What is a VPN?
Estimated read time: 13 minutes
Click here for a summary
Consumer-facing VPN companies love to use scary marketing and technical jargon to convince people that they need a VPN to stay safe online. In reality though, most people don't need a VPN; especially not one that they're connected to 24/7. But how does a VPN work, and when should you actually use one?
How Does a VPN Work?
VPN stands for Virtual Private Network. A VPN is a piece of software that routes all of your internet traffic through the VPN provider's servers, encrypting it between you and the provider, before forwarding your traffic to its intended recipient. You can think of it like passing a note signed "from your secret admirer" to a friend and asking them to give it to your crush. As long as you trust your friend to keep their mouth shut, your crush has no idea who their secret admirer is.
Definition: Encryption is fancy math that jumbles up data, making it impossible for anyone to decode it except for you and your intended recipients.
This has two primary effects. Firstly, it can prevent your internet provider or any other nosy people on the same unsecured WiFi network from viewing your activity online (more on that later). All that they see is nonsense encrypted traffic between you and your VPN provider. Secondly, it prevents the websites and services you visit online from figuring out your location. If you visit this website while connected to a VPN, then the website owner has no way to know your actual location; only that you connected via a VPN server.
The Benefits of VPNs
Clearly, VPNs have some good use cases. Perhaps the most popular mainstream use case is to bypass Geo-restricted content. For example, accessing Japanese Netflix while living in the U.S., visiting adult websites in regions where they are banned or require photo ID, and accessing banned or filtered sites and services in authoritarian countries.
It is worth noting that because this blog is focused on security for the average person, that last point about circumventing government censorship will not be a big focus for the rest of this article. However, it is perhaps the most important use case for a lot of people. VPNs should not be discounted as just tools for criminals, as they are invaluable for journalists, activists, and oppressed people around the world.
The next use case is included for educational purposes. Of course, we cannot and will not endorse piracy - it's illegal. Make good choices, dear reader.
Another popular use case is piracy. Depending on the method used, downloading pirated content can publicly expose your location, enabling law enforcement to identify you and, depending on the laws in your region, send you a fine. Some internet providers will also shut off your internet access if they believe that you are engaging in piracy. However, routing your traffic through a VPN separates your activity from your location; the operators of the websites you visit have your activity, but not your location, while your internet provider has your location, but not your activity.
The last mainstream use case is what the technology was originally intended for: providing remote access to a private network. This is primarily used by companies to give remote employees secure access to company resources. You, the individual, don't generally need to worry about this use case.
As an IT administrator myself, it is worth mentioning to always keep work and personal technology separated. If your company has a VPN, do not install it on personal devices. Company-managed VPNs usually allow the IT team to monitor your activity online. Similarly, do not sign in to personal accounts or apps on work devices. Always assume that your company's IT team has full remote access to modify, monitor, and wipe company-managed devices.
Up to this point, VPNs probably sound like a no-brainer; why wouldn't you use one?
The Drawbacks of VPNs
Security
VPN ads often tout the security benefits of using a VPN. In particular, they make it seem like your internet provider and any nosy person on the same WiFi network as you could steal your passwords and view your online activity. In reality though, this has been a widely-solved problem for over a decade.
HTTPS - the Hypertext Transfer Protocol Secure - may sound familiar from links you've seen or shared online. It sits at the beginning of the URL, like here: https://youtu.be/dQw4w9WgXcQ. HTTP - the Hypertext Transfer Protocol (not secure) - is the protocol that powers the internet, allowing your browser (like Google's Chrome or Apple's Safari) to talk to websites. HTTPS wraps your traffic in a layer of encryption, ensuring that your activity online is only visible between you and the websites you visit.
According to Google's browser, Chrome, as of January, 2026, over 95% of activity from users uses HTTPS. All modern browsers use HTTPS by default - not just Chrome - and will warn you before visiting a website that either doesn't support HTTPS, or has improper support. Most apps even use HTTPS and other secure protocols behind the scenes.
Given this, a VPN starts to seem a little redundant. Your internet provider already cannot read your activity online, nor can a hacker on the same WiFi network steal your passwords. Wrapping your traffic in two layers of encryption does not make it inherently more secure.
Privacy
VPN companies also market themselves as champions of user privacy. While this can be true, it comes with several asterisks.
The biggest concern is whether you trust your VPN provider more than your internet provider. Many VPN services promise not to log your activity, but a lot of them do, sharing that data with advertisers and law enforcement.
VPNs also do not inherently provide anonymity. If you sign in to your normal accounts while connect to a VPN, then advertisers like Google and Facebook immediately know who you are. And even if you don't sign in to any accounts, they have a plethora of other tools at their disposal to identify you. Advertisers can use their massive ecosystem of trackers across third-party websites to follow your activity online, despite your VPN connection.
If anonymity is your goal, you'll want to use Tor without signing into any accounts. If your internet provider blocks Tor traffic, you can connect to a VPN first, then connect to Tor. We plan to write about Tor in the future, and will update this blurb with the link when we do. If you'd like to get an email when we do write about it, you can sign up for our newsletter at the bottom of this page.
There is one privacy benefit VPNs can have. Even though HTTPS encrypts your data as discussed in the previous section, your internet provider still needs to route your traffic to the correct location. They cannot see exactly what you're doing, but they can still see which websites you're visiting. With a VPN though, your internet provider doesn't even see which websites you're visiting. This can be useful in some scenarios, like if you really don't trust your internet provider, or to access content or services that are blocked in your region.
DNS: A Side Note
DNS - or Domain Name System - is relevant to this discussion; you can think of it like the phone book of the internet. It's a service usually provided by your internet provider, allowing your devices to translate a domain like youtube.com to the actual IP address where the website is hosted.
Even if your traffic with the website itself is encrypted by HTTPS, your internet provider can still see which domains your device is looking up, giving them a bit more insight into your activity online.
This is not necessarily a major concern, but a good middle ground between no protection and a full VPN would be to manually use a different DNS provider. In no particular order, we like Cloudflare's 1.1.1.1 (free), Quad9 (free), NextDNS (paid; blocks ads), and AdGuard (paid; blocks ads).
Convenience
VPNs can also be inconvenient in day-to-day use. Because they have to encrypt all of your traffic (usually for a second time, due to HTTPS), they often drain the battery on your phone or laptop more quickly throughout the day.
Similarly, because your traffic has to first route through the VPN provider instead of going straight to its destination, VPNs are slower. This is not a problem for web-day-day web browsing and social media scrolling, but it can introduce lag (higher ping/latency) if you are playing online video games.
While they do have good use cases for normal people, VPNs are also popular with scammers. Because of this, many websites will prompt you for human verification more often, either in the form of email confirmation or CAPTCHA tests (the check boxes, "type the letters in the image", and "select similar images" popups). Some websites and services will also outright block known VPNs since they don't want to deal with filtering through safe and unsafe traffic.
Picking the right VPN provider
If you still feel that you need a VPN (a lot of people do!), picking the right one is important.
Trust is everything in this area. You don't want a provider who sells your activity to advertisers, or - if you're engaging in shady activity - rolls over the moment that law enforcement shows up. Search engine results and AI responses can be easily gamed by marketing teams, so it's best to rely on word-of-mouth through forums, trusted friends, and your own research into the company.
Look for providers who have been around for a long time and are popular in privacy communities - not the providers who buy the most sponsorships on YouTube and TikTok. In our humble opinion, providers who engage in minimal, more honest marketing deserve more trust. The misinformation and fear-mongering that mainstream VPN companies rely on is a scummy business practice that should not be rewarded.
Additionally, we prefer providers that don't try to lock you into long-term contracts. Because trust is so critical in this industry, the ability to change providers if your current one starts engaging in harmful business practices is an amazing freedom to have.
The long-term plans are predatory in their own right too. These companies don't discount their 1 or 2 year plans, but instead inflate the price of their monthly plans to make the other options sound like a good deal. They also offer introductory discounts for the first year or two, before renewing at double or triple the price.
Our VPN Recommendations
If you're willing and able to pay, Mullvad is our favorite option. They have a great, proven track record, and their code is open source, meaning that we nerds in the community can pore over their code and validate that we can trust them. Additionally, the company itself runs minimal, honest advertising that does not resort to spreading misinformation or fear-mongering. They have our respect for this.
At the time of writing, they are cheap at a flat $5 per month, no matter what. No introductory pricing, and no double or triple price increase when it comes time to renew.
If you cannot afford a VPN subscription right now, Proton is the only VPN with a free tier that we trust. They've been around for a number of years with a good track record and a friendly user interface. Like Mullvad, their code is also open source, so they can be similarly trusted by the community.
Their free tier does of course have its limits. You can only use one device at a time, your speeds are limited, and you cannot control which location you connect to. While they do engage in long-term contracts and higher renewal prices, they also have paid offerings of course if you would prefer to go that route. If you already use Proton's other services like Mail, Drive, or Calendar, then bundling them all together under their "Proton Unlimited" plan is a pretty good deal.
Closing thoughts
Most VPN companies spend exorbitant amounts of money to scare potential customers into long-term subscriptions that they probably don't even need. Be wary of any and all marketing you see. The advertiser almost always has a strong motivation in getting you to believe what they are saying. Your job is to figure out what that motivation is and making your own educated decision from there.
TL;DR
A VPN encrypts and routes your online traffic through their servers, acting as a middleman between you and the websites you visit. It is primarily useful to access Geo-blocked content by changing where in the world your VPN connection is located, and for hiding behind said proxy when doing unsavory things like pirating movies and shows.
These same properties also enable users to circumvent government censorship, making VPNs a useful tool for journalists, activists, and oppressed people across the world. However, they are only truly useful in these case when used in conjunction with other tools and methods that are out of the scope of this article.
On the other hand, if your primary goal is to protect yourself from hackers, advertisers, and data brokers, it is largely an unnecessary, redundant measure. Nowadays, web browsers and other traffic use secure protocols by default, protecting your traffic from prying eyes.
A more balanced option for those who want a little extra privacy and protection from ads and malware would be to use an alternative DNS provider, such as NextDNS (paid; blocks ads), Quad9 (free), Cloudflare's 1.1.1.1 (free), or AdGuard (paid; blocks ads).
If you do need a VPN, Mullvad is our favorite paid option for only $5 per month. If you need a free VPN, the only VPN provider with a free tier that we trust is Proton. You should be incredibly wary of other VPN providers claiming to offer a free tier; treat them as guilty until proven innocent.