A Virtual Private Network allows you to route your internet connection through a secure server located in a different place. A VPN makes it appear as if you are browsing from that location.
However, your internet service provider or ISP can view the internet traffic whenever you enter or exit the connection. It means they can see which websites you visit, how much data you use, and even track your online behaviour. Encryption protocols like HTTPS are widely used online. That way, your ISP cannot see the exact content you are viewing or sharing. Still, they can detect which websites or domains you are accessing.
However, your ISP cannot find this information when you use a VPN. It transfers the information from your network to a different server located far away from your region. Because of this, your ISP can only know that you are using a VPN. And, nothing about your online behaviour.
How exactly do VPNs work?
Typically, a VPN encrypts your data that travels between a designated server provided by the VPN and your device. Consider that someone is monitoring the connection between the VPN server and your destination website. To them, it simply appears as though the VPN server itself is accessing the site and not you.
Keep in mind that VPNs provide additional encryption or security for the traffic between their servers and the final destination on the internet. Even when using a VPN, make sure that the website you are accessing uses HTTPS to maintain a secure connection.
Why you should use a VPN
It is wise to use a VPN when online. There are several advantages of using a VPN.
- It hides your internet traffic from your ISP.
- It hides your real IP address from services and websites. Third parties can track your online activities via your IP address.
- It hides your downloads (especially large files) from anti-piracy agencies and your internet service provider.
- It allows you to enjoy geo-restricted content effectively.
A VPN can provide some of the important benefits that you get from using the Tor browser. These include shifting your internet connection geographically and hiding your actual IP from the sites you visit. Moreover, a good VPN provider may not comply with regulations from certain regimes. For that, you need to choose a provider that does not fall within your jurisdiction.
However, a VPN cannot encrypt your data between the server and your device outside the connection. Besides, a VPN provider can view and modify your internet connection like your ISP. It means that you are still placing a significant amount of trust in them. Furthermore, there is no verifiable way to confirm if the provider’s ‘no-logging’ policies truly favour the interests of users.
When you should not use a VPN
When you are using your well-known or real identity online, a VPN might not be useful. Even if you are using the service, it may trigger fraud detection mechanisms or spam. For example, if you are logging into your bank’s website while using a VPN.
Remember that a VPN cannot provide you with perfect anonymity. This is because the provider still knows your actual IP, the websites you are visiting, and payment details that could be traced back to you. Although most VPN providers have ‘no-logging’ policies, they are mere promises. If you are looking for complete privacy within any network, you can use the Tor browser alone or with your VPN.
Additionally, you should not rely on a VPN when it comes to establishing a connection to an HTTP website. To keep your activity secure and private on the websites you visit, make sure they use HTTPS. As such, it will keep your queries, session tokens, and passwords secure from your VPN provider. Apart from that, it safeguards you from third parties between your destination on the internet and the VPN server. To protect against attacks that try to downgrade your connection from HTTPS to HTTP, activate HTTPS-only mode if your browser supports it.
When you should use a VPN and encrypted DNS together
If your VPN provider has support for encrypted DNS servers, you can use them. When you use DoT, DoH, or other types of encrypted DNS servers, you are trusting additional parties. Your VPN provider may still track your web activity through IP addresses and other techniques. Despite that, there are certain advantages to using encrypted DNS. It helps you activate some security features within your browser, like ECH. Technologies in your browser that use built-in encrypted DNS are still relatively new and might take some time to get adopted. Whether they are relevant to your specific needs is something you will need to explore further on your own.
Another good reason to use encrypted DNS is that it blocks DNS spoofing. However, the browser you are using should check the TLS certificates alongside HTTPS and notify you. In case you are not using HTTPS, an imposter can tamper with everything except the DNS queries. This makes encrypted DNS offer limited protection.
When to use a VPN and Tor together
Tor might not be the most suitable option for most online users. It is always good to consider the threat that a hacker might pose. If no one can extract your information when using a reliable VPN, you do not have to consider other options.
If you choose to use Tor, it is recommended to connect to the Tor network through a commercial VPN provider. But remember that using Tor is a complicated subject. And, it requires some amount of knowledge to use it perfectly.
Is it safe to use Tor via a VPN provider that offers built-in ‘Tor nodes’?
It is wise not to use this feature. The main benefit of using the Tor browser is that you do not have to trust a VPN provider. This is because you are running Tor directly from your computer. But if you use Tor nodes run by your VPN, that advantage is lost because you are still relying on the VPN.
As of now, Tor provides support for the TCP protocol only. Other packets, including UDP and ICMP, are excluded. To compensate for the loss, VPN providers route the non-TCP packets via their servers. ProtonVPN follows the same principle. Also, when using a Tor-over-VPN setup, you lose control over key Tor features like Isolated Destination Address. It uses a separate Tor circuit for each website you visit.
The Tor-over-VPN feature might be a convenient way to access blocked services on Tor. However, online anonymity is not guaranteed. For complete anonymity, you should use the original Tor browser.
Commercial VPNs
A handful of companies own almost every VPN service that you come across. These companies run many small VPN services. They create an illusion that users can choose from a variety of choices. As such, they generate revenues effortlessly. In short, these VPN providers are part of a single shell company aimed at maximising profit. Besides, these providers have horrible privacy policies. Hence, you cannot trust them with your online traffic. You should thoroughly analyse before choosing the right provider.
Additionally, you should be aware that several VPN review websites act as advertising tools that attract the highest bidder. A genuine website will never recommend external products. Also, they will not run affiliate programs intended to fool users.
Modern-day VPN alternatives
Recently, some organisations have started developing solutions to address the problems associated with centralised VPNs. Although these technologies are new, you can keep an eye on them while the space evolves.
-
Multi-party relays
MPRs or multi-party relays use several nodes that belong to different parties. As a result, no party can identify you and what you are looking for. This is how the Tor network operates. Still, some paid services imitate this model.
Multi-party relays aim to address a fundamental issue with VPNs: the need to place complete trust in the provider. They achieve this by splitting responsibilities across two or more separate companies.
A good example of a commercial multi-party relay is the iCloud+ Private Relay from Apple. It routes the internet traffic via two separate servers.
- Apple acts as the first server. This server can view the IP address of your device when you make the connection. Besides, it can access your Apple ID and payment information attached to your iCloud subscription. But it cannot view the websites you are visiting.
- A partner CDN, such as Fastly or Cloudflare, acts as the second server. This server establishes the connection to the destination website. But it does not know the device you are using. The only IP it identifies is the Apple server.
Other types of multi-party relays offered by different companies work similarly. This segmented protection only works if you trust that the two companies will never work together to reveal your identity.
-
Decentralised VPNs
An effective way to resolve issues relating to a centralised VPN is a decentralised VPN. These use blockchain to reduce reliance on a single party by spreading nodes across many users. Sometimes, a decentralised VPN may turn itself into a single node. It means that you have to trust the node, similar to a traditional VPN. Unlike a VPN, your traffic is visible to that single node instead of a vetted provider bound by legal and privacy obligations. Although multi-hop can fix the issue, it can cost performance and stability.
Another thing to look for is legal liability. Exit nodes face legal risks from network misuse. It is a challenge the Tor network has dealt with since the beginning. This deters ordinary users from running nodes while making it easier for well-funded malicious actors to take their place. In single-node services, a compromised exit node can see both your identity and your destination site, posing a serious risk.
Moreover, many decentralized VPNs promote cryptocurrency instead of making the service better. These networks are usually smaller, with fewer nodes. It makes them prone to Sybil attacks.
