You've already heard the following tip: Whether you're at the office or on the road, a VPN is one of the best ways to protect yourself on the Internet. But what is the effectiveness of VPNs? What is the best for you? What are the disadvantages? Our executive guide aims to answer all your questions about virtual private networks, including some of those you probably have not thought of before.

What is a VPN?

VPN is an acronym for virtual private network. The purpose of a VPN is to provide you with security and privacy when you are communicating over the Internet.

Read also: Online Security 101: Tips for protecting your privacy from hackers and spies

Here is the problem with the Internet: it is intrinsically insecure. In the initial design of the Internet, the priority was to be able to send packets (blocks of data) as reliably as possible. Networking across the country and the world was relatively new and nodes often broke down. Most basic Internet protocols (communication methods) have been designed to work around failures, rather than secure data.

In fact, the applications you are used to using, whether it's e-mail, web, mail, Facebook, etc., are all built on this IP (Internet Protocol) kernel. Some standards have been developed, but not all Internet applications are secure. Many still send their information without any security or privacy protection.

This leaves any Internet user vulnerable to criminals who could steal your banking or credit card information, governments who might want to listen to their citizens and other Internet users who might want to spy on you for a host of adverse reasons.

A VPN creates an open private internet tunnel. The idea is that everything you send is encapsulated in this private communication channel and encrypted so that it can not be decrypted, even if your packets are intercepted. VPNs are very powerful and important tools to protect you and your data, but they have limitations.

See also: VyprVPN: Golden Frog's virtual private network delivers performance, anonymity and flexibility

How does a VPN work?

Let's start with the basic idea of ​​Internet communication. Suppose you are at your desk and want to access a website such as ZDNet. To do this, your computer initiates a request by sending packets. If you are in the office, these packets often pass through switches and routers on your local network before being transferred to the public Internet via a router.

Once on the Internet, these packets go through many computers. A separate request is made to a series of name servers to convert the ZDNet.com DNS name to an IP address. This information is returned to your browser, which then sends the request again via a group of computers connected to the Internet. Finally, he reaches the ZDNet infrastructure, which also routes these packets, then enters a Web page (which is actually a group of separate elements), and sends you all that back.

Each Internet request usually entails a whole series of communication events between several points. The operation of a VPN consists in encrypting these packets at the point of origin, often masking not only the data, but also the information relating to your original IP address. The VPN software on your side then sends these packets to the VPN server at a destination point, deciphering this information.

One of the most important problems in understanding the limitations of VPNs is to understand where the endpoint of the VPN server is located. We will talk about it later.

Read also: The United Nations human rights monitoring body sends a letter to Apple about Chinese VPN requests

What are the two main types of VPN?

Most of us know the concept of local area network (LAN). It is the private network inside a physical location, that it is a house, a business building. or from a campus. But many businesses are not short of one place. They have branches, departments and divisions geographically dispersed.

In many cases, each of these offices also has a local network. But how do local networks connect? For some very specialized solutions, companies rent private lines to connect the offices. This can be very expensive. Instead, most companies choose to geographically connect separate private LANs via the public Internet. To protect their data, they set up VPNs between offices, encrypting the data as they surf the Internet.

This is a corporate or enterprise VPN, characterized by the same organization that controls both ends of the VPN. If your company controls the point of origin (for example, a sales office) and the end point (such as a VPN server at your company's headquarters), you can be assured (except in case of a bug) that your data are transmitted securely.

The second type of VPN is the consumer VPN. This is for those of you who are calculating in hotels or cafes and connecting to web applications such as social networks, email addresses, banks or commercial sites. Consumer VPN services ensure the protection of these communications.

Read also: Snowden, denouncer of the NSA: the ban on VPN makes Russia "less safe and less free"

What does a consumer VPN service do?

A consumer VPN service is, basically, a SaaS (Software-as-a-Service) offering. The VPN service provides a secure tunnel between your computer device (laptop, phone, or tablet) and their service data center.

It's important to understand. Consumer VPN services protect your transmission from your location to their location, not from your location to the destination application you use. If you think about it, it makes sense: a VPN consumer service is operated by a company completely different from that of Facebook or your bank, for example.

The VPN service gives you an application that you run on your local device, which encrypts your data, and which travels in encrypted form via a tunnel to the VPN service provider's infrastructure. At this point, the data is decrypted and sent.

Two things happen here: First, if you use an https connection, your data is encrypted by your browser and then by your VPN application. At the VPN Data Center, your data is decrypted only once, leaving intact the original encryption provided by the browser. This encrypted data is then transferred to the destination application, such as your bank.

The second thing that happens is that the web application you are talking to does not see your IP address. Instead, he sees an IP address belonging to the VPN service. This allows you some level of anonymous networking. This IP spoofing is also used to induce applications to believe that you are in another region, or even in a different country than the one you are in. There are reasons (both illegal and legal) to do this. We will discuss it in a moment.

Read also: Apple removes VPN applications from China App Store to comply with government

When should I use a VPN?

We have already discussed the use of a VPN when connecting offices. Whenever you have two local area networks that must be connected via the public Internet, you should consider using VPN technology or an equivalent method of protecting the business. In this case, the VPN software will probably run in a router, server, or dedicated VPN server hardware appliance.

We have evoked two cases of consumer VPN service usage above: Protecting your data and spoofing your site. We will talk later about address spoofing, so let's focus on the data protection right now.

When you're out of your home or office and logging on to the Internet, you'll most often do it via the Wi-Fi provided by your hotel or the restaurant, library or cafe in which you work. moment. Sometimes Wi-Fi has a password. Other times, it will be completely open. In either case, you do not know who else is accessing this network and, therefore, you do not know who could spy on your traffic either.

I recommend always using a VPN when using the Wi-Fi network of someone else. Here is a good rule of thumb: if you are away from the office or home and you are using someone else's Wi-Fi (even that of a family member or family member). A friend, because you never know it's been compromised). , use a VPN. This is especially important if you are accessing a service containing personal identification information. Do not forget that a lot of things happen behind the scenes and you never really know if one or more of your applications authenticate in the background and put your information at risk.

If you have something to hide, you can also choose to use a virtual private network. It's not just about people doing things that they should not do. Sometimes people really need to hide information. Take, for example, the person who fears being discriminated against by an employer because of his sexual preference or his state of health. Another example is someone who has to go online but is afraid to reveal location information to someone in their life who may be a threat.

And then, of course, there are people in restrictive countries who have to hide their activity simply to have access to the Internet without any serious penalty.

Read also: Unlimited VPN lifetime access is less than $ 50 (ZDNet Academy)

Are free VPN services useful?

There are good free VPN services, but personally, I avoid anything that is free.

Why? Providing the infrastructure needed to run a VPN service, from network channels to servers, is very expensive. This infrastructure must be paid in one way or another. If this is not paid for by the usage fees, it is likely to be through advertising, data collection or a more perverse reason.

Here is another reason not to use a free service, and this one is a lot more scary: malware providers and criminal organizations have set up free VPN services that not only do not protect you, but actively exploit personal information and use or sell it. To the best offer. Instead of being protected, you are looted.

Also read: ProtonMail's new free VPN will not "turn away the trust of users" like Google and Facebook

What is the best way to choose a VPN service?

To be fair, not all paid VPN services are legitimate either. It is important to pay attention to who you choose. Sure ZDNet CNET, my partner site, I set up a directory of quality VPN providers, always up to date. To be fair, some are better than others (and this is reflected in their evaluations). But all are legitimate businesses that provide quality service.

Beyond the CNET Yearbook, it's always a good idea to search Google for the name of a company or product and consult user reviews. If you see a large number of old complaints or new complaints start to appear, the direction or policies may have changed. When I search for a service, I always base my decision partly on professional advice and partly on the tone of user reviews.

Finally, be sure to choose a service with features that meet your needs. You may need one or more features provided by certain services only. So, think about your needs when you make a decision.

Read also: For privacy on the Internet, a VPN will not save you

Can a VPN guarantee my privacy?

Oh, no, no. A VPN can help you not be monitored when you connect between your computer and a website. But the website itself is quite capable of serious breaches of privacy. For example, a VPN can not protect you from a website that sets a tracking cookie that will inform other websites of you. A VPN can not protect you against a website registering information about the products that interest you. A VPN can not protect you from a website selling your email address to the broker list. Yada yada yada.

A VPN helps you protect yourself in the situations described in the previous sections. But do not expect that a VPN is a magic shield of confidentiality that keeps all your private and confidential activities. Your privacy can be compromised in many ways, and a VPN will only help you partially.

Read also: A VPN will not save you from government oversight

Will the VPN software slow down my computer?

It might be a definitive solution. Here's the thing: At the time, the process of encrypting and decrypting packets would weigh heavily on CPU performance. Most current processors are now fast enough that most encryption algorithms can run without major impact on CPU performance.

However, network performance is another thing. First of all, keep in mind that if you use a VPN, you probably use it in a public place. The performance of this Wi-Fi service is probably from "meh" to unusable. Thus, simply working remotely on a poor network will reduce performance. But if you connect to a virtual private network in a different country, the connection between countries may also degrade network performance.

My rule of thumb is to use a national VPN and connect to the servers as close to my location as possible. That said, I had good nights and bad nights online. On my recent trip, I found that the networks of most hotels became unusable after about 9 pm. My theory is that many customers were watching Netflix at that time, completely blocking the pipes of the hotels.

Read also: How to use a VPN to protect your privacy on the Internet

Do VPN service providers limit usage and how?

Some do it. Some no. Look at the directory I mentioned earlier because this is one of the factors where a service may lose some points.

Some VPN services will limit the total amount of data that you can send and receive, either during a login session or over a period of a month. Other VPN services will limit the speed of data, effectively sharing less of their channel with you than might be optimal. This could significantly slow down your browsing experience or completely prevent you from watching streaming videos.

Usually, free services slow down your use in this way. Some paid services offer a trial version, in which you can transmit up to a certain amount of data before being asked to register as a paying customer. In fact, it's pretty cool because it gives you the opportunity to try the performance of their service before paying, but it also gives the seller a chance to earn the money needed for the operation of the service. service.

Many VPN services say that if you pay their fees, they will provide you with unlimited data transmission and will not limit your speed. As a rule, this is true, but I will give you my official warning "unlimited" standard: I know from experience that when a supplier says that something is "unlimited", it is almost always limited. Somewhere, a note in the fine print or the terms of service allows the vendor to limit you in one way or another. It's worth paying to read these agreements.

Read also: Why are free VPNs not a risk?

How confidential are VPNs? Do they record everything I do?

In my VPN directory, I followed two types of logging. The first is to know if they are recording traffic, DNS requests, and IP addresses. It's pretty nasty. If a VPN service saves this information, it will contain information that you might choose to hide, such as what sites you visit, where you are, or even information you could send.

Although the use of these services still protects you from Wi-Fi spies in your hotel or restaurant, I can not recommend you to subscribe to a service using DNS registration, traffic or IP. There are better, more private options.

The second type of journaling is more benign. VPN services that record bandwidth usage and connection timestamp data typically do so either to tune their own systems or to handle any abuse of their services.

I am less concerned about services that only monitor the use of bandwidth, provided that they do not store any details. That said, we gave top marks to services that do not use logging. When I choose a VPN service, these are the services I choose for my own use.

What do network neutrality changes mean for my use of VPN?

Net neutrality has been severely criticized in the United States. The Federal Communications Commission (FCC) has eliminated many consumer protections against Internet Service Providers (ISPs) that exploit traffic data and sell it to advertisers, or worse.

It could be bad. I'm not too worried about Comcast discovering my secret passion for muscle cars and getting more ads for car customization kits. It can be annoying, but I'm not doing anything that I really want to hide. The problem could arise if ISPs start to insert their own ads instead of ads by, for example, ZDNet. This could reduce the revenues that keep websites alive and have very serious repercussions.

With regard to personal use and if you should use a VPN at home because of the neutrality of the net, I do not think we are there … for the moment. Of course, if you work on confidential information and connect to work, you must use a VPN. But we have yet to find any evidence of the intrusion of ISPs that require VPNs always connected to home.

Stay tuned for this guide, because if it changes, we'll let you know.

Also read: Apple Prohibits Address Blockers Based on a Virtual Private Network from the App Store

Is it legal to use a VPN?

It depends. The use of VPN is legal in most countries, but according to the VPN provider CyberGhost, the use of VPN is illegal in the United Arab Emirates, Turkey, China, Iran, North Korea , in Saudi Arabia and Russia. Vladimir Putin recently banned the use of VPN in Russia. Also be aware that the so-called proxy server alternative to VPN is also illegal in many countries, which consider any form of IP spoofing as illegal, not just VPN-tagged services.

Restrictions vary, as do penalties. China allows certain approved VPNs. In the UAE, if you use a VPN, you can go to jail or be fined the amount of more than the equivalent of 100,000 USD.

Do some research before visiting a country. Many travelers mistakenly believe that just because they are not citizens and that all they do is connect to a business system, they should be able to use the software without restriction VPN. This is an error.

Bottom Line: Check the laws of the country you are in before you log in. It's also a good idea to check with your virtual private network provider, both to find out if it knows if there are any issues and it supports connectivity of the country you are visiting.

Read also: Getting caught with the help of a VPN in the UAE will cost you over $ 500,000

Should I use a VPN if my hotel has a wired internet connection?

Yes. It is almost completely unlikely that each piece is on a dedicated subnet, which means that packets travel on a network shared by other guests. In addition, you never know if a person in the office has set up a packet sniffer for the sole purpose of exploiting guest information.

So, yes, use a VPN, even if there is a wired connection to the wall.

Read also: VPN: why hide your IP address

Will a VPN service help me connect securely to my company's network?

If you are trying to connect to your local business network, your IT department will probably assign you a VPN application. This will allow you to establish a point-to-point connection between your local device and a server owned and operated by your company.

However, if your company is cloud-based and you are connecting to SaaS applications such as Salesforce or Google, you should probably use a VPN service because you are not connecting to your company but to a public cloud application.

If your IT department does not specifically identify a VPN service that you need to use to access their public cloud applications, check our VPN directory and choose one of the top quality service providers.

Read also: Opera builds a free VPN in a browser, giving users a real reason to switch browsers.

Can I go out with a VPN application or do I have to bring my own router / bridge / dongle?

Let's talk about what happens when you use a VPN application on your computer or mobile device. Any VPN application requires an existing network connection to connect to the VPN service provider. This means that even if you configure your VPN application to start automatically when you start your device, there will be a period of time during which your computer is directly connected to the Internet, not via your VPN.

Some back-end services may send information through this initial, unsecured connection before the VPN is loaded. To be fair, the risk is relatively minor for most use profiles. If you automatically connect to your company's server, you'll want to check with your IT team for the way they want you to set things up.

If you want an extra level of protection, there are intriguing gadgets called Tiny Hardware Firewalls. These devices cost between $ 30 and $ 70 and connect via a network port or USB port to your laptop. They establish the initial network connection and your computer's communication is still blocked before it calls the Internet.

Read also: Neutrality of the Net is gone. Welcome to the biased network

Should I use a VPN on my phone or tablet?

Android and iOS both have basic VPN features that allow you to securely connect to your corporate networks. Typically, your IT department will tell you when to use this feature, but as we saw earlier, when you're away from home or your office, and especially if you're using an open Wi-Fi connection, you should do it.

If you are connecting to web applications such as email or Facebook, you should consider using a VPN service, especially if you are connecting via an open Wi-Fi network. Most good VPN services offer both iOS and Android customers.

Read also: Welcome, Sneakernet: Why the abrogation of net neutrality will take us to the edge

Do I need a VPN if I connect my phone via LTE?

It depends. Once again, your business IT department will inform you of its policy of direct connection to the corporate network. Usually, you will use the VPN client built into the operating system of your device for this.

But here's the thing: it all depends on your confidence, your geographical position in the world and your degree of security. In the United States, one can usually rely on the operators (regardless of the neutrality of the internet) to provide a secure connection from your phone to their network.

That said, it is possible to compromise the wireless phone service with a man-in-the-middle attack. This situation occurs when a malicious actor places a device designed to scramble your phone and allow it to connect to what it thinks is the telephone network, but in reality, it is about 39, a device designed for espionage.

Outside the United States, it really depends on the country you are in. If you are really concerned about safety, simply avoid bringing any device to a foreign country that you intend to use after your trip. These devices may be compromised in the country or during customs controls.

Likewise, if you connect via a local operator of a country, the latter may intercept your traffic, especially if you are not native to that country. In this situation, if you need to reconnect to applications and services at home, using a VPN is literally the least you can do. And do not forget that if you use the access point on your phone to connect your computer to the Internet, you will also want to use a VPN on your computer.

Finally, it should be remembered, as we have seen previously in this guide, that some countries consider the use of VPN as illegal. If you plan to travel, be sure to do a thorough search on local laws.

Read also: China supports the big firewall by attacking VPNs

What happens if a VPN connection fails while I am on a remote connection?

It depends a lot on the VPN you are using, its configuration and the connection location. That said, let's look at the most likely scenario.

Remember that when you are online and connected to an Internet application via a VPN, some things happen: Your data from your computer to the VPN service is encrypted by the VPN. Your VPN service data to the Internet application may or may not be encrypted via https, but it is not encrypted by the VPN service. And your IP address is usurped. The on-line application sees the IP address of the VPN service, not that of your laptop.

When a VPN connection is interrupted, you may lose your connection. But since the Internet performs very well around fault routing, it is more likely that your computer will reconnect to the Internet application, bypassing the VPN service. This means that in case of failure, your local IP address may "leak" and be registered by the Internet application, and your data may be open to local Wi-Fi hackers at your hotel or home. your place of work.

There is a reasonably robust solution to this problem and the next one.

See also: Google raises the problem of FBI data requests: you can now read letters online

What does a VPN kill switch do?

En termes simples, un commutateur de suppression de réseau privé virtuel tue votre connexion Internet s'il détecte que la connexion de votre réseau privé virtuel a échoué. Il existe généralement deux types de commutateurs d’arrêt VPN.

La première s'exécute dans l'application client VPN de votre ordinateur. Ainsi, en cas d'échec de la connexion VPN pendant l'exécution de l'application client VPN, cette application client VPN peut désactiver la connexion Internet de l'ordinateur ou du périphérique mobile. Toutefois, si votre connexion VPN a échoué parce que l'application client VPN s'est effondrée, le commutateur d'arrêt peut ne pas fonctionner et votre adresse IP et vos données risquent de fuir sur Internet.

Le deuxième type de commutateur de désactivation de réseau privé virtuel se situe au niveau du système d'exploitation. Ce sont généralement des systèmes au niveau du pilote qui s'exécutent que l'application VPN soit en cours d'exécution ou non. En tant que tels, ils offrent un peu plus de protection pour vos activités de surf.

Étant donné que de nombreux produits VPN que nous avons examinés dans notre annuaire prennent en charge un commutateur d'arrêt, nous vous recommandons de choisir un client doté d'une fonction de commutateur d'arrêt. Si vous perdez votre connexion, il peut y avoir une légère contrariété, mais cela est largement compensé par la sécurité supplémentaire.

Lire aussi: La censure sur Internet: c'est en hausse et la Silicon Valley contribue à son succès

Que signifient tous ces noms de protocoles et lequel devrais-je choisir?

Si vous avez cherché un service VPN, vous avez sans doute rencontré des noms tels que SSL, OpenVPN, SSTP, L2TP / IPSec, PPP, PPTP, IKEv2 / IPSec, SOCKS5, etc. Ce sont tous des protocoles de communication. Il s’agit essentiellement du nom de la méthode par laquelle votre communication est cryptée et empaquetée pour la transmission par tunnel au fournisseur de réseau privé virtuel.

Les puristes de la sécurité s'interrogent beaucoup sur le meilleur protocole. Certains protocoles (tels que PPP et sa variante de tunneling, PPTP) sont anciens et ont été compromis. D'autres, comme SSTP, appartiennent à une entreprise ou à une autre.

Ma recommandation, et le protocole que je choisis le plus souvent, est OpenVPN. OpenVPN est une implémentation open source non propriétaire d’un protocole de couche de communication VPN. Il est bien compris, bien considéré, généralement assez sécurisé et robuste. En outre, il offre l’avantage de pouvoir communiquer via le port 443, qui est le port standard pour la communication https, ce qui signifie que presque tous les pare-feu autorisent le trafic OpenVPN – et la plupart ne seront même pas en mesure de détecter un VPN. utilisé.

Oui, il existe certainement d'autres choix de protocole, même certains pouvant être plus appropriés que OpenVPN dans certaines situations. Mais si tel est le cas, vous avez déjà pris cette décision ou votre service informatique a spécifié un protocole spécifique à utiliser. Par défaut, toutefois, si vous ne savez pas quoi chercher, recherchez OpenVPN.

Lire aussi: Road tech: Comment j'ai quitté la Floride pour échapper à Irma et n'y suis jamais retourné

Qu'est-ce que cela signifie lorsqu'un service VPN parle de connexions simultanées?

Le terme "connexions simultanées" désigne généralement le nombre de périphériques pouvant être connectés au service VPN et pouvant communiquer simultanément avec Internet. Par exemple, lorsque je conduisais à travers le pays et travaillais dans ma chambre d'hôtel la nuit, mon MacBook Pro et mon iPad étaient souvent connectés à Internet.

J'ai utilisé le MacBook Pro pour écrire, en maintenant l'iPad ouvert pour effectuer des recherches et trouver des informations complémentaires. Tous deux étaient connectés à Internet en même temps. Cela était possible parce que le service VPN que j'utilisais permettait d'ouvrir jusqu'à trois connexions à la fois.

C'est également un bon moyen de prendre en charge plusieurs membres de la famille avec un seul abonnement. En règle générale, il n’ya aucune bonne raison pour un fournisseur de réseau privé virtuel d’autoriser moins de deux ou trois connexions. Si votre fournisseur n'en autorise qu'un, trouvez un autre fournisseur. Nous avons attribué des points supplémentaires dans notre répertoire VPN aux fournisseurs qui autorisaient trois connexions ou plus.

Quand devrais-je choisir une adresse IP dynamique ou statique?

Chaque appareil connecté à Internet public se voit attribuer une adresse IP. C'est comme un numéro de téléphone pour chaque appareil. Pour pouvoir se connecter à Internet, chaque appareil a besoin d'une telle adresse.

Le terme "adresse IP dynamique" signifie que lorsqu'un périphérique se connecte à Internet, il reçoit une adresse IP provenant d'un groupe d'adresses disponibles. Bien qu'il soit possible d'obtenir la même adresse IP sur plusieurs connexions, vous obtiendrez généralement une adresse différente à chaque connexion.

Si vous souhaitez masquer votre adresse aux applications Web auxquelles vous vous connectez, vous souhaiterez un service VPN fournissant des adresses IP dynamiques. Dans notre annuaire, nous répertorions le nombre d'adresses IP que chaque service propose. En utilisant un service avec plus d'adresses IP disponibles, les chances d'obtenir une adresse IP répétée sont très faibles.

L'utilisation d'une adresse IP dynamique présente quelques inconvénients mineurs. Si quelqu'un qui possédait précédemment l'adresse IP qui vous a été attribuée a fait quelque chose de néfaste sur un service que vous utilisez, il est possible que l'adresse IP soit bannie. En général, les fournisseurs de VPN sont très prudents lors de la vérification de leurs adresses IP par rapport à des listes noires, de sorte que les chances que cela vous pose un problème sont minces.

En revanche, une adresse IP statique est une adresse qui vous est attribuée, à vous seul. Le plus souvent, cela est nécessaire si vous utilisez un serveur. Habituellement, les adresses IP statiques sont utilisées dans des entreprises et ne sont généralement pas pratiques pour un accès à distance général, comme dans un hôtel ou un café.

À moins que vous ne connaissiez une application spécifique nécessitant une adresse IP statique, vous souhaiterez attribuer une nouvelle adresse IP dynamique à chaque session VPN que vous initiez.

Lire aussi: Le manque de financement expose les agences fédérales américaines à des risques élevés de violation de données.

Qu'est-ce que cela signifie lorsqu'un service VPN parle de commutation de serveur?

Comme nous l'avons mentionné dans la section précédente, lorsque vous vous connectez à un service VPN, une adresse IP dynamique vous est généralement attribuée à partir d'un groupe d'adresses. Mais où se trouvent ces adresses? Ils sont reliés à des serveurs situés généralement dans le monde entier.

La plupart des services VPN vous permettent de vous connecter à des serveurs dans de nombreux pays. Dans notre répertoire VPN, nous répertorions à la fois le nombre de serveurs gérés par le service et le nombre de pays. Par défaut, un serveur vous est généralement attribué dans votre pays d'origine, mais si vous souhaitez masquer votre emplacement, vous souhaiterez peut-être vous connecter à un serveur situé dans un autre pays.

Server switching is a feature — offered by most VPN service providers — that allows you to change what region or country you're going to connect to. Most providers allow you to switch as often as you'd like (although you usually have to disconnect, then change your configuration, and reconnect). This may be useful if you're trying to hide your location, or if you're running into some communications glitches on the server you're currently using.

Read also: Online security 101: Tips for protecting your privacy from hackers and spies

Can I use a VPN to spoof my location or country of origin?

Because the VPN server you're connected to presents its IP address to whatever web application you're using, by choosing a server in a different country, you can represent your connection as if you're in a different country. This may be illegal in certain regions, so use caution when doing this.

Can I use a VPN to watch a blacked-out program or video?

Sometimes it is possible to watch a blacked-out sporting event or other show, although we certainly can't advise you to do so. Spoofing your location to bypass broadcast restrictions may get you in hot water.

Also, do be aware that some broadcasters have developed increasingly sophisticated methods to determine whether the IP address you represent is the IP address where you're located. The VPN may be able to protect your original IP address from being seen, but there are characteristics of proxy communications (like a slightly longer time to transfer packets) that can be used to identify users who are trying to bypass watching restrictions.

Read also: Why a proxy server can't protect you like a VPN can

Is it true that a VPN is completely unhackable?

No. No. Did I mention… no. Nothing is unhackable. As evidence…

In January 2018, Cisco Systems (a very highly respected maker of internet communications hardware) revealed that a critical bug was found in its ASA (Adaptive Security Appliance) software that could allow hackers to remotely execute code.

This is a bug in enterprise-level VPN systems used by corporations, so it's very serious, indeed. Fortunately, responsible IT administrators can patch their systems to fix the bug. However, it goes to show how no system can be truly deemed absolutely secure.

Another example is a bug in Hotspot Shield, a popular VPN service. This bug allows a hacker to expose private information, including originating IP. Hotspot Shield is issuing an update, which gives us an excuse to remind you that you should always install updates, especially on your VPN client software.

Read also: Cisco 'waited 80 days' before revealing it had been patching its critical VPN flaw

Who are the key players?

While there are a tremendous number of VPN vendors out there, we think the following are some of the best:

  • NordVPN: 30-day refund, lots of simultaneous connections (5/5)
  • Private Internet Access: Lowest yearly price, most servers (5/5)
  • TorGuard: Keeps no logs whatsoever, lots of protocols (5/5)
  • CyberGhost: Supports Kodi, good Linux and router support (4.5/5)
  • IPVanish VPN: Keeps no log files and has support for Kodi (4.5/5)
  • PureVPN: Large network, strong technically, good performance (4.5/5)
  • Buffered VPN: 30-day refund, unlimited bandwidth, EU-based (4/5)
  • ExpressVPN: Detailed FAQ, good refund policy, Bitcoin (4/5)
  • Golden Frog VPN Services: Largest number of IP addresses (4/5)
  • Hide My Ass: Best name, support for game consoles (4/5)
  • For a more detailed review of each, visit our 2018 VPN directory.

    Previous and related coverage

    A flaw in Hotspot Shield can expose VPN users, locations

    The virtual private network says it provides a way to browse the web "anonymously and privately," but a security researcher has released code that could identify users' names and locations.

    Want more privacy online? ProtonMail brings its free VPN to Android

    ProtonVPN comes to Android, promising no malware, no ads, and no selling of user data.

    Russia copies China's VPN crackdown

    The president has tightened up Russian internet access laws by prohibiting the use of VPNs.