Whether you're in corporate office or home office, on the road or in your home, a VPN is one of the best ways to protect yourself on the internet. How effective are VPNs? What's the best one for you? What are the downsides? Our executive guide will answer all your VPN-related questions -- including a few you probably haven't thought to ask.
WHAT IS A VPN?VPN is an acronym for Virtual Private Network. The purpose of a VPN is to provide you with security and privacy as you communicate over the internet.
Here's the problem with the internet: It's inherently insecure. When the internet was first designed, the priority was to be able to send packets (chunks of data) as reliably as possible. Networking across the country and the world was relatively new, and nodes often went down. Most of the internet's core protocols (methods of communicating) were designed to route around failure, rather than secure data.
The applications you're accustomed to using, whether email, web, messaging, Facebook, etc., are all built on top of that Internet Protocol (IP) core. While some standards have developed, not all internet apps are secure. Many still send their information without any security or privacy protection whatsoever.
This leaves any internet user vulnerable to criminals who might steal your banking or credit card information, governments who might want to eavesdrop on their citizens, and other internet users who might want to spy on you for a whole range of nefarious reasons.
A VPN creates a private tunnel over the open internet. The idea is that everything you send is encapsulated in this private communications channel and encrypted so -- even if your packets are intercepted -- they can't be deciphered. VPNs are very powerful and important tools to protect yourself and your data, but they do have limitations.
HOW DOES A VPN WORK?Let's start with the basic idea of internet communication. Suppose you're at your desk and you want to access a website like ZDNet. To do this, your computer initiates a request by sending some packets. If you're in an office, those packets often travel through switches and routers on your LAN before they are transferred to the public internet through a router.
Once on the public internet, those packets travel through a bunch of computers. A separate request is made to a series of name servers to translate the DNS name ZDNet.com to an IP address. That information is sent back to your browser, which then sends the request, again, through a bunch of computers on the public internet. Eventually, it reaches the ZDNet infrastructure, which also routes those packets, grabs a web page (which is a bunch of separate elements), and sends all that back to you.
Each internet request usually results in a whole series of communication events between multiple points. The way a VPN works is by encrypting those packets at the originating point, often hiding not only the data but also the information about your originating IP address. The VPN software on your end then sends those packets to the VPN server at some destination point, decrypting that information.
One of the most important issues in understanding the limits of VPNs is understanding where the endpoint of the VPN server resides. We'll talk about that next.
WHAT ARE THE TWO MAIN TYPES OF VPNS?Most of us are familiar with the concept of a LAN, a local area network. That's the private network inside of one physical location -- be it a home, a corporate building, or a campus. But many businesses don't run out of one location. They have branch offices, departments, and divisions that are geographically dispersed.
In many cases, each of these offices also has LANs. But how do the LANs connect? For some very specialized solutions, companies lease private lines to connect the offices. That can be very expensive. Instead, most companies opt to geographically connect separated private LANs over the public internet. To protect their data, they set up VPNs between offices, encrypting the data as it traverses the public internet.
This is corporate or enterprise VPN, and it's characterized by the same organization controlling both endpoints of the VPN. If your company controls the originating point (say a sales office) and the endpoint (like a VPN server at your corporate HQ), you can be quite well assured (unless there's a bug) that your data is securely transmitted.
The second type of VPN is a consumer VPN. This is for those of you who compute in hotels or at coffee shops and connect to web applications like social networks, email, banks, or shopping sites. Consumer VPN services help ensure that those communications are protected.
WHAT DOES A CONSUMER VPN SERVICE DO?A consumer VPN service is, fundamentally, a software-as-a-service (SaaS) offering. The VPN service provides a secure tunnel between your computing device (whether laptop, phone, or tablet) and the provider's data center.
This is important to understand. Consumer VPN services protect your transmission from your location to their location, not from your location to the destination application you're using. If you think about it, this makes sense: A consumer VPN service is operated by a completely different company than, for example, Facebook or your bank.
The VPN service gives you an app that you run on your local device, which encrypts your data, and it travels in its encrypted form through a tunnel to the VPN service provider's infrastructure. At that point, the data is decrypted and sent on its way.
Two things happen here: First, if you're using an http connection, your data is encrypted by your browser and then by your VPN app. At the VPN data center, your data is decrypted only once, leaving the original encryption provided by the browser intact. That encrypted data then goes on to the destination application, like your bank.
The second thing that happens is that the web application you're talking to does not get to see your IP address. Instead, it sees an IP address owned by the VPN service. This allows you some level of anonymous networking. This IP spoofing is also used to trick applications into thinking you're located in a different region or even a different country than you are located in. There are reasons (both illegal and legal) to do this. We'll discuss that in a bit.
WHEN SHOULD I USE A VPN?We've already discussed the use of a VPN when connecting offices. Any time you have two LANs that need to link over the public internet, you should consider using VPN technology or an equivalent method of enterprise protection. In this case, the VPN software will probably run in a router, a server, or a dedicated VPN server hardware appliance.
We talked about two use cases above for consumer VPN services: Protecting your data and spoofing your location. We'll talk more about location spoofing later, so let's just focus on data protection for now.
When you're away from home or the office and you connect to the internet, you'll most often be doing so via Wi-Fi provided by your hotel or the restaurant, library, or coffee shop you're working out of at that moment. Sometimes, Wi-Fi has a password. Other times, it will be completely open. In either case, you have no idea who else is accessing that network, and therefore, you have no idea who might be snooping on your traffic.
I recommend always using a VPN when using someone else's Wi-Fi network. Here's a good rule of thumb: If you're away from the office or home, and you're using someone else's Wi-Fi (even that of a family member or a friend, because you never know if they've been compromised), use a VPN. It's particularly important if you're accessing a service that has personally-identifying information. Remember, a lot goes on behind the scenes, and you never really know if one or more of your apps are authenticating in the background and putting your information at risk.
Another reason you might choose to use a VPN is if you have something to hide. This isn't just about folks doing things they shouldn't do. Sometimes people really need to hide information. Take, for example, the person who is worried he or she might be discriminated against by an employer because of their sexual orientation or medical condition. Another example is a person who needs to go online but is concerned about revealing location information to a person in their life who might be a threat.
And then, of course, there are those people in restrictive countries who need to hide their activity merely to gain access to the internet without potentially grave penalties.
ARE THE FREE VPN SERVICES ANY GOOD?There are some good free VPN services, but I avoid all free VPNs.
Why? It costs quite a lot to provide the infrastructure to operate a VPN service, from the network pipes to the servers. That infrastructure has to be paid for somehow. If it's not paid for by user fees, it's likely to be paid for by advertising, data gathering, or some nastier reason.
Here's another reason not to use a free service, and this one is a lot scarier: Malware providers and criminal organizations have set up free VPN services that not only don't protect you but actively harvest personal information and either use it or sell it to the highest bidder. Instead of being protected, you're being plundered.
WHAT'S THE BEST WAY TO CHOOSE A VPN SERVICE?To be fair, not all pay VPN services are legitimate, either. It's important to be careful about which you choose. I've put together an always up-to-date directory of quality VPN providers. Some are better than others (and that's reflected in their ratings). But all are legitimate companies that provide quality service.
Beyond my directory, it's always good practice to Google a company or product name and read the user reviews. If you see a huge number of old complaints or new complaints suddenly start showing up, it might be that there's been a change of management or policies. When I'm looking for a service, I always base my decision partially on professional reviews and partially based on the tone of user reviews.
Finally, be sure to choose a service with the capabilities that meet your needs. You may need one or more features only provided by certain services. So, think through your needs as you make a decision.
CAN A VPN GUARANTEE MY PRIVACY?Oh, heck no. A VPN can help make sure you're not snooped on when connecting between your computer and a website. But the website itself is quite capable of some serious privacy violations. For example, a VPN can't protect you against a website setting a tracking cookie that will tell other websites about you. A VPN can't protect you against a website recording information about products you're interested in. A VPN can't protect you against a website that sells your email address to list brokers. Yada, yada, yada.
A VPN does help protect you in the situations we've discussed in previous sections. But don't expect a VPN to be a magical privacy shield that will keep everything you do private and confidential. There are many, many ways your privacy can be compromised, and a VPN will be of only partial help.
WILL VPN SOFTWARE SLOW DOWN MY COMPUTER?That would be a definite maybe. Here's the thing: Back in the day, the process of encrypting and decrypting packets would take a toll on CPU performance. Most current CPUs are now fast enough that most crypto algorithms can run without much of an impact on processor performance.
However, network performance is another thing entirely. First, keep in mind that if you're using a VPN, you're probably using it at a public location. That public Wi-Fi service is likely to range in performance somewhere between "meh" and unusable. So, just the fact that you're remotely working on a mediocre network will reduce performance. But then, if you connect to a VPN in a different country, the connection between countries is also likely to degrade network performance. Server locations matter.
My rule of thumb is to use a domestic VPN and connect to servers as close to my location as possible. That said, I have had good nights and bad nights getting online. On my recent trip, I found most hotels' networks to become unusable after about 9 pm. My theory is that many of the guests were watching Netflix at that time, completely clogging the hotels' pipes.
DO VPN SERVICE PROVIDERS LIMIT USAGE AND HOW?Some do. Some don't. Look at that directory I mentioned earlier because that's one of the factors where a service might lose some points.
Some VPN services will limit the total amount of data you can send and receive, either in one connection session or over a month. Other VPN services will limit the speed of the data, effectively sharing less of their pipe with you than might be optimal. That could slow your browsing experience to a crawl or completely prevent you from watching streaming video.
Usually, it's the free services that throttle your usage in these ways. Some paid services will offer a trial, where you can transmit up to a certain data cap before being asked to sign up as a paying customer. That's actually pretty cool because it gives you a chance to try out the performance of their service before paying, but it also gives the vendor a chance to make the money necessary to operate the service.
Many VPN services claim that if you pay their fee, they'll provide you unlimited data transmission and won't throttle your speeds. Generally, this is true, but I'll give you my standard "unlimited bandwidth" warning: It's been my experience that when a vendor says something is "unlimited," it's almost always limited. Somewhere, there will be a note in the fine print or terms of service that allows the vendor to limit you in some way. It pays to read those agreements.
HOW PRIVATE ARE VPNS? DO THEY LOG EVERYTHING I DO?In my VPN directory, I tracked two types of logging. The first is whether they log traffic, DNS requests, and IP addresses. This is pretty nasty stuff. If a VPN service logs this, they would have the information you might choose to hide, like sites you visit, locations where you are, and possibly even information you might be sending.
Although the use of these services will still protect you from Wi-Fi spies in your hotel or restaurant, I can't recommend signing up for any service that does DNS, traffic, or IP logging. There are better, more private options.
The second type of logging is more benign. VPN services that log bandwidth usage and connection timestamp data usually do so either to tune their own systems or manage any abuse of their services.
I have less of a concern with services that just monitor bandwidth usage, as long as they don't store any specifics. That said, we gave top marks to those services that don't do any logging. When I choose a VPN service, those are the services I pick for my use.
WHAT DO NET NEUTRALITY CHANGES MEAN FOR MY VPN USAGE?Net neutrality has been severely under fire in the US. The Federal Communications Commission (FCC) has eliminated many of the consumer protections against internet service providers (ISPs) harvesting traffic data and selling that data to advertisers, or worse.
This could be bad. I'm not terribly concerned if Comcast discovers my secret passion for muscle cars and I get more ads for car customizing kits. It might be annoying, but I'm not doing anything I want to hide. Where the problem could occur is if ISPs start inserting their own ads in place of ads by, say, ZDNet. That could cut off the revenue that keeps websites alive, and that could have very serious repercussions.
As for personal use and whether you should use a VPN at home because of net neutrality, I don't think we're there... yet. Certainly, if you're working on confidential information and connecting to work, you should use a VPN. But we haven't yet seen any evidence of ISPs being so intrusive that always-on VPNs are required at home.
Stay tuned to this guide, because if that changes, we'll let you know.
IS IT LEGAL TO USE A VPN?That depends. VPN use is legal in most countries, but, according to VPN provider CyberGhost, VPN use is illegal in the United Arab Emirates, Turkey, China, Iran, North Korea, Saudi Arabia, and Russia. Vladimir Putin has recently banned VPN use in Russia. Also, be aware that the so-called proxy server alternative to VPNs is also illegal in many countries, which consider any form of IP spoofing to be illegal, not just those services labeled as VPN.
Restrictions vary, as do penalties. China allows certain approved VPNs. In the UAE, if you use a VPN, you could go to jail or be fined a minimum of more than the equivalent of $100,000.
Definitely research this before you visit a country. Many travelers mistakenly believe that just because they're not citizens, and all they're doing is linking back to a corporate system, they should be able to have unrestricted use of VPN software. This is a mistake.
The bottom line: Check the laws of the country you're in before connecting. It's also a good idea to check with your VPN provider, both for insight as to whether it knows if there are issues and whether it'll support connectivity from the country you're visiting.
DO I NEED TO USE A VPN IF MY HOTEL HAS A WIRED INTERNET CONNECTION?Yes. It is almost totally unlikely that each room is on a dedicated subnet, so that means packets are traveling across a network shared by other guests. In addition, you never know whether someone in the front office has set up a packet sniffer for the express purpose of mining guest information.
So, yes, use a VPN, even if there's a hard-wired connection to the wall.
WILL A VPN SERVICE HELP ME CONNECT SECURELY TO MY OFFICE NETWORK?If you're trying to connect to your on-premises corporate network, you'll most likely be assigned a VPN application by your IT department. This will allow you to establish a point-to-point connection between your local device and a server owned and operated by your company.
But, if your company is cloud-based, and you're connecting to SaaS applications like Salesforce or Google, you should probably use a VPN service, since you're not actually connecting to your company but instead to a public cloud application.
If your IT department does not specifically identify a VPN service you should use for accessing their public cloud applications, definitely look at our VPN directory and choose one of the higher-rated service providers.
source 
