◄ page 1CAN I GET AWAY WITH A VPN APP, OR DO I NEED TO BRING MY OWN ROUTER/BRIDGE/DONGLE?Let's talk about what happens when you use a VPN app on your computer or mobile device. Any VPN app will require an existing network connection to be able to connect to the VPN service provider. This means that even if you set your VPN app to automatically launch when your device boots, there will be a period when your computer is connected to the internet directly, not through your VPN.
Some background services can send information across that initial, unsecured connection before the VPN loads. To be fair, the risk is relatively minor for most usage profiles. If you're establishing a connection automatically to your corporate server, you will want to check with your IT team about how they want you to set things up.
If you are interested in an added level of protection, there are intriguing gadgets called Tiny Hardware Firewalls. These devices range from about $30 to $70 and connect via a network port or a USB slot to your laptop. They make the initial network connection, and so your computer's communication is always blocked before it calls out to the internet.
SHOULD I USE A VPN ON MY PHONE OR TABLET?Both Android and iOS come with basic VPN capabilities to allow you to securely connect to your corporate networks. Your IT organization will generally advise you when you should use this feature, but as we've discussed, when away from your home or office, and especially if you're using an open, public Wi-Fi connection, you should.
If you're connecting to web applications like email or Facebook, you should consider using a VPN service -- particularly if you're connecting via an open Wi-Fi network. Most good VPN services offer both iOS and Android clients.
DO I NEED A VPN IF I'M CONNECTING MY PHONE VIA LTE?That depends. Once again, your corporate IT department will let you know their policy for connection directly to their corporate network. Usually, you'll use the VPN client built into your device's operating system for that.
But here's the thing: It's up to how much you trust your carrier, where you're located in the world, and how secure you want to be. In the US, the carriers (net neutrality notwithstanding) can generally be relied upon to provide a secure connection from your phone to their network.
That said, it is possible to compromise wireless phone service with a man-in-the-middle attack. This situation occurs when a malevolent actor places a device designed to confuse your phone and cause your phone to connect to what it thinks is the phone network, but, in fact, it's a device designed for spying.
Outside the US, it depends on what country you're in. If you are really concerned about security, simply avoid bringing any devices into a foreign nation that you intend to use after your trip. Those devices can be compromised in the country or during customs inspections.
Likewise, if you're connecting via a nation's local carrier, that carrier may be intercepting your traffic, particularly if you're a non-native of that nation. In that situation, if you must connect back to applications and services at home, using a VPN is quite literally the least you can do. Also, keep in mind that if you use your phone's hotspot to connect your computer to the internet, you'll want to use a VPN on your computer as well.
Finally, it's worth reminding you, as we covered earlier in this guide, that some countries consider VPN use illegal. If you're planning on traveling, be sure to research local laws exhaustively.
WHAT HAPPENS IF A VPN CONNECTION FAILS WHILE I'M ON A REMOTE CONNECTION?A lot depends on what VPN you're using, how it's set up, and where you're connecting. That said, let's look at the most likely scenario.
Recall that when you're online and connected to an internet application through a VPN, a few things are happening: Your data from your computer to the VPN service is encrypted by the VPN. Your data from the VPN service to the internet application may or may not be encrypted via http, but it's not encrypted by the VPN service. And your IP address is spoofed. The online application sees the IP address of the VPN service, not of your laptop.
When a VPN connection drops, you might just lose your connection. But because the internet is very good at routing around failures, what is more, likely to happen is your computer will reconnect to the internet application, simply bypassing the VPN service. That means that -- on failure -- your local IP address may "leak out" and be logged by the internet application, and your data may be open to local Wi-Fi hackers at your hotel or wherever you're doing your computing.
There is a reasonably robust solution to that problem, and what's next.
WHAT DOES A VPN KILL SWITCH DO?Put simply, a VPN kill switch kills your internet connection if it detects that your VPN's connection has failed. There are generally two types of VPN kill switches.
The first runs in the VPN client app on your computer, so if the VPN connection fails while the VPN client app is running, that VPN client app can turn off the computer or mobile device's internet connection. However, if your VPN connection has failed because the VPN client app itself crashed, then the kill switch may not work, and your IP and data may leak onto the internet.
The second type of VPN kill switch is at the operating system level. These are usually driver-level systems that run whether or not the VPN application is running. As such, they provide a bit more protection for your surfing activities.
Given that so many VPN products we reviewed in our directory support a kill switch, we recommend choosing a client with a kill switch feature. There may be a slight annoyance if you lose your connection, but that's more than made up for in the added security.
WHAT DO ALL THOSE PROTOCOL NAMES MEAN AND WHICH ONE SHOULD I CHOOSE?If you've been shopping for a VPN service, you've undoubtedly come across a bunch of names like SSL, OpenVPN, SSTP, L2TP/IPSec, PPP, PPTP, IKEv2/IPSec, SOCKS5, and more. These are all communication protocols. They are, essentially, the name of the method by which your communication is encrypted and packaged for tunneling to the VPN provider.
There is a lot of debate among security purists about which protocol is better. Some of the protocols (like PPP and its tunneling variant, PPTP) are old and have been compromised. Others, like SSTP, are proprietary to one company or another.
My recommendation -- and the protocol I most often choose to use -- is OpenVPN. OpenVPN is a non-proprietary, open-source implementation of a VPN communication layer protocol. It's well-understood, well-regarded, generally quite secure, and robust. Also, it has the benefit of being able to communicate over port 443, which is the standard port for http communication, which means almost all firewalls will allow OpenVPN traffic -- and most won't even be able to detect that a VPN is being used.
Yes, there are certainly other protocol choices, even some that might be more appropriate than OpenVPN in certain situations. But if that's the case, either you've already made that decision, or your IT organization has specified a specific protocol you should use. As a default, however, if you're not sure what to look for, look for OpenVPN.
WHAT DOES IT MEAN WHEN A VPN SERVICE TALKS ABOUT SIMULTANEOUS CONNECTIONS?The term "simultaneous connections" generally refers to the number of devices that can be connected to the VPN service and talk to the internet at once. For example, when I was driving across the country and working in my hotel room at night, I often had both my MacBook Pro and iPad connected to the internet.
I used the MacBook Pro for writing, keeping the iPad open to do searches and find supporting information. Both of these were connected to the internet at one time. This was possible because the VPN service I was using allowed up to three connections to open at once.
This is also a good way to provide support for more than one family member on a single subscription. Generally, there's no good reason for a VPN provider to allow less than two or three connections. If your provider only allows one, find another vendor. We gave extra points in our VPN directory to those vendors who allowed three or more connections.
WHEN SHOULD I CHOOSE EITHER DYNAMIC OR STATIC IP?Every device connected to the public internet is assigned an IP address. It's like a phone number for each device. To be able to connect to the internet, each device needs such an address.
The term "dynamic IP address" means that when a device connects to the internet, it's given an IP address taken from a pool of available addresses. While it's possible to get the same IP address on multiple connections, generally each time you connect, you'll get a different address.
If you want to hide your address from the web applications you're connecting to, you'll want a VPN service that provides dynamic IP addresses. In our directory, we list the number of IP addresses each service offers. By using a service with more available IP addresses, the chances of you getting a repeated IP are quite small.
There are some minor disadvantages to using a dynamic IP. If someone who previously had the IP address you've been assigned did something nefarious on a service you use, the IP address might be banned. Usually, VPN providers are very careful about checking their IP addresses against blacklists, so the chances of this being a problem for you are slim.
By contrast, a static IP address is an address that's assigned to you and only you. Most often, this is needed if you're running a server. Usually, static IP addresses are used in corporate situations and are generally not practical for general remote access, like from a hotel or coffee shop.
Unless you have a specific application that you know needs a static IP, you'll want to be assigned a new dynamic IP address for each VPN session you initiate.
WHAT DOES IT MEAN WHEN A VPN SERVICE TALKS ABOUT SERVER SWITCHING?As we mentioned in the previous section, when you connect to a VPN service, you're usually assigned a dynamic IP address from a pool of addresses. But where are those addresses located? They're attached to servers located, usually, throughout the world.
Most VPN services allow you to connect to server locations in many different countries. In our VPN directory, we list both the number of servers the service maintains, as well as the number of countries. By default, you'll usually be assigned a server located in your home country, but if you want to obfuscate your location, you may want to connect to a server located in a different country.
Server switching is a feature -- offered by most VPN service providers -- that allows you to change what region or country you're going to connect to. Most providers allow you to switch as often as you'd like (although you usually have to disconnect, then change your configuration, and reconnect). This may be useful if you're trying to hide your location, or if you're running into some communications glitches on the server you're currently using.
CAN I USE A VPN TO SPOOF MY LOCATION OR COUNTRY OF ORIGIN?Because the VPN server you're connected to presents its IP address to whatever web application you're using, by choosing a server located in a different country, you can represent your connection as if you're in a different country. This may be illegal in certain regions, so use caution when doing this.
In my testing, some VPN providers were able to successfully hide their originating country or the fact that they were VPNs, but others were not. You'll probably want to do some testing. Of the services where I did in-depth testing, NordVPN and Hotspot Shield were able to successfully hide their VPN origins, while StrongVPN and CyberGhost were not.
CAN I USE A VPN TO WATCH A BLACKED-OUT PROGRAM OR VIDEO?Sometimes it is possible to watch a blacked-out sporting event or other show, although we certainly can't advise you to do so. Spoofing your location to bypass broadcast restrictions may get you in hot water.
Also, do be aware that some broadcasters have developed increasingly sophisticated methods to determine whether the IP address you represent is the IP address where you're located. The VPN may be able to protect your original IP address from being seen, but there are characteristics of proxy communications (like a slightly longer time to transfer packets) that can be used to identify users who are trying to bypass watching restrictions.
IS IT TRUE THAT A VPN IS COMPLETELY UNHACKABLE?No. No. Did I mention... no. Nothing is unhackable. As evidence...
In January 2018, Cisco Systems (a very highly respected maker of internet communications hardware) revealed that a critical bug was found in its ASA (Adaptive Security Appliance) software that could allow hackers to remotely execute code.
This is a bug in enterprise-level VPN systems used by corporations, so it's very serious, indeed. Fortunately, responsible IT administrators can patch their systems to fix the bug. However, it goes to show how no system can be truly deemed absolutely secure.
Another example was a bug in Hotspot Shield, a popular VPN service. This bug allowed a hacker to expose private information, including originating IP. Hotspot Shield issued an update, which gives us an excuse to remind you that you should always install updates, especially on your VPN client software.
WHO ARE THE KEY PLAYERS?We've done in-depth reviews of the following VPN services. If you're considering a VPN, you might want to read these articles first:
• NordVPN review: Sincere about security and privacy
• StrongVPN review: A clear and easy-to-use VPN ideal for coffee shop use
• Hotspot Shield review: Here's a VPN that actually lives up to its hype
• CyberGhost VPN review: More than just VPN, an all-in-one security kit
• IPVanish review: VPN delivers a wealth of options and browsing controls
While there are a tremendous number of VPN vendors out there, we think the following are some of the best:
•
NordVPN: 30-day refund, lots of simultaneous connections
•
ExpressVPN: Detailed FAQ, good refund policy, Bitcoin
•
IPVanish VPN: Keeps no log files and has support for Kodi
•
PureVPN: Large network, strong technically, good performance
•
Norton Secure VPN: Company is trustworthy and accountable
•
StrongVPN: Excellent infrastructure, decent price performance
•
Hotspot Shield: Best money-back guarantee
•
Private Internet Access: Lowest yearly price, most servers
•
CyberGhost: Supports Kodi, good Linux and router support
For a more detailed review of each, visit our VPN directory.
source
