Debugger

Why VPNs Are Suddenly Everywhere, and How to Pick the Best One

Is a ‘private’ internet connection really worth it?

IfIf you’ve listened to a podcast lately, you might have noticed that the ads for Stamps.com and internet-order mattresses have been superseded by endless advertisements for virtual private networks (VPNs), all explaining how important it is to get a secure connection of your own.

VPN companies promise to help protect you, but how can you know which of the many available services are trustworthy? And why the heck do you suddenly need one?

First, the reason there are so many ads is that running a VPN can be a highly profitable business. All it takes is setting up a bunch of servers, in different locations, which are shared across hundreds of users and cost a few hundred dollars to operate. Then just sit back and watch the subscription fees roll in.

But doing a VPN right isn’t so easy.

Some quick background: You might already be familiar with a VPN if you’ve worked in a corporate job. A company’s VPN will usually allow you to remotely connect to the tools you use for your job as if you were sitting in your seat at the office.

Think of connecting to a VPN like teleporting from one internet connection to another. When I’m on a VPN, instead of connecting to Medium.com as Owen in Amsterdam, it looks like I’m Owen from New York or Owen from Toronto. A VPN makes it appear, to anyone who’s observing, that you’re accessing the internet from another computer, not the one in front of you.

Plenty of prying eyes can monitor what you do online, from the internet service provider (ISP) you’re paying to take you online, like Comcast, to the cafe Wi-Fi you’re leeching from — and it’s hard to be sure that any of those parties can be trusted. With a VPN, the internet provider or Wi-Fi company can’t tell where the traffic is from or where it’s headed. To them, it just looks like a blob of anonymous data, headed off to a server.

Paid VPN services offer features like the ability to route your traffic through a network in the country of your choosing, which is handy if you really want to watch HBO and it’s not available in your country. (Though note that content providers like Hulu will sometimes block VPN servers; quality VPN providers will refresh their offerings to help you avoid this.) Some services offer more on top, such as blocking ads before they load, or further anonymizing you.

Some VPNs pose as a way to get a secure connection, but actually log everything you do for marketing purposes.

Here’s the thing: It’s 2019 and there are fresh privacy scandals all the time. Handing over access to your raw, unfiltered traffic is one of the best ways for advertisers and bad actors to learn almost everything about you. And that leads to an important question to ask yourself before you pick a VPN service: “Is this company actually helping my data be more secure, or am I exposing myself to someone else monitoring me instead?”

As with everything online, there are plenty of scams masquerading as legitimate services. Some VPNs pose as a way to get a secure connection, but actually log everything you do for marketing purposes. And because VPN providers can see the traffic you send through their services, some may monitor your traffic and sell your browsing history to advertisers, in secret, to make more money. This is common among cheap or free services.

Facebook, for example, operated a VPN service called “Onavo” that was basically a virus. The social giant reportedly used it to suck up data about teens and use that information to clone or acquire its rivals. According to BuzzFeed, monitoring Onavo traffic helped Facebook measure WhatsApp’s popularity, and led to its ultimate acquisition in 2014 for $19 billion. (In response to these reports, the company said, “Market research helps companies build better products for people. We are shifting our focus to reward-based market research which means we’re going to end the Onavo program.”)

If you’re using a VPN that’s monitoring you, it’s probably not worth it in the first place. Cough up the money for a legit service. Here are the most important factors to check:

  1. Who owns the VPN service, and is it the only product they offer? If it isn’t immediately apparent who’s running the service, that’s a red flag.
  2. Where are the VPN service’s servers hosted? This is an important question, because you’ll probably want options for connecting to specific countries.
  3. Does the VPN service log any data, and for how long? A paid VPN service that cares about privacy should log as little information as possible, so that you aren’t exposed retroactively should they suffer a security breach in the future. Setting this up correctly is quite difficult, so the company should have a clear policy about what it logs, why it does so, and for how long.
  4. What country is the VPN service founded in? Is that country a part of the Five Eyes, Nine Eyes, or 14 Eyes spying agreements, where countries — led by U.S. authorities — work together to collect data on internet users in secret?
  5. Is this VPN service using modern encryption technology that will actually hide your traffic? This might include things like SSH tunnels, which mask your habits.

These are only basic questions, but as with all internet-connected things, your own choices about security will fall on a spectrum. My tolerance for risk is likely to be different from yours: I’m worried about angry readers or a rogue nation-state who might be annoyed about what I write and want to retaliate, so I’m willing to go through a lot of research and hassle to protect myself.

If you’re worried about getting HBO outside of the U.S., or entering your banking password on free Wi-Fi — and you should be worried — that means a different set of risks. You should think about who you’re trying to protect yourself against, and what risks are acceptable in exchange for convenience — a VPN that’s ultra-secure but impossible to use may not be what you’re looking for.

Meanwhile, Googling “the best VPN” won’t cut it, because most of the top results are actually a list of affiliate links, which gives the writer a cut if you sign up after clicking.

But there are independent services that collect worthwhile information and help you sort through it without affiliate links.

That One Privacy Site, for example, provides a detailed collection of VPN services around the world and measures their record on an incredible amount of metrics, while explaining why you should care about each. A quick scan of the list for the service you’re considering will help you understand what they’re actually protecting you against — or where you might be exposing yourself to unacceptable risk.

If that’s still a bit too much work for you, the next best resource is the Wirecutter’s ultimate guide, which is backed by the New York Times, and touts extensive research with thousands of data points, focusing on the best balance of privacy and security.

Just give me a recommendation already!

I wasn’t going to leave you hanging! I’ve read many reviews, checked the data, and decided for myself already — so here are my top picks if you just want a decent VPN service. These aren’t affiliate links, and neither I nor OneZero will financially benefit from your choice.

Best all-round: NordVPN
It’s consistently one of the best-reviewed VPN services. It’s based outside of U.S. jurisdiction in Panama, it hosts its own servers, uses proper encryption technology, doesn’t track user activity — and, crucially, it’s not a nightmare to use.

Out of all the VPN services I’ve used, NordVPN has a good balance of handy features — including the ability to block ads while you’re connected — and a serious amount of servers to connect through, with multiple available in each available country.

The company’s fees are a little higher than average, at $11.95 per month, but they get cheaper the longer you commit — it’s about $6.99 per month if you pay for three years up-front.

Easiest to use: IVPN
For most people, a VPN is a tool that should be easy to use and then forgotten about. IVPN, which is also recommended by Wirecutter, fits the bill. It’s simple to use regardless of platform, and it gets the job done.

While it doesn’t tick every box in terms of the balance between privacy and security, it covers many of the ones that count while balancing transparency in a way I haven’t seen with other services. It’s public about its ethics, who works there, and how it handles your data.

IVPN is a bit costly at $15 per month, or $5.83 with an annual commitment, but again, you get what you pay for.

Create your own VPN
If you know your way around computers and don’t want to trust some random company, I’m with you — sometimes it’s important to roll your own.

The good news is that it’s become really easy to generate your own ultra-cheap VPN in a few clicks, thanks to a project from Google’s parent company, Alphabet, called Outline. It’s intended to help protect journalists, but it’s free to use and ultra-simple to set up.

With Outline, you’ll have control of the VPN server that your traffic is sent through, but that means you’ll need to set it up, as well. You can do this for just $5 per month on a service like DigitalOcean, and Outline provides a one-line copy-and-paste tool to get set up.

It’s incredibly powerful to control your own server, because you know where the data will end up. But that comes at a cost: You need to keep it up to date, and you won’t have the freedom to switch countries on the fly, as you would with something like NordVPN. But sometimes the tradeoff is worth it — and at $5 per month, it’s a great option for those who have the time and skills to set it up.

Privacy is hard work

Getting a VPN doesn’t need to be difficult, but advertisements that imply they’ll help magically fix privacy concerns are misleading at best, so I find myself suspicious of any VPN company with enough money to spend on splashy podcast ads.

You absolutely should get a VPN for yourself, even if it’s just for occasional use, but it’s important to know what’s going on behind the scenes. It can seem like a hassle, but VPNs are an incredibly useful tool for avoiding censorship, tracking, or just getting around country restrictions when you need to.

All it takes to make a better informed choice is a little bit of research. You’re doing yourself a favor, and it won’t come back to bite you later.

Developer, accidental wordsmith. OneZero columnist trying to debug the why behind tech news. Follow: https://twitter.com/ow Blog: https://char.gd

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store