You’ve probably seen articles recently about how evildoers can scam, skim, and snoop your private information for their financial benefit. Besides encouraging you to wrap yourself in a cloak of paranoia once appropriate for a Cold War spy – “no one is who they seem to be” – these articles inevitably discuss VPNs, Virtual Private Networks.
OK, let’s break that down.
Network: You know what a network is, right? It can mean a lot of things, actually. In this case, let’s take it to mean the internet.
Private: Communication across the internet can be dangerously public. Folks with the right hardware and software in the right place can snoop what you send down the line. Sometimes all that’s necessary is to monitor who you communicate with; what you say doesn’t matter. For example, the company that provides your home internet connection may be watching the websites you visit. Why? Because they sell the information to other companies that use it to target ads, judge your credit-worthiness, perhaps even decide whether or not to approve your insurance application.
Virtual: A colleague once said, “Whenever you see ‘virtual,’ substitute ‘pretend.'”
So a VPN is a “pretend network designed to keep your information private as it travels across the internet.”
You can think of a VPN as a “pipeline of encryption.” Once you install it on your phone, pad, or computer, all information travels through the pipeline and is, thusly, private.
You are most at risk when using a wi-fi network outside your home. You know, the one at the coffee shop, the airport, the sketchy cafe in Istambul. The highest threat level is reserved for those “friendly” wi-fi networks that don’t require passwords. They may not encrypt data at all. So it would be pretty easy for someone to see what you read and write.*
A VPN will not render you invulnerable to cybercrime. If you give someone your banking credentials or let the guy “from Microsoft” take control of your computer, you are still screwed.
Roughly a squillion companies offer VPNs. Some are free, some cost. If you pick a free one, you’re nuts. Programmers cost money, and the thousands of server computers required to run a VPN cost money. If you’re not paying to use the VPN, where does the money come from?
The company running the VPN can, if they choose, see everything inside of your “pipeline of encryption.” Like your internet provider at home, they can market your activity; worse, they might see things you’d rather keep to yourself. Many free VPNs are located in China and other places that are best avoided.
I’ve run my own VPN for several years. This is the closest to “trusted” I can get, but I still have to trust the cloud company that provides the computer my VPN runs on. For various reasons too geeky to go into, I would not recommend running your own VPN, particularly if you travel.
This leaves the paid VPNs.
I’ve tried many, including every one that you will see listed in the top three on any recent “best of” article. I eliminated them all for one reason or another. I won’t list them all and explain my reasons, but if you write to ask about a specific one, I’ll give my opinion.
I’ll make it simple for you: read the VPN review in Wirecutter. It’s the best coverage of the subject that I’ve seen. My choice is the same as theirs, and for the same reasons: privacy, support, speed, and cost. Consumer Reports also took an in-depth look at VPNs. Their report sheds light on the gap between what some VPN companies say versus what they do to protect your privacy.
If you want an easy-to-use, trustworthy VPN at a reasonable price, go with Mullvad, a Swedish company that checks all the right boxes and none of the wrong ones.
*This is an oversimplification. Even without a VPN, much of the information on the internet is encrypted. But the bits that are not can cause you grief.