X
Disclosure: Grounded Reason is supported by a small commission for purchases made through some product links on this website. I do not accept compensation from companies attempting to sway my review of products.

What is a VPN and How to Choose the Best One

In articles where I explained what KODI is and how to jailbreak a fire stick, I’ve recommended using a VPN or virtual private network for various privacy and security reasons. In this article, I want to go into detail on what a VPN is, and how to choose the best VPN service for your purposes. This article covers most of what one needs to know to choose the best VPN service for their needs. Recommendations of VPNs to try are at the end of the article.

Update: We’ve also covered the information in this article on the Grounded Reason Podcast. That episode is below.

What is a VPN

A VPN, or virtual private network, is when a private network extends access to remote computers over the internet. The remote computer, also known as the VPN client, appears to the outside world as if it is part of that network.  Many who telework will use a VPN to access their employer’s network. When the teleworker’s computer connects to the internet it appears to be on the employer’s network, just as if the computers physically attached to the employer’s network.

Typically, a home internet user will have a LAN or local area network. That LAN is attached to your internet service provider’s (ISP) WAN or wide area network. When communicating over the internet, the home users LAN communicates through their ISP’s WAN. Therefore the ISP is privy to all the information transmitted in and out of the home users LAN.

However, when using a VPN service, the home user makes a secure encrypted connection to the VPN. Thus, all the information bypasses the home user’s ISP and is instead handled by the VPN’s ISP. A quality VPN will filter out any information about the home user to keep them as anonymous as possible.

Reasons to Use a VPN Service

While I covered this topic a bit in Why You Should Use a VPN Service, I will briefly go into the various use cases for a VPN. However, I personally feel everyone should use a VPN these days.

Unblocking Website Content

As a cord cutter, this is the main reason I use a VPN. A lot of live content, movies, and TV shows are only viewable in certain countries or general locations. Typically, this is due to outdated licensing agreements. IP addresses are associated with a location in the world. Using that information, service providers will block computers from a  county, state, or locality if they aren’t covered under the licensing agreement.  This technique is typically referred to as “geo-blocking.”

Since a VPN user appears to be a part of the VPN network, the VPN user’s IP address has the location information of the VPN. A VPN in a given location will provide access to all the content viewable in that location.

For example, in the U.S, Major League Baseball blacks-out games from their online streaming service in the viewers local market. This is due to an archaic licensing agreement conceived prior to the prevalence of streaming media. Having a VPN service that allows you access to a VPN in another state will get around that inconvenience.

The user is still paying MLB to watch the games. They are simply gaining access to the games they want. While this violates the EULA (end user licensing agreement), the user is paying to watch the content. This same technique can be used to watch U.S. based content when Americans are abroad.

Similar to how MLB blocks a game based on locality, Netflix provides different movies and TV based on country. Again, this is due to complex and archaic licensing agreements. However, the right VPN in that country will provide access to that country’s Netflix content. Netflix has been cracking down on this recently, but there are still plenty of VPNs that still unblock Netflix.

Securing Your Data Online

All VPN’s encrypt data transmitted over them. The secure connection hides the user from their ISP so they appear to be originating from the VPN services network. This encryption provides the benefit of securing the data that is transmitted over the internet by the VPN customers computer or smart device. However, all encryption isn’t created equal. Later in this article, I will explain what to look for when it comes to the encryption standard a VPN uses.

Using Public Wifi

Typically, coffee shops, hotels, and conferences will offer customers and attendees free wifi. When you use this perk, your information is available to everyone else attached to that network. However, VPN users can connect to their VPN when on public wifi. This encapsulates the VPN user and keeps them walled-off from all other clients on the network. This is one of the main reasons everyone should have access to a VPN.

Break Out of A Restrictive Network

Whether you are in an oppressive country that restricts internet access, dealing with security controls of a public network, or just want to do some gaming at work, a VPN is a way to it. While I personally don’t use a VPN for any of these reasons, some may. I want to leave no use case unturned.

Cloaking VOIP Calls

Many folks use VOIP (Voice over IP) services like PhonePower,  Skype, OOMA to make phone calls. This is especially true of cord cutters as I addressed in my article on phone services for those without a cable bundle.

Unfortunately, unencrypted VOIP calls are easily captured and decoded. This leaves the VOIP users phone call listenable by almost anyone who actively wants to listen.  A VPN with proper encryption can alleviate this issue.

Your Search History Isn’t Logged

Any time you do an online search on Google, Bing, or other search engines, that query is tied to your IP address. They also have the time you did the search. That is enough information to tie the search back to the user.  A VPN service obscures the users IP address, thus it’s much more difficult to tie searches back to the user.

General Privacy

While most major use cases have been covered above, perhaps you just don’t want everyone to know what you are doing online out of principle. As I go into what to look for to find the best VPN service, some criteria will be more important than others based on the use case. People concerned with privacy, in general, should pay attention to all of them.

How to Choose The Best VPN

Before I go into the various features of a VPN and what to look for, I wanted to warn everyone about VPN review sites. I can confidently say the majority of them will be a waste of time for finding a quality VPN. Mainly, for the following 2 reasons:

  1. Every VPN users needs are vastly different. Therefore, it’s next to impossible to take a one size fits all ranking approach to VPN’s
  2. VPN services make heavy use of affiliate marketing. This means the website gets paid a commission from the VPN provided for each referral that ends in a sale.

That isn’t to say affiliate marketing is inherently untrustworthy. However, it’s so prevalent in VPN service marketing, it’s hard to separate the honest reviews from those wanting to make a buck.

This website uses affiliate marketing to keep the lights on. However, I only affiliate market for products I’ve used, trust, and support. For instance, this site is paid a commission when you use IPVanish as a VPN service.

Furthermore, While I use IPVanish, it doesn’t mean I recommend IPVanish for every use case.  I personally use them because they have servers in almost every country I can think of. This is handy when it comes to unblocking geo-blocked content. They also have solid encryption and good speed. While they have these strengths, they may not be best for your purposes.

As I cover the various factors to look for in a VPN, some factors will apply to all VPN users, some factors will apply to most, and some to only a few.  While I’ll go into detail, here is a brief breakdown of what matters when choosing a VPN.

What to Look For in a VPN

  • Vital Factors
    • Encryption
    • Uses OpenVPN
  • Important for minimal privacy
    • Level of Logging
    • DNS and IPV6 factors
  • If you’re a hardcore privacy advocate
    • Obfuscation
    • Level of surveillance in a country where VPN is based
    • Jurisdiction of the country where VPN is based
  • Other Factors that may matter
    • Speed
    • Number of devices at one time
    • Locations of VPN
    • Price

Encryption

Encryption predates computers by a few centuries. It is simply a way to encode a message using a cipher or key. A famous way to do this prior to computers was for each party to have the same exact copy of a published book. You could then pass messages changing each letter of the message to a three digit page – line – position cipher. The receiver of the encoded message would translate each three-digit combination to a letter using the page, line, and position on that line to decrypt a letter.

While this is cumbersome, the only way to “crack” the message would know the exact edition of the book. This was a very secure way to pass messages prior to computers. Modern encryption involves a cipher as well. Today, it’s just much more sophisticated algorithms based on an old technique.

Before I tell you what encryption standards you should look for in a VPN I wanted to give a high-level background on how encryption works. To do this, you should be aware of the two general types of encryption. Those are symmetric and asymmetric encryption.

Symmetric Encryption

Each party has the same key which is used to encrypt and decrypt messages so it’s very fast. The problem is, how does one computer pass the key to another computer securely. That’s where asymmetric encryption comes in.

Asymmetric Encryption

Each party has a public key and a private key.  Each party’s public key is shared with everyone. Message senders use the receivers public key to encrypt and send a message to the receiver. Only the receivers private key can decrypt messages made with their public key.  Since no one has access to the receivers private key, only the receiver can decrypt the message.

Also, a private key can’t be derived a public key. If it becomes possible, then that encryption standard isn’t secure.  While this is a near perfect way to send encrypted information, this method is slow due to the large keys used to keep the standard secure.

Encryption Standards

The solution to the speed vs security issue is to pass a symmetric encryption key over asymmetric encryption. This is called a secure handshake. Using the two encryption models together provides both speed and security.

A VPN provider should offer a handshake encryption algorithm of either  RSA-2048RSA – 4096, DH-2048. Those are asymmetric standards.

As far as the symmetric data encryption make sure they are using  AES-128 or AES-256.

Solid encryption is one of the most important factors for VPN users. The other important factor is the VPN protocol. I recommend you go with a VPN service that provides OpenVPN.

OpenVPN

OpenVPN is a VPN protocol.  VPN protocols establish a secure tunnel with your VPN service provider. OpenVPN is open source, which means it’s freely available for security experts to audit and improve it. The free availability of the source code helps ensure vulnerabilities are patched quickly. Choose a VPN that supports OpenVPN. It’s arguably the most secure VPN protocol available. I would avoid using other any other protocol.

Logging

Choose a service that specifically states that they do not keep logs, AND which types they do not keep. This is typically stated in the VPN service’s terms of service. If it isn’t stated, buyer beware. Make sure the VPN service provider doesn’t keep ANY kind of activity or connection log with any of the following pieces of information.

  • Does not log DNS request
  • No Logging of Timestamp
  • Does not log IP Address

Do they have an anonymous payment method? You may not want to provide them with any information that may link back to you if you want to remain private. If this is a concern, you may want to make sure they accept payment methods like gift cards, Bitcoin, or cash.

They shouldn’t ask for any information aside from an email.  Even that should be one that’s not connected to you. In fact, I would register an email address to specifically use for logging into your VPN. Ensure that there is no personal information associated with that account.

DNS and IPV6

A DNS is a domain name server. When you type “Google.com” into a browser, a DNS server translates “Google.com” into an IP address so it can be routed over the internet. Make sure the VPN service has its own first-party DNS server.  Computers are chatty,  they send a lot of information that isn’t visible to you. The VPN provider should be configured to discard a lot of that data, however, they may not be.  You can use DNS Leaks to test how much information is available from your VPN’s DNS.

The typical IPV4 address is the one you are most likely familiar with. It takes the format of xxx.xxx.xxx.xxx.  Aside from location, there isn’t much information to be gleaned from an IPV4 ip address. However, an IPV6 IP address contains much more information. Make sure the VPN is blocking your IPV6 information from going to their ISP.  You can test that as well.

Surveillance and Jurisdiction

Some countries in the world are better than others when it comes to internet privacy, censorship, and surveillance. There is a lot of countries in the world, so going into detail on each one is outside the scope of this article.  However, there is a handy Wikipedia article that covers how privacy friendly various countries are.

If this is of concern to you, pick a VPN based in a country that is friendly to internet privacy. You may also want to look into the informational jurisdiction of particular countries. Some countries have reciprocity agreements in place to share information with other countries.  Those countries are referred to as Five Eyes, Nice Eyes, and Fourteen Eyes. The number indicated how many countries are involved in the agreement. Here is a breakdown of those countries:

  • Five Eyes – Australia, Canada, New Zealand, United Kingdom,
  • Nine Eyes –  Five Eyes plus Denmark, France, the Netherlands, and Norway
  • Fourteen Eyes –  Nine Eyes plus Germany, Belgium, Italy, Spain, and Sweden

I’m mentioning this to keep in mind how your private information online can cross international borders.

Obfuscation

You don’t need to worry about this unless you are trying to bypass a restrictive network, or trying to hide what you are sending. However, if this is of concern to you, the following VPN features may be of interest. Be aware, that each of these features includes overhead that will impact speed.

Multi-hop: This routes traffic through multiple VPN’s in multiple countries. This offers a layer of privacy protection as your traffic path crosses multiple jurisdictions. Someone targeting your traffic to discover who you are would need the information from each countries VPN to track your traffic.

TCP Port 443: This is the port “HTTPS” traffic is passed over. Therefore, it’s typically a secure open port on most firewalls. Forwarding your VPN traffic through port 443 is a simple way to break through many networks.

Obfsproxy: This proxy transforms VPN traffic into more “innocent looking” traffic.

SOCKS Proxy: SOCKS is a specific proxy server that establishes a tunnel with a client to send secure information. It’s yet another lock that needs to be broken on your information.

SSL and SSH Tunneling: Socks and port 443 are tunnels established with SSL and SSH respectively.  There are other ways to do this. Check with the VPN features to see if they offer more methods of tunneling to obscure your traffic.

Other Important Factors

Geo-Blocking: If you care about watching content in other countries and locations, then you need to make sure they offer VPN servers in those locations.

Number of Connections: While many VPNs do not have a limit, you want to check to see if they do and it covers all the device you want to use on the VPN.

P2P Blocking: If you use peer to peer file sharing or torrent, you want to make sure the VPN service doesn’t block P2P.

Speed:  Using VPN takes a little bit of overhead. Run a speed test to see how much speed you are losing. You can find one by searching “internet speed test” in Google.  You want to make sure there is no bandwidth cap.

Price: Prices vary on VPN service providers. Generally, expect to pay no more than $10 per month. Also, check to see if they offer a free trial or refund period. It will allow you to test everything we’ve covered in this article.

VPNs to Try

NordVPN – This VPN checks all the boxes on what to look for in a quality VPN and is extremely user-friendly.  While it is perfect for those just looking for added privacy online, it also has VPN servers optimized for torrenting.

IPVanish – This is the VPN I use. I find it to be a good balance between privacy and the ability to unlock content. They are fantastic at location coverage with over 60 countries. They meet all the privacy standards from a technical standpoint.  However, they are based in the United States, which is a Five Eyes country.

Mullvad – Great for privacy with the exception of being in Sweden, a fourteen eyes country.  They have servers in less than 20 countries so they aren’t great for unlocking content. Another drawback is they limit connections to 3 clients.

BlackVPN – This VPN would be perfect if it wasn’t for their IPV6 configuration. It tends to be little leaky. Like Mullvad they lack decent coverage for unlocking content and also limit the client connections to 3.

If you enjoyed this article, please subscribe to our weekly newsletter. It goes out every Thursday and keeps you up to date on information relevant to cord cutters. Subscribing will also inform you on the latest deals out there for internet, streaming, and more.

Check Out An Internet Only Deal for Cordcutters (sponsored)

If this article did not answer your specific question, check out the Cord Cutting Guide. It provides links to the most important articles in our over 200 pages of content to help you ditch pay TV.

For tips and tricks on cutting the cord and other tech topics be sure to join our Facebook Page and follow us on Twitter

Categories: VPN and Smart DNS
Dennis Restauro :Dennis is the founder of Grounded Reason. He also hosts the Grounded Reason Podcast. Follow him on Twitter: Follow Dennis on Twitter

View Comments (40)

  • Great detailed info., but doesn't go into enough detail on Internet speed degradation. For example, I have 15 Mbps service with Cox.net, however, that is cut about in half with a VPN running! (can't recall which onei tried and got this result). I can stream fine at 15 Mbps, but I think I'll have problems at 7-8 Mbps! So, which VPN service is best for being "light" on degrading your baseline Internet speed?

    • Rodney, I didn't go into speed because it's going to vary based on where you are located, the VPN you use, and the VPN features you use. IPVanish does well for me, but I can't ensure it will for everyone. I recommend trying a free trial if offered or a one month subscription. Then you can test the speed and sign on longer term if the service woks out for you.

  • Great article, but it does not explain how to implement this for cord-cutting. I have used VPN clients for work-at-home applications on a computer, but how would this work on a Roku or Fire TV. How would I used a VPN to view geo-blocked content from an MLB or Netflix app on a streaming device?

    • The devices supported and instructions for setting up are going to vary from VPN to VPN. You can check out this article on how to watch baseball without cable for info on MLB. I go into the smartDNS and VPN you can use to avoid black outs. As for Netflix, in other countries they have been cracking down. You may need to experiment with the VPNs free trial. Sometimes they will explicitly state if they support unblocking the Geo-blocking for Netflix.

  • Hi! I really liked your article it was pretty easy to understand even for a non tech person like me. Please tell me if I can set up to have my laptop and cell run through the VPN automatically? Can my kids all log through the same account...automatically? How would I use a VPN to add Kodi to my firestick? No clear on when to log on when working on the tv and how to do so? Thank you very much!

    • It really depends on the VPN provider you go with. They will all have instructions on how to set up the VPN on various devices. Once the VPN is setup on a device, all applications will go through the VPN. Therefore, no additional setup would be required for something like KODI.

      Using KODI on a Firestick is a different topic. You can get information on that from my article on how to install KODI on a Fire Stick.

  • I have been researching and preparing to "cut the cord" with my cable company and appreciate your informative articles. I'm still a bit confused on how to use the VPN with my home internet. I have read about IPVanish and feel it would work best for me but is there a way to link it to my home internet connection instead of having to put it on every device? My internet provider is AT&T so I have their equipment along with Mohu Leaf 30, TiVo Roamio OTA DVR and a Fire stick. Is there a way to install the VPN so any connection going through my home internet is secure, regardless of what device I'm using?

    • The safest way to do it is on the devices you will use. The VPN should be a connection between your device and the VPN provider.

  • Dennis thanks for the article. I ordered IPVanish through your site. Is it possible to load it on a Roku or Amazon TV? If so do you have instructions on how? Thanks

  • I tried signing up for IPVanish several times and nothing happens after you select pay with credit card... what's going on.

    • Not sure, there service is up. Contact their support to resolve your issue.

  • Hi Dennis! Just want to say thanks for all the information you provided. You've been a blessing. You've broke everything down where a first grader can understand. I appreciate it greatly. May you be blessed in all of your endeavors. Have a wonderful day, Luv!

  • Hi Dennis,
    I'm a new subscriber and interested in VPN. Thank you for all this info. I've researched this question and can't find the answer. I live in a rural area and am forced to use Verizon DSL for internet and when I signed up in 2012 I had to also get a "land line". Now is DSL voice a real landline? Or is this actually a VOIP voice service? Also, I can see 2 tests above but when I listened to Podcast #35 you mentioned 3 tests to take before and after getting a VPN. What is the 3rd test? Thanks for all you do!

    • Yes, DSL can use a traditional phone-line. Did you ask the provider if it was VoIP

  • Great podcast. However, while I think it's great you brought to light the widespread use of affiliates, and how you need to be very skeptical of any review sites, there *is* one site that's pretty much universally recommended when you're choosing a VPN:

    https://thatoneprivacysite.net/vpn-comparison-chart/

    The author has put a lot of effort into create a sortable table of a ton of VPNs which shows the traits you mentioned in your podcast, along with a lot more, including their use of affiliates.

    Not sure if we can post links here but I thought it was worth mentioning.

    • Thanks for the resource. This is well put together. The VPN I use has affiliates. However, they show up green for all the stuff we mentioned on the show. It really comes down to how much trust you have in the VPN.

  • Hey Dennis - I have read several of your articles and am considering getting a VPN - probably the one you recommend since right now I do not know a lot about it. I needed to know how to set this up. If I purchase a VPN will it automatically "load" on to my iPad and then every time I sign on it will be used OR once it is installed - do I have to go to a specific "app"and activate it each time. Sorry -but when it comes to computers I really am a NOVICE big time. Thanks for any advice you can give me.

    • Most VPNs will provide an app that you install. It's typically a matter of setting it up once and then it operates under an "on/off" switch in the taskbar.

  • Hi,

    I will visit Poland soon for a couple of months and I was wondering what is the best VPN for that country? Would IPVANISH be OK if installed here on Laptop taken to Poland?

    ron

    • It depends on what you want to accomplish. IPVanish is a great mix of security and country availability. However, there are a a few better for pure security I mention at the bottom of the article.

  • Great article on VPNs. I had Viscosity installed on my laptop to be able to work at home. I will be traveling to Australia and I'd like to watch Hulu but I don't know how to get to Hulu through the VPN. Also, are you familiar with Viscosity and if so do you recommend it?
    Thanks.

    • Nord is decent, I've heard it can make the connection a bit slow, but that is completely dependent on where you are in relation to their servers.

  • Great article. Great site. I've been wanting to set up a VPN for quite some time, and you've given me the confidence to do it. Thank you. One thing though, and I'm not trying to be a dick... Someone needs to edit for grammatical errors. There are way too many in this article.

  • Just one point. In my personal experience trying to use a VPN to access streaming content abroad is nowhere near as easy as articles like this suggest. I have tried accessing Australian content via my VPN's servers in Australia yet they still blocked me - my best guess is that the volume of traffic demanded of the IP addresses attached gives them away. ExpressVPN, the service I use, state that the networks/streamers are getting better at detecting VPN/DNS services trying to circumvent geoblocking. I have tried going the alternative route of using DNS companies like Unlocker, with only marginally better success - I can only access one solitary channel from Australia - plus their customer service sucks big time.

    • Some streaming services in some countries will block any access from a VPN. Netflix has started to do that and other companies have followed suit. Companies in Australia are pretty notorious for this. For content, I recommend trying Overplay DNS. Their VPN isn't the best for security but the smart DNS team does a good job of keeping all the locations you can access content from up to date.

  • Dennis: I will be honest. I do not understand most of what you are talking about. However, I would appreciate your top recommendation for the best VPN service for use with the kodi add ons to watch everything. No crazy deep web stuff . Just movies, TV, the on demand stuff. Netflix, Hulu, PPV etc.

  • Great article, was wondering VPN, does this also help secure the device from possible hackers and spammers?

    • It will help if someone is trying to hack you on a public network, but otherwise no.

  • I have to use my employers VPN to telework. How do I manage that and then my own VPN, for example IPVanish? Do I have to switch which one I am using by clicking somewhere or changing a setting, or can I use my VPN, and then while still connected, access my work VPN?

    • Is your work VPN always on? I can turn mine off. I would switch between them if possible.

      • I have win 7 on desktop and win 10 on laptop. Not sure if it is always on. If you can direct me to a resource, I am happy to follow instructions

        • It really depends on how your work configured your VPN. There are numerous clients that are used. Basically you would turn off your work VPN and turn on the IPVanish one. Now if you are just using the VPN on the firestick and the work VPN is set at the laptop then there is no need to worry. You can have separate devices on separate VPNs. The only time this would be an issue is if the VPN is set at the router.

  • Because I'm "that guy" I have to point out that your list of the Five Eyes nations only has FOUR. It wasn't until later in the article that I saw that the USA is part of the Five Eyes.