Dark Mode

Protection: Virtual Private Networks

For a lot of people, Virtual Private Networks, or VPNs, are their first introduction to any type of privacy or security tool. Some people get introduced to the concept because of remote work, or to get around location restrictions in content viewing. Whatever the case, VPNs are a fairly well-known and common tool.

For those who don't know, a VPN is an encrypted connection from your device to a server. All your internet traffic is routed through that server. A VPN is different from a proxy in that a VPN is system-wide. Generally speaking, proxies tend to only apply to a specific browser or app, while a VPN applies to entire device. A VPN would not only protect Firefox, for example, but the Netflix app, your mail client, and even any system telemetry that your OS might submit.

From a security perspective, a VPN provides you protection from local hackers. While most of the internet is encrypted, not all of it is, and sadly important websites like government are typically the worst offenders for expired certificates. Even at home, your Internet Service Provider can see your traffic as well. A VPN encrypts your traffic, hiding this from local spies.

From a privacy perspective, the VPN makes your traffic appear to be coming from your provider's server, making it hard to trace the traffic back to your actual, unique IP address. Your traffic has the potential to blend in with the traffic of many other users and add to the anonymity.

As of 2018, Net Neutrality is dead in the United States. This means that Internet Service Providers are legally allowed to block or slow down any website they want with or without any justification. Abuses of this nature have happened in the past, but now they are no longer illegal and are happening again. The best way to prevent this is to not let your provider see your traffic, then they won't know what to block.

The most important thing is to look for when picking a VPN provider is a provider who doesn't keep logs. A provider who logs your activity is no better than your current internet provider. Your traffic can be sold, censored, or spied on just as if you weren't using a VPN. All you've done at that point is move the abuse to someone else. Unfortunately, "no logs" is pretty much just a buzzword these days, and numerous providers have been caught lying about this. The best way I'm aware of to verify this claim is to search "[VPN provider] logs" on your privacy-respecting search engine of choice. If the provider has been around for any amount of time and has any considerable reputation, you will likely find articles detailing a time when they were ordered to hand over customer data to law enforcement for an investigation and what they had to hand over (if they're a good provider, they'll have nothing or very little to hand over). You'll also be alerted to any potential accusations of logging, discussions on that claim, and other information to help you decide if the company is serious or not.

Depending on your threat model, you may want to consider a provider who is located outside the jurisdiction of the Fourteen Eyes Gloabl Intelligence Community. A government attempting to access your VPN traffic will potentially have a harder time when dealing with a company outside their surveillance network.

Make sure to see how the provider makes money. Running an VPN server is expensive and requires great technical knowledge. "If a product is free, you are the product." Make sure the company has a viable business plan or else assume they are likely logging and selling your data, or worse.

Note that there are literally hundreds of VPN providers out there. Some quality, many not. The handful I've selected below are the ones that seem to consistently be promoted within the privacy community as reputable and more desirable than most mainstream companies. These companies seem to have a vested interest in the cause of privacy. If you want a detailed breakdown of a specific VPN provider, please visit ThatOnePrivacySite.

Product/Service Pros Cons
Listed in alphabetical order, not order of recommendation

  • Open source
  • Audited
  • Available on Debian, Mac, Windows, Android, and iOS.
  • Based in Gibraltar
  • Supports Wireguard (cutting edge new VPN protocol)

  • Open source
  • Supports Wireguard (cutting edge new VPN protocol)
  • Audited
  • Available on Debian, Mac, Windows, Android, and iOS.


(Non-Affiliate Link)
  • Available on Debian, Mac, Windows, Android, and iOS.
  • Based in Switzerland
  • Offers a limited number of free servers
  • Open source
  • Audited
  • Offers split-tunneling

Tips & Tricks

I recommend using a VPN at all times on all devices. For mobile devices, this will not fool your provider. They will still be able to track your real location at all times using cell phone tower pings. However, this will fool your browser and most apps, and more importantly it allows for a secure, encrypted connection at all times. This means that things like your browsing, your messages, and your app usage are all safe from local observers. Again, keep in mind that this data will still be freely available to your provider and anyone else who has access to the information (ex, Apple and Uber), this only provides local protection.

For things like Netflix and Hulu, many VPN providers offer specific servers that support streaming. Be sure to check their site or contact customer service for more information.

Please note that a VPN is not a perfect anonymity solution. They can be defeated with things like real-time analysis and other legal maneuvers. Even a provider that doesn't keep logs can be issued a gag order - "comply and don't tell anyone." For a real-world example of this, see the story of Lavabit in 2013. Lavabit chose to shut down rather than betray its users, but the next company may not be so ethical. For most users this is highly unlikely, but for high-risk users this is worth considering when deciding what information to transmit over a VPN.

Previous Next