Virtual Private Network (VPN): A Very Detailed Guide for Newbies

Article by Jerry Low . .
Updated: Dec 03, 2018

 

Virtual Private Network (VPN) services are somewhat of a hot topic nowadays since Internet privacy is coming under fire from many directions. Companies are trying to gather more data on their users to the extent that it is becoming overly intrusive (Want example? See this, this, this, and this) while countries are divided on how to manage the situation.

For years we have been using major products such as Facebook, Google, Microsoft software and more but rapidly advancing technology has tempted these companies to squeeze users account of every bit of information they can for commercial purposes.

And while governments may struggle to control the situation, in some cases it is they themselves who are guilty of the same sins that the corporates are getting in trouble for – intrusion of privacy and illegal collection of private data.

* Heatmap of locations where the NSA collects data online using Boundless Informant, a big data analysis tool used by United States National Security Agency (NSA). Source: The Guardian

So, what can we as individual do to protect our privacy online? The answer leads us back to our topic of VPNs.

 


 

Table of Contents

 

 

 FTC Disclosure: WHSR receives referral fees from some of the brands and companies mentioned in this article. 

 


 

What is a VPN?

What is VPN and how does it work?
What is VPN and how does it work?

A VPN is a service that creates an encrypted connection from your device to a VPN server through your Internet connection. Think of it as a tunnel through a mountain, in which your Internet service provider (ISP) is the mountain, the tunnel is the VPN connection and the exit is to the world wide web.

There are some people who may mistake VPNs as alternatives to having an Internet connection, but this is incorrect.

Originally, VPNs were created to connect business networks together for more secure and convenient communications. Today, VPN service providers work hard to forward all your traffic to the Internet – bypassing government or ISP monitoring and even forced censorship in some cases.

In a nutshell, think of a VPN as a service that’s designed to help you gain full access to the Internet and protect you while doing it.

What does a VPN do?

The primary purpose of a VPN is to create a secure tunnel for your data to travel through to its servers before passing on to the Internet. This however, has resulted in some other benefits, such as location spoofing.

While that might seem insignificant to you, there are many times when location spoofing has helped people overcome geo-location barriers. Take the Great Firewall of China for example. The Chinese government heavily censors the Internet and many things we take for granted online are blocked in China. Only by using a VPN can China-based users access sites like Google and Facebook.

For peer-to-peer (P2P) users, aside from the risk of identification, you also run the risk of having your port maps identified through Torrenting. VPNs help mask all of this so that your open ports can’t be easily exploited.

Advantages of using a VPN Connection

In short –

  • Anonymity
  • Security
  • Accessing geo-location blocked services (Netflix, Hulu, etc)

As I’ve mentioned, the first and foremost purpose of VPNs today is anonymity. By creating a secure tunnel from your device to their servers and encrypting the data that travels through that tunnel, VPNs effective shield all your data activity.

Anonymity

This means that anyone trying to discover what you’re doing on the Internet, such as the sites you visit and so on won’t be able to find out much. VPNs are so much focused on anonymity that many of them today have taken to accepting payments that can’t be traced, such as crypto currency and gift certificates.

Location spoofing

Location spoofing came about as a side benefit of VPN services. Because VPN services have servers in many locations around the world, by connecting to those servers you can ‘spoof’ your location as being the same as that of the VPN server.

Security

Many VPN services today are also beginning to implement greater security measures to benefit their users. It started out mainly to help block online data collection and tracking but has now expanded to include ad-blocking and in some cases even anti-virus solutions.

 


 

How a VPN Works

It is a little difficult to describe how a VPN works unless a little technical detail is involved. However, for those who just want the basic concept, a VPN creates a secure tunnel from your device to the VPN server and then from there out to the world wide web.

In greater detail, the VPN first establishes a communication protocol from your device. This protocol will set the boundaries of how the data will travel from your device to the VPN server. There are a few main VPN protocols which are common, although each has their own advantages and disadvantage.

Common VPN Protocols

Although there are many communication protocols, there are some mainstream ones which are commonly supported irrespective of VPN service brand. Some are faster, some are slower, some more secure, others less so. The choice is yours depending on your requirements, so this might be a good section for you to pay attention to if you’re going to be using a VPN.

In summary –

  • OpenVPN: Open source protocol which is of average speed yet offers strong encryption support.
  • L2TP/IPSec: This is quite common as well and offers decent speeds but is easily blocked by some sites which do not favour VPN users.
  • SSTP: Not so commonly available and aside from good encryption doesn’t have much to recommend itself for.
  • IKEv2: Very fast connection and especially good for mobile devices though offering weaker encryption standards.
  • PPTP: Very fast but has been poked full of security loopholes over the years.

Quick comparison –

Encryption Security Speed
OpenVPN 256-bit Highest encryption Fast on high latency connections
L2TP 256-bit Highest encryption Slow and highly processor dependant
SSTP 256-bit Highest encryption Slow
IKEv2 256-bit Highest encryption Fast
PPTP 128-bit Minimum security Fast

 

1- OpenVPN

OpenVPN is an open source VPN protocol and that is both its strength as well as its possible weakness. Open source material can be accessed by anyone, which means that not only can legitimate users use and improve on it, but those with not so great intentions can also scrutinize it for weaknesses and exploit those.

Still, OpenVPN has become very much mainstream and remains one of the most secure protocols available. It supports very high encryption levels including what is considered to most as ‘unbreakable’ 256-bit key encryption requiring 2048-bit RSA authentication, and a 160-bit SHA1 hash algorithm.

Thanks to it being open source, it has also been adapted for use on almost all platforms today, from Windows and iOS to more exotic platforms such as routers and micro devices like the Raspberry Pi.

Example – Some of the devices supported by NordVPN – Note how each device supports its own set of protocols

Unfortunately, high security has its downsides and OpenVPN is often seen as being very slow. This however is more of a trade-off, since it is normal that the higher the encryption rates being used, the more time it will take to process data streams.

2- Layer 2 Tunnel Protocol (L2TP)

Layer 2 Tunnel Protocol (L2TP) is the de facto successor of Point to Point Tunneling Protocol (PPTP) and Layer 2 Forwarding Protocol (L2F). Unfortunately, since it didn’t come equipped to handle encryption it was often distributed together with the IPsec security protocol. To date, this combination has been seen as the most secure and having no vulnerabilities yet.

One thing to note is that this protocol uses UDP on port 500, which means that sites that do not allow VPN traffic can detect and block it easily.

3- Secure Socket Tunnelling Protocol (SSTP)

Secure Socket Tunnelling Protocol (SSTP) is one that is lesser known among regular people, but it is very useful simply because it has been fully tried, tested and tied into every incarnation of Windows since the days of Vista SP1.

It is also very secure, using 256-bit SSL keys and 2048-bit SSL/TLS certificates. It is also unfortunately proprietary to Microsoft, so it’s not open to public scrutiny – again, both good and bad.

4- Internet Key Exchange version 2 (IKEv2)

Internet Key Exchange version 2 (IKEv2) was co-developed by Microsoft and Cisco and was originally intended simply as a tunnelling protocol. It therefore also makes use of IPSec for encryption. Its agility in reconnecting to lost connections has made it very popular among those who leverage on it for mobile deployment of VPNs.

5- Point-to-Point Tunnelling Protocol (PPTP) 

Point-to-Point Tunnelling Protocol (PPTP) is one of dinosaurs amongst VPN protocols. the oldest VPN protocols. Although there are still some instances of use, this protocol has largely fallen by the wayside due to large, glaring gaps in its security.

It has several known vulnerabilities and has been exploited by both the good and bad guys long ago, making it no longer desirable. In fact, it’s only saving grace is its speed. As I mentioned earlier, the more secure a connection is, the more likely speed is to see a decline.

Encryption Methods and Strength

The simplest way to describe encryption that I can think of is perhaps messing up information so that only a person who has the guide to how you messed it up can translate it back to its original meaning.

Take for example a single word – Cat.

If I apply 256-bit encryption to that one word, it would be completely scrambled and undecipherable. Even the most powerful supercomputer on earth would take millions of years trying to decrypt that single word with 256-bit encryption applied to it.

Also, the levels of encryption are exponential, so 128-bit encryption doesn’t offer half the security of 256-bit encryption. Although still formidable, experts believe that 128-bit encryption will soon be broken.

These encryption methods and strengths are normally applied automatically, depending on which application we use, such as email, browsers, or other programs. VPNs on the other hand allow us to choose what types of encryption we want, since the type we choose will affect our VPN performance.

In this way we can ‘adjust’ the performance of our VPN service. For example, some may prefer extreme encryption and be willing to sacrifice speed. Others may prefer speed and so accept a lower level of encryption.

All of this is necessary and affected by encryption because when you’re logged in to a VPN service, the data you send when trying to browse the Internet goes through the encrypted VPN connection.

 


 

How to Choose a VPN? Key Features to Look Out for

There are a LOT of VPN service providers out there, so when shopping for a service provider it is important to keep in mind exactly what your requirements are. If you’re simply trying to bypass certain censorship curtains, there are cheaper alternatives, such as a HTTP/HTTPS Proxy.

VPNs are the highest form of normal consumer privacy and anonymity protection, They were designed to keep you safe, secure and ensure that your browsing activities are kept personal. However, each of the providers themselves know that they were designed for certain purposes.

Take for example TorGuard, which was mainly meant for people who were constantly on Peer-to-Peer (P2P) file sharing networks. With that, let’s take a look at specific areas of VPNs you should take into consideration when evaluating one.

Key VPN Feature #1- Anonymity

While it is true that the Internet has been around for ages, technology has been evolving rapidly. Today, companies around the world are beginning to track users digitally to help them through data analysis. In some cases, governments have also been known or suspected to be tracking users digitally.

If you think that won’t happen to you because you live in country X, which is wonderful, think again. There are known government surveillance projects being carried out in countries as restrictive as China and Russia all the way to neutral Switzerland!

You can be tracked through emails, registering on websites, and yes, even by simply visiting any location on the web. Frightening, isn’t it?

It is one of the core functions of a VPN service to help you maintain anonymity on the Internet. It does this by masking your location, encrypting data that is transmitted between you and the Internet and by ensuring that even the provider itself doesn’t keep track of what you do (in most cases).

More VPN service providers today are also adopting the acceptance of anonymous payment options such as crypto currency and cash, or gift certificates.

Personally, one item I keep an eagle eye out for is the country in which the VPN registers its business. Many VPNs say they do not log user activity, but some countries have mandatory data retention laws. I prefer to choose a VPN provider that registers in a country where the law is on the VPN’s side, such as Panama or the British Virgin Islands for example.

Recommended VPN for best anonymity: 

  • NordVPN – Being based in Panama, the company falls under the country’s jurisdiction and Panama has no data retention laws.
  • Tor Guard – TorGuard accepts anonymous payment options including crypto currency, gift cards, and payment wall (MOL, Yandax Money, Alipay, etc).

Key VPN Feature #2- Security

From Encryption protocols to built in security features of VPN client software, VPNs today offer security on many levels. Of course, the most critical one is the security and integrity of the connection it maintains between you and the Internet though.

One more feature that many VPN service providers offer is a kill switch. This means that any time the connection between your device and the VPN server is broken or lost for any reason, the VPN client will stop all data from going out or coming in to your device.

Ghosting

VPNs have also been around long enough that some websites or even governments have experience in recognizing VPN activity. The VPNs service providers also know this and have introduced a feature called Stealthing, Ghosting or VPN Obfuscation (terminology varies, but they generally mean the same thing). This helps to confuse systems that are actively looking for VPN users.

Double VPN

Some VPNs go to great lengths to help their customers hide their identities and have come up with a feature called double VPN. This means you connect to one VPN server and the connection is then router through another VPN server before hitting the Internet. Aside from the routing, the encryption is doubled as well which adds an extra layer of security.

NordVPN use double encryption to ensure top level privacy and security.

Aside from this, additional features are being added to many VPN services all the time such as Malware scanning, web banner blocking and more. While all of these are handy, never forget the core purpose – keeping your connection secure and anonymous.

Recommended VPN for best security

  • NordVPN – NordVPN supports automatic kill switch, double encryption, and auto block dangerous websites.

Key VPN Feature #3 – Speed and Stability

Here’s the first thing you need to realise before signing up with any VPN service provider; your Internet speeds will take a hit. There is no way around it, that’s simply how technology works – for now.

However, a VPN which has many servers which are spread over a good number of locations worldwide will allow you to mitigate speed deficiencies somewhat. Take for example a provider such as NordVPN versus iPredator. Nord has over 4,000 servers across more than 60 countries while iPredator has a handful in one country alone (Sweden).

No matter how great iPredator’s servers are, if your actual location is far from Sweden, it is likely that your Internet speeds will suffer terribly when connected to it. As a rule of thumb, the further away your actual location from the VPN server, the more your speeds will be affected.

The hardware you are running the VPN on needs to have significant processing power, as VPN encryption takes up a lot of resources. For example, if you were to run the VPN on a router with a 1GHz processor, your maximum speed with 128-bit encryption would only be around 17Mbps.

My laptop is a low-powered one with an Intel i5-8250U processor and can only manage roughly 170Mbps to 200Mbps at 128-bit. Keep in mind that many different things work together to affect overall Internet speed – it’s not always the VPN service provider’s fault if your speed drops!

Key VPN Feature #4 – Location Spoofing

Remember that it’s not always about speed, but availability. If you’re wanting to stream US-based Netflix content for example, you’re going to want a VPN which has servers in the country. Likewise, in the UK if you’re looking at streaming iBBC content.

If you’re in a country which censors the Internet heavily, or are travelling to one, such as China, make sure you choose a VPN service that is good at getting around blocks. It is especially difficult in China since almost everything online is censored and all VPN services except state-run or approved ones are banned.

PureVPN supports up to 2,000 VPN servers in more than 140 countries.

Recommended VPN for widest location choices

  • PureVPN – 2,000 VPN servers online in 140+ countries worldwide, including China and Middle East countries.

Key VPN Feature #5 – P2P Support

Finally, there is support for P2P, which some providers will not allow. File sharing is often high-bandwidth intensive, but P2P users need VPN services, so there are specialists such as TorGuard who cater for them. Others such as NordVPN limit P2P users to certain servers.

I have found that for the most part, many VPNs are quite good about P2P usage nowadays and speeds have not really been throttled. So far only one provider I have tried has been extremely strict about P2P usage, cutting my torrent speeds down to zero if I wasn’t connected to a file-sharing approved server.

* Caution: Some VPN service providers totally do not allow P2P usage, make sure you check before buying in to one if this is what you’re looking for!

P2P friendly VPN services

Key VPN Feature #6 – Customer Service

As with any industry, the VPN community has its top dogs and low dogs in customer service. I’m not going to name who they are here, but rest assured I’ll call them out on this in individual VPN reviews.

I must repeat this again here – For a service that is as technical as a VPN, there is absolutely no excuse for a company that specializes in it not to have good customer support. It is necessary. If you’re signing up for a VPN service, make sure you go through some reviews to see how they do in customer support.

That some rely on a ticketing system is bad enough, but they take simply ages to respond. Can you imagine sitting at home an getting increasingly frustrated as each email comes back to you after a day or two, and that you are paying for that privilege?

 


 

My Personal VPN Experience

I have now been researching, testing and experimenting on VPNs for the better part of a year. While I may not be a technical expert at VPNs yet, I have for sure found out more than I’ve ever really wanted to about these services.

My experiments have included the use of VPN clients on various platforms, as well as their mobile apps, browser plugins and with different usage models. Some I’ve been pleasantly surprised at, but some utterly disappointed in.

I have to say that at the end of the day, no matter the capabilities of a product, there is absolutely no reason for any of these companies to have bad customer service. And yes, I rate incompetence and sloth as ‘bad customer service’.

The Equipment

Asus RT-1300UHP

For the most part, my tests were carried out using either an open source VPN client or a VPN app installed on a Windows-based machine. These are usually fine, and I have found that it is usually the case whereby the hardware we have at home limits our VPN more than the service itself.

The most important thing I learned about equipment is that if you intend to deploy the VPN directly on your router, you need to be aware of one very important factor – your VPN must have a kick-ass processor. These are usually limited to the ‘oh-my-God’ price range of consumer wireless routers, and even then, are quite limited.

As an example, I tried a few VPNs on a lowly Asus RT-1300UHP which if fine for most homes. It certainly can handle even full gigabit speeds (via LAN) and up to 400+ Mbps on WiFi. Yet it only managed a throughput of about 10 Mbps once the VPN was set up. At that rate, the processor was already straining at 100% constantly.

The kind of router you need that we’re talking about is in the range of the ROG Rapture GT-AC5300 or Netgear Nighthawk X10 – Expensive and not the norm for most households. Even then, if your Internet speeds are fast – the bottleneck will remain your router.

The Internet Connection

I started out testing VPNs on a 50 Mbps line which was giving me close to advertised speeds – I usually got around 40-45 Mbps. Eventually I shifted to a 500 Mbps line for which I get around 80% of advertised speeds – normally 400-410 Mbps.

It was only when I shifted to a higher speed line that I realised many VPNs struggle to manage at such speeds due to a combination of factors. This includes the machine you run it on, the distance between you and the VPN server you choose, what encryption rates you prefer, and more.

What I’ve Used a VPN For

1- Streaming

At first it was mostly speed testing, just to keep a track record as well as experiment. Once I had established a baseline, I began to test other download sites or streaming videos. For the most part, I found that almost all VPNs are capable of streaming 4k UHD videos.

2- Torrenting

Torrenting was tested as well, of course, and I found that a little disappointing. I think that once your home Internet speeds reach a certain point, you’ll find that the performance of your VPNs service drops dramatically unless you invest significantly into better infrastructure.

3- Gaming

I don’t really game much (at least not the games that matter for VPN performance) but I did take note of ping times. If you’re a gamer hoping to use a VPN to access a game that’s out of your country, you might be disappointed. Ping times increase a lot the further you are from the VPN servers, even if speeds are fast and stable.

 


 

VPN Frequently Asked Questions (FAQ)

1. Do I need an internet connection to use VPN?

A VPN is designed to mask and protect your location and data, but you still require an Internet connection.

2. Will using a VPN slow down my internet speed?

VPNs are designed first and foremost to protect your identity and keep your data safe. Unfortunately, one of the side effects of encryption that is used to protect your data is that it slows down your Internet connection. As a rule of thumb, expect to achieve no more than 70% of your actual line speed when using a VPN. Other factors such as distance from VPN server, server load and so on will also affect your Internet speed while using a VPN.

3. How fast can VPN connections go?

Most VPN service providers will tell you that they will not limit your speed. However, there are other circumstances to consider as well. As mentioned above, expect to get no more than a maximum of 70% of your actual line speed.

4. What devices can I run a VPN on?

This depends on which VPN service provider you sign up with. Almost all providers will support Windows, MacOS and Linux along with mainstream mobile platforms. Many will also support router deployment (depending on model of router) while a few cater to more exotic devices such as the Raspberry Pi.

5. How much does a VPN service cost?

Like all service providers, VPN companies want you to stay with them for a long time, since that’s their income stream. Most VPN service providers offer various term of payments such as monthly, quarterly and so on. Most times the longer the plan, the cheaper your monthly rate will be, but you will have to pay the entire contract in advance. Expect to pay between $9 to $12 per month on average for monthly contracts, with discounts of up to 75% for long term contracts.

6. Since 256-bit encryption will slow my connection a lot, is it safe for me to use 128-bit encryption?

This is a little tricky, since both encryption rates are quite strong. The question you should be asking yourself should be, ‘How much is my privacy and online safety worth to me?’

7. Am I completely untraceable with a VPN?

This largely depends on how safely you use your VPN connection and which provider you choose. There have been many cases whereby VPN users have been arrested after putting their faith in a service provider that eventually turned over user logs to authorities.

8. Will anyone know I am using a VPN?

Some websites try to keep out VPN users and have ways to detect if an incoming connection is from a VPN server. Thankfully, VPNs are aware of this and have come up with countermeasures which help. Look out for service providers which offer Stealthing, or Server obfuscation.

9. How difficult is it to set up a VPN connection?

By right it should be as simple as installing an application and entering your username and password. Then all you must do is click a button and you’ll be connected to a VPN server. Unfortunately, this isn’t always the best solution and some connections may need to be tweaked for optimal performance. Many VPN service providers will have tutorials on how to do this, failing which it’s time to get in touch with their customer service staff.

10. Are VPNs legal to use?

Yes and No. Although most countries do not have laws against VPN usages, some outright ban it. In extreme cases, some countries not only ban VPN usage but also potentially jail VPN users. Thankfully, there are only a handful of countries where VPNs have been banned so far.

11. Can I just use a VPN browser extension?

I’ve tried out a few VPN browser extension and have found that for the most part, these fall into two main categories. There are those which act as proxies and merely bounce your connection off a server, and some which act as a browser control for a full VPN app. The latter means you’ll still need a VPN app installed in order to use the extension. VPN browser extensions are usually not full VPN services.

 


 

Conclusion: Do you Need a VPN?

Personal privacy online is under siege from so many directions and it seems to have happened overnight. Gone are the days when we only had to worry about cyber criminals, but now we also must worry about companies and governments who want to steal our data for the same reason – to exploit for their own purposes.

Naturally, your need for a VPN would largely depend on which country you are in, since each have different threat levels. The question is not something which can be answered by a simple yes or no.

Global VPN market value (billion, USD) – Source: Statista

However, from the rate of increase in value of the global VPN market, I will say that it is very likely you’ll need one sooner or later. It is past time that individual users started taking their privacy and security online for granted and look for ways to secure their information.

We have been complacently using the Internet much the same way in which we always have, just browsing as carefree as can be. True, viruses and Malware have made us more cautious, but not much has changed.

Personally, I feel that the adoption of a VPN service should be the next step each Internet user undertakes. There is a pressing need to break out of the mindset that we are not threatened by what we do online.

Take for example someone who just wants to go online and look for a few pictures of some cute cats. While doing that, information such as his/her browsing habits, likes/dislikes, location, and so much more is being collected by many people or organizations. Isn’t that thought scary enough to compel some form of action?

So, I say yes, even if you think you don’t need a VPN – You really do.