large image

Trusted Reviews is supported by its audience. If you purchase through links on our site, we may earn a commission. Learn more.

What is a VPN and what is it for?

A VPN (Virtual Private Network) can be used for lots of things, from accessing specific services, to improving user privacy and security. We explain how VPNs work and what to look out for when shopping around.

A virtual private network (VPN) routes all your internet traffic through an encrypted “tunnel”, often used to connect virtually to a business network, secure your internet traffic against snooping, or “region shift” your IP address so that websites and services think you’re in a different country.

The name makes more sense if you consider how businesses use VPNs to allow remote users and offices to connect to a main enterprise network over the internet, securely and as through they were connected locally – thus the name “virtual private network”.

Whatever reason you’re using a VPN, the important bit is the encrypted tunnel. Although most internet traffic these days is encrypted using protocols such as TLS for HTTPS web traffic, your VPN provides an extra layer of security by creating a – sometimes very heavily encrypted and obfuscated – point-to-point link between you and the VPN server, through which your data travels before being sent on to wider internet.

This encrypted tunnel can prevent your online activity from being monitored or snooped on, whether by your ISP (internet service provider) or someone on your local network. And at the other end of the tunnel, you get a completely different IP address, assigned by the VPN endpoint server you’re connecting to. This means that you can appear to be located in a completely different country.

This can reduce your download speeds, but recently some of the best VPN services we regularly test have provided surprisingly speedy data connections.

Kaspersky VPN Secure Connection – 34% Off

Kaspersky VPN Secure Connection – 34% Off

The secure way to enjoy the web without compromising on speed is now 34% off at £34.12 a year, equivalent to £2.84 per month, with coverage for up to 5 devices.

Compatible with Android™ and iOS®

  • Kaspersky
  • Was £52.50
  • £34.12/year (£2.84 monthly equivalent)
View Offer

What are VPNs used for?

In business, VPNs are widely used to allow remote workers to securely access their employer’s office network as though they were physically connected to it.

The most common uses for consumer VPN services are to provide extra security or privacy on public networks and to virtually region-shift yourself for the purpose of viewing foreign streaming content or catching your favourite shows from home when you’re on holiday. Think carefully before doing this, however, as this breaches the terms and conditions of some streaming platforms, including Netflix, and could – in principle – lead to your account being terminated.

Privacy is always a more compelling argument and reason to use a VPN: thanks to end-to-end encryption, it becomes impossible for your network traffic to be monitored from outside your PC. Packet inspection will reveal only incomprehensible strings of encrypted data.

This has obvious advantages if you want an extra layer of security when it comes to, for example, keeping your browsing habits private. This is particularly important on public Wi-Fi networks, where it’s impossible to determine how secure your connection is. It also means services that may throttle or even block your internet traffic based on the kind of data you’re sending – such as some office, mobile and public networks – won’t be able to do so.

While some networks may also block VPN connections either deliberately or as an incidental result of not permitting certain protocols, this is unusual. However, as an extra security feature for those who need to hide the fact that they’re using a VPN, a number of service providers have implemented methods of obfuscating their encrypted traffic. Examples include TunnelBear‘s GhostBear mode, VyprVPN‘s Chameleon mode, and Perfect Privacy‘s StealthVPN mode.

It’s important to bear in mind that, when you use a consumer VPN service, you’re effectively replacing one ISP with another. Your VPN provider is potentially in a position to snoop on your activity, so ensure that your online activities when connected via a VPN match the level of trust you’re prepared to place in it.

A VPN alone won’t get you very much privacy unless you adapt your behaviour accordingly. If you really want privacy, you have to also remember not to sign in to any online services, such as Google, with accounts that might identify you, as simply connecting from a VPN won’t stop your activities from being recorded.

Similarly, any cookies, cache or browsing saved on your PC or phone can still be viewed by anyone with access to that device. See my what is Chrome’s Incognito mode explainer for a bit more on preventing your activities from being stored locally.

What’s the difference between a free and a paid VPN?

Free VPNs range wildly in quality, from poorly secured connections and services explicitly designed to suck up their users’ data for marketing purposes, to – far better – free tiers from reputable consumer VPN providers that wish to provide a useful public service and/or promote their paid-for subscriptions.

While no service that you don’t control can offer guaranteed security, to avoid being ripped off when using a free VPN, stick to free services from reputable companies, such as the ones we test and recommend in our best free VPN guide.

When it comes to reputable free VPN services, expect to see a combination of bandwidth caps, limited endpoint locations and service restrictions. In some cases, you may have to view adverts if you’re using a free VPN, which means that some data may be collected for ad targeting.

Bandwidth caps could be anywhere between 500MB and over 10GB a month. Unlimited services, such as ProtonVPN’s free tier, simply give you access to a much smaller selection of endpoint servers. As well as not providing services optimised for streaming or obfuscated VPN connections, free endpoint servers can become crowded, which means that your connection speeds are often slower than on their paid-for counterparts.

How to set up a VPN connection

All consumer VPN services provide clients to make it easy to connect to them. These usually provide cross-platform support for Windows, Linux, macOS, Android and iOS. Just install the client, sign into your account and connect.

These are usually graphical and share broadly similar interfaces across all platforms, although command-line versions are common among Linux VPN providers. Some VPN providers don’t even require you to sign in to get access to their free tiers and trials, which is handy if you need a throwaway VPN connection in a hurry.

Some, but not all, VPN providers support manual configuration using the tools built into your operating system’s network manager, a generic client, or your router’s VPN configuration page. We detail platform and manual configuration support in our reviews.

For manual configuration, your VPN provider will give you connection profiles, such as L2TP profiles for iOS and OpenVPN or Wireguard profiles for use on desktop PCs or hardware such as routers and NAS devices.

Data retention and the law

If privacy is a key reason that you want to use a VPN, then you should be aware that different service providers have varying policies on logging users’ connection data. In addition, depending on where a company is headquartered, they’ll be subject to different data retention regulations.

Our reviews detail both where each service is based and whether it retains any connection logs. However, logging isn’t the be-all and end-all of VPN security. We’ve restricted ourselves to testing services from reputable companies with a proven track record, but it’s impossible to truly know how much faith can be put in any organisation’s claims about their own logging policy.

In some cases, these assertions have been put to the test. US-based Private Internet Access provided no data to the FBI because it had no logs, and ExpressVPN’s endpoint servers were found to contain no log data when seized by Turkish authorities. Both of these companies have subsequently been bought by the same parent, UK-based Kape Technologies, and it remains to be seen whether this change in ownership results in any practical changes to the way the companies handle logging or demands from the authorities.

Perfect Privacy’s Dutch servers gave up nothing when police seized them, and ProtonVPN was unable to turn over logs in response to a court order because it doesn’t keep any. However, its sister service, ProtonMail, was forced to hand over information about French climate activists following a Europol order honoured by Swiss authorities, despite Switzerland’s generally privacy-friendly laws.

Some VPN providers – including NordVPN, VyprVPN and Surfshark – have also had independent audits carried out to confirm their no-logging status.

Before it was bought by Czech firm Avast, UK-based HideMyAss (HMA), handed over data in accordance with UK law during the LulzSec case. IPVanish, now owned by J2 Global, once handed over detailed user activity information to the US Department of Homeland Security in 2016, despite claiming that it kept no logs. Other “no-logging” VPN firms known to have handed over connection data that identified customers include PureVPN.

It’s still generally held that companies based in countries such as Panama and the British Virgin Islands, whose laws are structured to safeguard privacy, are a better bet than those based in more restrictive nations such as the UK, regardless of logging policy. However, as the market condenses, VPN providers are gradually giving up on these classic low-data tax havens and moving to European headquarters. Once again, it’s hard to predict whether this will make any practical difference to the reliability of their privacy policies.

Regardless of where they’re legally headquartered, you have only the word of the companies in question about what logs they keep. Follow news and reviews about the industry to identify firms with a good reputation, and see if they publish a transparency report or warrant canary to identify how they publicly handle requests from government, the courts and law enforcement.

International access

Since a VPN service allows you to access online content as though you were physically located in a different country, it’s extremely useful if you’re travelling for business and need to access location-restricted services, or if you need to see how and whether a particular website or service works properly for users elsewhere in the world.

With servers in more than 190 countries, HMA is by far the best-equipped VPN provider in this respect, if you ever need to see what your website looks like to users in Burkina Faso or find out the price of a service in a different currency.

Some VPN services can also provide you with a dedicated static IP address of your own in a specific country, making it easier to create a virtual home or office overseas. NordVPN, Private Internet Access and HMA are among those which provide this service.

Most users, however, want to be able to virtually hop around the globe at the click of a mouse. This is most widely used to watch streaming video services from other regions – or, while you’re travelling, to avoid missing your favourite TV programmes from home.

This is frowned upon by international media rights-holders, and streaming services such as Netflix have undertaken increasingly effective efforts to block proxy and VPN services. This is usually done by blocking access from IP addresses associated with data centres.

Region-shifting is a legal grey area that is likely to put you in breach of a streaming service’s terms and conditions, rather than being classed alongside outright copyright theft of the kind involved in, for example, torrenting pirated content. However, torrenting has many legitimate uses, so you’ll find plenty of VPN services that support that, too, including some of our favourites.

VPN protocols

A number of different protocols are used to encrypt VPN traffic. Generally speaking, more heavy-duty encryption means slower speeds and more stress on your processor, phone or laptop battery and so on. The most popular is the open source OpenVPN, which remains the gold standard for security.

The Wireguard protocol is currently also growing in popularity. This relatively new open-source protocol uses fast, strong ChaCha20 encryption. This is a stream cypher, which decodes one bit at a time, rather than a conventional block cypher such as AES (used by OpenVPN) which decodes larger blocks of plaintext at a time. Wireguard is easier on battery consumption and can be faster than OpenVPN, but a number of services that use it, such as NordVPN’s NordLynx, combine it with other technologies to make it more secure.

Other widely-used protocols include KEv2/IPSec and SSTP. Avoid the older PPTP (Point-To-Point Tunnelling Protocol) or vanilla IPSec (without L2TP or IKEv2) unless on legacy systems when it’s the only viable choice.

Kaspersky VPN Secure Connection – 34% Off

Kaspersky VPN Secure Connection – 34% Off

The secure way to enjoy the web without compromising on speed is now 34% off at £34.12 a year, equivalent to £2.84 per month, with coverage for up to 5 devices.

Compatible with Android™ and iOS®

  • Kaspersky
  • Was £52.50
  • £34.12/year (£2.84 monthly equivalent)
View Offer

Performance

VPN performance is affected by such a wide range of factors that it isn’t possible to produce truly conclusive test results. The speed of your own internet connection and user load on your selected VPN endpoint server, as well as the server you’re connecting to beyond that all make a difference. Due to the sheer number of frequently rotated servers provided by most VPN services, comprehensive testing isn’t possible.

However, we run comparative tests on each service from a London-based connection that typically sees reference speeds – downloads from our test servers without a VPN connection – of between 400Mbit/s in the US and 600Mbit/s in the UK and Netherlands.

We test multiple servers from each provider in three locations – the UK, the Netherlands and the USA – and retest any anomalous results. Our core tests focus on HTTP download speeds using curl. Although these figures can only ever be a snapshot of performance at a single point in time, we rely on several years’ worth of past tests to get a more solid picture of a service’s performance and how that changes over time.

The VPN test data used in our reviews is published in full for transparency purposes and may be found at the

Why trust our journalism?

Founded in 2004, Trusted Reviews exists to give our readers thorough, unbiased and independent advice on what to buy.

Today, we have millions of users a month from around the world, and assess more than 1,000 products a year.

author icon

Editorial independence

Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.

author icon

Professional conduct

We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.