top of page
  • Writer's pictureESET Expert

Buying a VPN? Here’s what to know and look for



VPNs are not all created equal – make sure to choose the right provider that will help keep your data safe from prying eyes.


In a world of remote working and heightened privacy and security concerns, virtual private networks (VPNs) have become an indispensable aid for the risk-averse consumer. First developed in the late 1990s, VPNs have grown in popularity to the point where the market is now flooded with offerings, including a huge number of free options.


But VPNs are not all created equal, and it pays to do your research before buying. In fact, some may create a dangerous false sense of security, which could eventually undermine your privacy and security, rather than enhance it. That’s why we’ve put together this handy guide.


Why get a VPN?

VPNs are designed to enhance user privacy and security by providing an encrypted tunnel between your device and the internet. By routing your traffic such as internet searches and downloads through a VPN server and effectively masking your IP address, it delivers benefits by keeping prying eyes away from your web browsing and other activities so that no one can track your online habits. In this way, VPNs can help you protect your personal data, enhance your privacy, and keep you secure even when connecting via potentially risky public Wi-Fi, among other scenarios.



How to use a VPN

When you switch on and use a VPN, your internet traffic is encrypted by the VPN client, and will then travel through a secure tunnel from your machine (PC, tablet, smartphone etc) to the VPN server. This server then decrypts the traffic and sends it to the web server you’re trying to reach. When the web server sends data back to your machine, the same happens in reverse.


Using a VPN is pretty straightforward:


  • Open the VPN client app


  • Select the VPN server you want to connect to (there should be various options located in different countries)


  • Click “connect” or similar


  • When you’re done with the session, simply click “disconnect” or similar


It’s worth noting that some browsers feature built-in VPN capabilities. You’ll usually find these in privacy and security settings. Simply follow the on-screen prompts to activate. Remember, however, that only browser-based activity will be protected by this type of VPN. A standalone VPN is better if you want to protect all traffic while browser-based VPNs can also be limited in their functionality (e.g., slower speeds, fewer servers to choose from etc).



Whatever type of browser you choose, remember to:


  • Ensure it’s always on the latest (i.e., most secure and feature-rich) version


  • Restart the device or VPN app or switch VPN servers, if you have any problems connecting


  • Keep an eye out for any notifications, as privacy is not guaranteed once you turn off the VPN


The pros and cons of VPNs

If you’re a security and privacy-conscious internet user, there’s plenty of potential benefits to using a VPN. Depending on the model you choose, they include:


  • Enhanced privacy: Your location and identity are masked, protecting you from third-party ad trackers and other potentially privacy-infringing technologies. It also stops your Internet Service Provider (ISP) from tracking your browsing habits and limits the ability of government authorities to snoop on your traffic, which is a concern especially in countries with oppressive regimes. Some VPNs offer features like DNS leak protection to further boost your privacy.


  • Secure public Wi-Fi use: If you’re out and about and want to access your favorite web sites, public Wi-Fi is a great resource. But it comes with a risk. Malicious actors can use these networks – or fake Wi-Fi hotspots they set up – to eavesdrop on your browsing activity and steal account logins and other sensitive information. By encrypting your internet traffic, a VPN will keep your connection secure and stop snoopers from intercepting your data.


  • Secure remote access to corporate networks: More and more of us work remotely today, meaning we may need to access corporate networks or cloud-based business applications while on-the-go. With a VPN, that connection will be kept secure even if you use public Wi-Fi. (On a related note, it would be remiss of us not to mention that business VPNs are a favorite target for attackers.)


  • Secure file sharing: Once again, because the VPN creates an encrypted tunnel between your device and the digital destination you want to reach, it ensures sensitive files can be shared with third parties securely. A VPN also reduces the likelihood of session hijacking – which happens when hackers steal your session ID to log into websites as you.


  • Secure payments: Your VPN’s traffic encryption capabilities ensure that your card data is safe while in transit as you pay online. However, a VPN doesn’t protect you from surrendering your financial information to phishing sites – this is where comprehensive security software comes in instead.


  • Enhanced protection from threats: Some VPNs offer features such as ad blockers to protect against malicious adverts. A VPN service in and of itself isn’t designed to thwart threats like malware, but by relying on a VPN that is part of your security software of choice you will slash your risk of falling victim to account takeover that often result from a malware compromise.



However, there are also potential concerns to be aware of with certain VPNs, that makes it important to do your research:


  • Reduced speeds: As data needs to travel via a VPN server, it may cause your internet connection to slow down. This slowdown can vary depending on the VPN’s server load, distance from the server, and the quality of the VPN service.


  • Limited server choice: Some services may offer only a handful of VPN servers to choose from, which can impact usability, reliability and service quality. A limited number of servers may lead to overcrowding, resulting in poor speeds and frequent disconnections.


  • Variable security standards: Not all providers offer the same high quality of encryption and value-added security services. Many may even introduce security and privacy risks, such as logging your activity, selling your data to third parties, or being vulnerable to hacking attempts.


What to look for in a VPN

It’s important to choose a VPN service that suits your requirements. Consider the following when looking for a provider:


  • Encryption: It’s recommended to choose a VPN which uses a strong encryption algorithm, like AES-256 encryption.


  • Paid vs free: Some free VPNs may collect your personal information and sell it to third parties – that’s how they pay for the service they’re providing. You may also find reliability and speed/bandwidth are not up to scratch – especially for certain use cases like gaming. Paid services often offer better all-round quality. Look for one offering unlimited bandwidth.


  • More than a VPN: Consider using a VPN provided by a trusted cybersecurity vendor, which may also include value-add services such as: identity protection (dark web scanning/credit report monitoring and ID threat alerts), password manager, DNS leak protection and, obviously, robust protection from various digital threats.


  • Servers and locations: The more servers and countries your VPN provider offers, the more flexibility you’ll have in choosing one to suit your needs. Geo-restriction bypass is also important to help you access sites that may be restricted in your location.


  • Technologies: VPNs may support one or several protocols for including OpenVPN, WireGuard, IKEv2/IPSec or SSTP. Look for OpenVPN – widely regarded as the best in terms of speed and security.


  • Technical support: Read online reviews to better understand how good the technical support is in case something goes wrong. And it goes without saying that you also want a VPN service that intuitive and easy to use.


  • Covert logging: If you’re particularly concerned about privacy, check what data the VPN provider stores about your internet activity. Look for one which has a “no logs” policy. It may also be worth checking which country/jurisdiction the provider is located in. Some governments may be able to access VPN customers’ data.


VPNs play an increasingly important role in protecting our digital world. But with so many options on the market, it pays to take your time before choosing one. If in doubt, trusted vendors from the cybersecurity world are a good first port of call.



by Phil Muncaster, ESET

Comments


bottom of page