YouTubers and podcast hosts are constantly extolling the virtues of a VPN. For IRL, Dylan Reeve weighs up the pros and cons.
If you’ve watched many videos from high-profile YouTubers, or listened to popular podcasts, you’ll almost certainly have heard promotions for various Virtual Private Network (VPN) providers. “Without a VPN, your internet browsing data can be tracked by your ISP, cellular provider, ad companies and hackers,” YouTuber Jon Tron warns his 15 million viewers in one video.
But contrary to the dire warnings about hacking, tracking and scamming, it’s far from clear that most people require a VPN to browse the web. In fact any selling point beyond “it’ll help you watch Netflix stuff from overseas” is stretching the truth in most cases. That overseas viewing thing might be enough, though.
First, a little technical background: When you’re using the internet, the data exchanged between your computer and internet sites, commonly called traffic, passes through a large number of third parties on its way.
In the most basic sense, this could look like a website request leaving your computer, reaching a server at your internet provider and then being directed to a large web hosting company before reaching the website’s server. In practice, there are even more companies in the middle. Think of this like passing notes in class – it passes through a lot of hands, and maybe you’re worried that people might sneak a peek on the way.
A virtual private network is a technology that collects the information you’re sending, combines it into an encrypted package, and sends it across the internet to some other server operated by the VPN provider. When it arrives, the data is unpacked and sent on its way, and does the same in reverse for the replies. Basically, the notes you’re passing back and forth in class are now in very well-sealed envelopes.
In principle, this means that your ISP can’t see what you’re sending, or where. Everything going to and from your computer is an indecipherable stream of encrypted data going into a tunnel to some mystery location. And, on the other side of the connection, the server you’re talking to can’t see where the data came from originally – they just see the VPN’s exit point, with no idea of where on the internet (or in the world) the data originated. Stretching the note metaphor a little too far, the last person in the chain takes the note out of the envelope and passes it to the recipient, without saying exactly where it came from.
So, about those privacy and security claims: They are fundamentally untrue or, at best, are significantly misstating the reality of just how the internet works normally.
The vast majority of websites now use Hypertext Transfer Protocol Secure (HTTPS), indicated by the little padlock in your browser’s address bar. This means that your connection with the website is encrypted and can’t be intercepted by anyone in between you at the website: put simply, your ISP already can’t see what you’re doing. The best they can hope for is to know what servers you’re connecting to – so they can see you went to Wikipedia, for example, but not which page and what you searched for while you were there.
What advertisers can determine is more complex. They generally aren’t relying on data intercepted by your ISP or other providers, but rather tracking cookies embedded on the websites you visit. The nature of advertiser tracking is worthy of an article of its own, but in general if you’re using the same computer and web browser you normally do, it doesn’t matter if you’re using a VPN or not, advertisers can track you just as efficiently.
So that leaves security. Are VPNs more secure? In short, no. As mentioned above, the data you send between your browser and most of the sites you visit is encrypted by HTTPS. This includes everything from your login name and password, to the credit card data you provide when shopping online. Adding another layer of encryption to this transaction doesn’t make it any more secure.
As for whether a VPN will protect you from hackers? There is really only one scenario in which that may be the case: public wifi.
Public wifi is typically unencrypted, so it’s theoretically possible for someone in the same physical area to “sniff” your network data out of the air — you’re sitting in a cafe innocently browsing the web and some sneaky hacker sitting nearby is snarfing down all your passwords and your Snapchat messages.
That may have been a risk years ago, but now most of the technologies you’re using on that network are encrypted, such as the HTTPS websites mentioned above. But there are still occasionally network connections your computer or phone might make that aren’t as secure, such as some older email systems or websites that aren’t using the HTTPS system.
In that very specific circumstance – connected to a public wifi, using an insecure internet protocol or application, with a malicious hacker cowering nearby – a VPN would add a layer of protection. But that’s a pretty specific and unlikely circumstance these days.
So then, what use is a VPN?
Basically the most practical use for a VPN for the vast majority of users is: pretending to be somewhere else.
By pushing all your internet traffic through a VPN, you can control where in the world you appear to be to the servers you’re talking to. There are a few practical applications for this, such as doing online shopping overseas, but the one most people care about is lying to Netflix.
If you can make Netflix’s servers believe you’re in the USA then you can watch the shows and movies available to US Netflix users. And it’s not just the US, of course, the streaming service has different content offerings all over the world.
And it’s not just Netflix either. The BBC’s iPlayer service is only available to people in the UK, or at least people who appear to be in the UK. Hulu is just for Americans, or for people whose internet connections are in the US.
Now, in most cases getting access to overseas services requires lying during your signup process, and in some cases where payment is required that creates another hurdle, as foreign credit cards may not be accepted. But the first challenge for any of these things is the technical one of having your connection appear to be in the right place in the world, and that is what VPNs are for.
Of course, the companies that run these services are not supposed to show their content to people outside the regions they’re licensed to serve, so there does tend to be a bit of cat and mouse – VPN users sometimes find themselves cut off from a show mid-episode when streaming providers detect VPN use – but VPN companies are usually quick to make changes to keep things working, and so the game continues.
There are drawbacks to consider, too. A VPN isn’t free – well, some VPNs are free, but you should probably stay clear of them; VPNs aren’t cheap to operate so free ones are doing something sneaky to make money. You’ll be paying $5-10 a month for most of the more reputable providers. And they can be a hassle to set up, sometimes slow down your browsing and occasionally cause weird technical issues that can trigger minor bouts of hair-pulling.
So, do you need a VPN? Well if you’re in the mood to binge Zooey Deschanel’s absolutely flawless seven-season sitcom New Girl then you’ll need a VPN in order to convince Netflix you’re watching from the US. But if you’re just worried about your ISP seeing your searches for Zooey Deschanel trivia, or Russian hackers intercepting your credit card while you’re buying Zooey Deschanel air fresheners, then I wouldn’t worry.