As the general public is becoming more aware of just how vulnerable they are online, there has been a significant uptick in the sale and use of cybersecurity products. Among the most popular are virtual private networks, or VPNs for short.

It’s estimated that nearly 70 percent of American internet users connect using a VPN, and that number is growing. However, not many people really understand the ins and outs of VPNs — or specifically, exactly what they are or how they work. To get you up to speed, let’s start by going over a quick history.

Virtual Private Networks: The Origin Story

The first VPN was created by Microsoft engineers in 1996 as a way for users on a network to communicate securely with one another. The first VPN was based on a point-to-point tunneling protocol (more on protocols a little further down) and allowed for sensitive data to be transferred safely and securely over public networks.

Older VPNs were primarily used by businesses to protect sensitive data from getting into the wrong hands, but as the internet became more popular among average folks, virtual private networks became available to consumers.

NordVPN Dashboard France

NordVPN Dashboard

Since that time, VPN use has grown exponentially, with multiple providers coming to market with more sophisticated functionality and specialized features for unique-use cases. While some of these providers offer global networks of highly advanced servers optimized for activities like streaming and P2P file sharing, others focus mainly on shoring up clients’ security and privacy.

Now that you have some context, let’s shift our attention to the real-world functionality of modern virtual private networks, and how you might use them.

What Do VPNs Do?

Simply put, VPNs hide your data from anyone who would want to intercept and analyze it. These could include: a snooping internet service provider who wants to sell your browsing data to third-party marketers; a government agency that for whatever reason — legitimate or not — wants to know what you’re up to online; or an identity thief who wants to get their hands on your personally identifying information for nefarious purposes.

ProtonVPN Dashboard View

ProtonVPN Dashboard

Think of it this way: If you drive your car from your house to the store, anyone can see your vehicle, identify the make and model, write down your license plate number, see how many passengers are with you, and even what color shirt you’re wearing. If they’re really interested, they can see where you came from, which store you went to, and what you bought when you were there. That’s a lot of information someone can gather about your activity.

That’s how things work on unsecured internet connections, too. However, instead of gleaning all this information from your trip to the store, interested parties are gathering it based on your data.

Pro Tip: Want to cut to the chase and read about our top VPN picks? Head over to our ExpressVPN vs. NordVPN comparison guide to get some insight on how these two titans stack up head to head.

Now using the same metaphor, if you’re using a VPN, you’re going to be using a secret elevator in your garage to access a private tunnel that takes you directly to the store. You walk in the back, get what you want, pop right back in the tunnel, and head home. No one knows you even made the trip, and they can’t gather any insight into your activity or behaviors.

Obviously this is a bit of an oversimplification so we don’t have to get into all the technical jargon, but to really understand how a VPN works, you need to understand two concepts: encryption and protocols. We’ll talk about the former first.

What Is Encryption?

Here’s where the take-your-car-to-the-store metaphor breaks down a little bit, since a car can’t really be “encrypted.” In digital terms, though, encryption works by scrambling your data according to a set of rules — an algorithm — so that if it’s intercepted by a third party, it will be incomprehensible. It’s only after it’s reassembled at the destination, using what’s called a key, that it is again readable.

Simply put, if your data ends up in the wrong hands, they won’t know what to do with it. It’s totally incomprehensible when you’re using a VPN.

SurfShark VPN Dashboard

Surfshark VPN Dashboard

There are a few different types of encryptions, but the two industry standards are AES-128 and AES-256. The first is a little faster, and the second is a little more secure. Both, however, are extremely resilient to low-level hacking and would require extremely sophisticated digital forensics to unscramble.

So think of your encrypted data as a text. But what language is that text in? That’s where protocols come into play.

A Primer on VPN Protocols

VPN protocols are the set of rules that determine how your data is routed through the established connection. There are different specifications based on desired outcomes — some are designed for speed, some are designed for security.1 The most common are L2PT, IKEv2, OpenVPN, and more recently, WireGuard. Let’s break these down.

  • L2PT, or Layer 2 Tunnel Protocol, is the predecessor to the first VPN protocol, Point to Point Tunneling Protocol (PPTP). It’s easy to set up, secure and widely utilized, but it is also easily recognizable and shut down by certain firewalls.
  • IKEv2, or Internet Key Exchange, is a bit more modern than L2PT and is more common on non-standard devices like tablets, smartphones as well as macOS operating systems. Its drawback is that it isn’t open source, and it’s limited in its customizability. Since we’re discussing IKEv2, it’s important to note that not all VPNs are tuned to work well on macOS. If that’s what you use, head over to our list of the best VPNs for Mac users to find one that is.
  • OpenVPN is the protocol you’re likely to have the most interaction with. It’s fast, secure and widely utilized, and as the name suggests, open source. There are two main flavors of OpenVPN: TCP and UDP. Without getting too deep into the weeds, TCP is a little more reliable, and UDP is a little faster.
  • WireGuard is the newest protocol to be widely adopted. It’s also open source, but it’s a lot leaner compared to OpenVPN, meaning there are fewer vectors for attack. Due to its high speeds and reliable connections, some experts say that it will quickly overtake OpenVPN as the industry standard.

Pro Tip: Some VPN providers actually offer their own proprietary protocols with their products, including one of our top picks. Check out our review of NordVPN, which uses their own protocol called NordLynx, for more information. ExpressVPN also has their own protocol now, called Lightway. Check out our ExpressVPN review for the test drive.

So now that you understand what VPNs are and how they work, let’s talk a little about what they can’t do.

Are VPNs Bulletproof?

While VPNs are great for shoring up your digital privacy, they don’t offer foolproof, blanket protection. Even if you’re using a VPN, you can still be susceptible to any number of online threats, including malware and social engineering attacks.

Connected to ExpressVPN

ExpressVPN Dashboard

VPN or not, you still need to practice good online hygiene, like making sure you use strong passwords, never clicking on risky links, and staying away from sketchy corners of the internet. Don’t ever give out your personal information, and don’t do business with online vendors without established reputations for security.

Whatever you do, don’t fall into the trap of thinking that since you’re using a VPN, you’re completely safe online. VPNs are great at one thing, and one thing only: keeping your data private.

Do I Really Need a VPN?

I’d answer that by asking another question. Do you really need to close your blinds when you’re changing? No, but you’re certainly going to be exposed if you don’t.

Virtual private networks are an important element of a complete cybersecurity posture, and without one, you’re leaving yourself vulnerable. Whether you want to keep Big Brother off your back or prevent bad actors from seizing your private data, it’s important to connect to the internet using a VPN, especially if you’re on an unfamiliar network or public Wi-Fi.

FYI: You might think it’s okay to do some banking while you’re working from the coffee shop, but you never know who’s sharing that network with you. If you’re running a VPN, though, it won’t matter.

So if you’re convinced that you want to use a VPN, it’s important to be mindful of a few considerations. To that end, let’s talk about what you’re going to want that VPN to do.

Features to Look for in a VPN

Not all VPNs are created equal. Some prioritize security, while some favor entertainment. Some are speedy, where others are sluggish. And some are designed with user experience in mind, while there are those that will make you want to tear your hair out. When shopping for a VPN, here are a few items to keep in mind.

  • Speed: There’s no getting around it: When you use a VPN, you’re likely going to experience some decreases in your connection speeds. Just how noticeable these slowdowns are, though, is a function of how large the VPN server network is, and how much traffic is present on their network. Look for a service with a large number of endpoints — for reference, some industry leaders run networks made up of thousands of servers.
  • Kill Switch: I consider the kill switch to be mission-critical functionality. If your VPN connection is ever interrupted, a kill switch will automatically terminate your internet connection, meaning that your true IP address is never exposed and your data can’t be intercepted.
  • Optimizations: Some people use VPNs exclusively to protect themselves while torrenting or to spoof their location to gain access to geo-restricted media libraries on streaming platforms. If you want to watch German Netflix from the privacy of your home in the Midwest, a VPN can help you do exactly that. Check out my CyberGhost review to see what I mean.
  • Geographic Protections: If you travel a lot for work or pleasure — particularly to countries like Russia or China where the internet is heavily monitored and regulated — you might want to invest in a VPN that obfuscates its protocol traffic to bypass governmental firewalls. I was most impressed by this type of functionality when I put Surfshark to the test.
  • No-Log Policy: You want a VPN to keep your digital goings-on private, correct? Well to complicate matters, some less-reputable providers will actually keep record of their clients’ activities. Look for a VPN with an independently audited no-log policy, or better yet, find one that runs a RAM-only server network like Express or Surfshark.
  • Jurisdiction: Almost as important as a no-log policy, if you’re serious about your privacy, you’re going to want to select a VPN in a privacy-friendly jurisdiction. There are dozens of countries that participate in international data-sharing agreements, and nations that are part of those compacts are obligated to cooperate with partner nations’ law enforcement agencies. If you want to avoid that, select a VPN that is headquartered in a country beholden to no others.

Final Thoughts on VPN Use

As I mentioned previously, a VPN is an important element in a complete suite of cybersecurity protections. While they aren’t completely foolproof, a good one will absolutely help you browse the web in near anonymity. Just like locking your door at night isn’t a guarantee that nothing bad will happen, running a VPN on your internet-connected devices will ensure that you’re not low-hanging fruit.

That said, as cyberthreats are mounting, and our privacies are eroding, seemingly by the day, those who want to push back will find a powerful tool with the virtual private network. Ready to get started? Head over to our list of the top ten best VPNs of 2023 to select a service that’s right for your needs and budget.