining the privacy of their data and communications.

One way to give yourself an extra layer of privacy is by using a virtual private network (VPN).

Privacy concerns are often the primary reason why people use VPNs

What is a VPN?

You might have heard of VPNs before, but do you know what they are?

A recent survey by Norton looking at people’s online habits found that almost one third of those surveyed had never heard of a VPN, and only a quarter used one when using Wi-Fi.

When you use a VPN you connect to the internet via a server that is run by your VPN provider. All the data that travels between your device and this VPN server is encrypted and secure.

VPNs are used by many people for many different reasons.

Many corporations use VPNs to allow their employees to securely access the company’s intranet while they are working remotely. So, an employee can connect to the company’s VPN and access their work email and other services as though they were in the office. Using a VPN helps to keep any sensitive company data safe, making it difficult for hackers to access. Many companies insist that employees use VPNs to access things like their work email or any shared networks.

However, using a VPN because you are obliged to in order to access your work emails from home is far from the only reason people use these encrypted networks.

Why do people use VPNs?

People use VPNs for myriad reasons.

· Some people use VPNs to add an extra layer of security to the privacy of their private communications. Privacy has become a bigger issue for a lot of people in recent times as concerns grow about hacking and government monitoring of communications. The previously mentioned law that now allows ISPs in the U.S. to sell information about customers’ browsing history without their express permission, for example, worried a lot of people. Using a VPN hides a lot of your online activity from your ISP — all they can see is that you are connected to the VPN server.

· In certain countries in the world, such as China, many people use VPNs to avoid censorship of sites such as Facebook and Twitter. China’s internet censorship is infamous, and is often referred to as the Great Firewall of China, so VPN use has historically been high in the country. However, the populous country’s government has been cracking down on VPNs recently, with a recent move effectively banning the use of VPNs on mobile phones. Russia is also taking steps to ban them.

· A popular use of VPNs is people wanting to “geo-spoof” their location in order to access content that is denied to them in their actual location. Many people use VPNs to access services such as the BBC iPlayer, or a specific country’s Netflix offering. However, Netflix, in particular, has cracked down on people using a VPN to watch its programs when they are in other countries, and many VPNs no longer allow you to access Netflix.

“Geo-spoofing” their location in order to access services like the BBC iPlayer is one reason why some people use VPNs

· Many people use VPNs to ensure they have a secure connection if they are using public Wi-Fi in places like hotels, coffee shops, or airports. Using a VPN in these circumstances means that your internet activity is protected from prying eyes, even if a hacker has managed to compromise the unsecure Wi-Fi network you’re using. Interestingly, the above-mentioned Norton survey also found that 87 percent of those questioned admitted to taking security risks while using public Wi-Fi, for example by logging into their email, social media, or bank accounts.

· People also often use VPNs in an attempt to shield their identity if using things like torrent sites to download copyrighted content etc. However, some VPNs do not allow access to torrents on their service.

Not all VPNs are created equal

There are many VPN services out there, so it can be difficult to choose the one that is right for you, but there are some things to keep in mind.

Everyone likes something that is free, and there are many “free” VPN services out there, however, it’s important to remember that few things are ever really free, and when signing up for any service you should always read the small print.

VPN services are often expensive to run, so these free services have to make money somewhere, and often it is by selling users’ data. There are reputable free VPN services out there, but generally they only offer a limited service, although that may be all that is required by some users. Be very wary of free VPN apps that you have never heard of as these could turn out to be scam apps that may compromise your device.

Paid for VPNs are generally fairly cheap (costing as little as a few dollars per month), so it is probably better to pay a modest fee for a reputable service than run the risk of using a free one that could compromise your device or privacy. If you do use a free VPN, ensure it is a reputable one that explains clearly how it monetizes its services.

However, even VPNs you pay for are not always infallible, and some are better than others. One of the most important things to check when you are deciding which VPN you should use is whether or not the VPN provider keeps logs of user activity. This is a particularly relevant point if you are using the VPN in order to keep your online activity private from government or law enforcement. If a VPN provider keeps usage logs they could be one day compelled to hand them over to law enforcement, so if you are serious about protecting privacy then a “no logs” provider is the way to go. The only way to know whether or not a VPN provider truly keeps no logs is by trusting what they tell you, but as many of these providers have built their reputation on ensuring users’ privacy it is unlikely they would run the risk of one day having to hand over user information and ruin their business’ reputation.

Keep in mind that data protection rules in some countries require VPN providers to keep logs for a certain amount of time, so if you want to choose a “no logs” VPN provider then ensure they are not based in any of those countries.

Privacy-conscious VPNs will also use shared IPs, where several users are assigned the same IP address, meaning that matching internet behavior with one specific individual is difficult, even if a provider does keep usage logs.

Another feature that privacy conscious VPN users would want in their VPN is a “kill switch”. VPNs can occasionally drop out, potentially exposing your real IP address if your computer stays connected to the internet during the drop out. However, one way to guard against this is to ensure your VPN has a kill switch, which will shut down your internet connection when it detects a VPN dropout, or prevent any internet traffic leaving your computer outside of your VPN connection.

Pros and cons

You should weigh up the pros and cons before purchasing a VPN

So, there are many things to consider when it comes to choosing a VPN, but it is also important to consider whether or not you really need to use one.

Your internet connection will slow down when you are using a VPN. Encrypting and decrypting data requires processing power, which will slow your computer somewhat, and the extra distance traveled by your data (i.e. to the VPN server) will also slow it down. If you are connecting to websites located geographically nearby, and are able to connect to a VPN that is also geographically near both you and the website, then that will keep internet speed reduction to a minimum. While for many reasons this may not always be possible, good advice is to connect to a VPN as near as possible to the website you want to access, and then as close as possible to your own location.

If connection speed is a concern, it’s worth noting that some VPN providers do provide faster connections than others, so check out what others have said about a VPN’s performance before deciding which is the right one for you.

It is also important to note that while VPNs do provide privacy, they cannot guarantee anonymity online, and those who want that should consider using the Tor anonymizing browser, as well as a VPN.

However, for the average user who just wants an extra layer of privacy or to “geo-spoof” their location, a modestly-priced VPN should do the trick.

Just remember to always be aware of scams and stick to established VPNs that have been recommended by other users. Don’t endanger your privacy twice as much by downloading a dodgy VPN that could compromise your whole computer while purporting to offer you privacy.

Check out the Security Response blog and follow Threat Intel on Twitter to keep up-to-date with the latest happenings in the world of threat intelligence and cybersecurity.

Like this story? Recommend it by hitting the heart button so others on Medium see it, and follow Threat Intel on Medium for more great content.