VPN: What is it, how does it work, and why should you use one?

At first glance, VPN technology may seem advanced and difficult to understand, but it is not. In this article, I will try to work on all the concepts that encompass this technology. What is a VPN service, what are the advantages of using a VPN, and how does VPN technology work in practice.

During the course of the article, I will also take the opportunity to share some VPN options that, after evaluating them, seem good for both beginners and experts. But at no time will I make a comparative list of the best free or paid VPNs, I will leave that for another article.

What is a VPN connection?

A VPN connection acts as a protected tunnel that begins with us and reaches the servers of the VPN provider. Thanks to secure encryption, no stranger can see what we do on the Internet.

How does a VPN connection work?

If we want to protect ourselves through VPN technology, we really don’t need to know anything about encryption protocols and so on. All that is required on our side is that we download a VPN application, log in, connect to a VPN server, and with that, we are (in theory) 100% protected.

Without a VPN service, everything we do is logged on the web. If we connect to Wi-Fi networks at our workplaces, the IT department can see exactly what we do. The same happens with public Wi-Fi networks, which we find in airports, restaurants, and cafes, for example. The person in charge of the wifi connection always has full control over what happens. This also includes our financial information, Google search history, and the videos we watch when it comes to media sites like YouTube.

In other words, we connect to the Internet and since we have no protection, authorities, copyright organizations, hackers and the like can see what we are doing in detail.

The entire Internet is made up of a huge number of servers that often communicate with each other. Because of this, we may visit some websites while other sites remain inaccessible due to, for example, regional barriers or payment walls. As a function it is fine, but in terms of security, it is not so much.

The way the Internet is designed means that we always leave little traces behind us. This probably doesn’t matter if we upload some cat photos or watch some Netflix series. But when it comes to more important things like confidential emails and bank transfers, it’s not so much fun knowing that we’re being tracked.

This is what happens when we are connected through a VPN:

When we are connected to a VPN server, we are protected from “spies”, while the online security level gets a big boost in the right direction. The VPN tunnel you see in the middle of the image above acts as an encryption broker that solves many problems:

  • The spies only see that we are connected to a VPN server, nothing more.
  • No one can identify who we are and what we surf the web with.
  • All data is encrypted. If someone were to check what is sent and received, they would only see a completely useless combination of letters and numbers.

In other words, our internet connections become much more secure with a VPN connection.

How secure is a VPN connection?

All VPN companies promise the exact same thing. Our Internet connection must be secured with “Military Grade Encryption” or “Bank Level Security.” But do they tell the truth? Sometimes, but not always. Below, we discuss what level of security can differ between two different VPN providers that promise the exact same thing.

Modern VPN protocols should be available

There are secure VPN protocols (for example, OpenVPN), but even more insecure that can be broken in just a few minutes (for example, PPTP). A worthwhile VPN provider offers a 256-bit OpenVPN connection; we should not settle for something less secure than that.

Registration policy must be sound

When we sign up for a VPN service, our ISPs and other spies cannot track us. But this has a big disadvantage: now the VPN can do it instead. However, all of us who pay for a VPN can rest easy. Premium providers never keep any sensitive records. They also do not cooperate with any government or copyright organization, nor do they intend to do so in the future.

Unfortunately, we cannot say the same about free alternatives that have a business model of collecting confidential data and then selling it to third parties.

Evaluate all the factors before choosing a VPN service

The above factors are by far the most important, but there are, of course, more to consider, like pricing, potential security leaks, and more. But as I just said, the most important thing is that all modern VPN protocols are offered and that the registration policy is firm, and we will discuss this in detail right now.

VPN protocols

It is always the VPN protocol that determines how data travels within the VPN network. The most common VPN protocols are:

  • Point-to-Point Tunnel Protocol (PPTP): One of the oldest VPN protocols in the world with a distinct advantage: it can be used on virtually any device that exists and is easy to activate on Windows PCs. But that’s where the fun ends.
    The level of security is acceptable at best, and this protocol is only used by companies that want to navigate more securely. But for people: skip this protocol, and if the VPN provider only offers PPTP support, ruled out!
  • L2TP / IPsec (Layer 2 Tunnel Protocol) – Much more secure than PPTP, but not bulletproof. L2TP is a VPN protocol that in its basic design does not use any type of encryption. For this reason, the protocol is always used in conjunction with IPsec to increase security. Also, L2TP uses something called dual encapsulation, so it was well-received at launch. The first cabinet establishes a PPP connection to an external host and the second cabinet contains IPsec for extra security.
  • SSTP (Secure Socket Tunnel Protocol): Like PPTP, this protocol is also developed by Microsoft. The protocol uses SSL / TLS encryption (a common method to protect web pages) and since both the transmitter and the receiver must approve the transmission, this VPN protocol is considered secure.
  • IKEv2: You guessed it! Microsoft is also behind this encryption protocol. IKEv2 is fast and secure and is most commonly used on iOS devices. Because the security level is very high, this protocol can be used regardless of the device you connect to.
  • OpenVPN: the best VPN protocol in the world in terms of speed and level of security. With open-source, hundreds of volunteers can also improve their safety and performance with each passing year. And because it is open source, we can be sure that the protocol does not contain nasty back doors or the like.
  • WireGuard:  a lightweight and flexible protocol for the future. It is predicted that it will take the throne after OpenVPN, but it is not fully developed yet, and until that happens, we must stay away.

In summary, the OpenVPN and IKEv2 protocols should be considered the most secure. The other protocols mentioned above should only be used if you have no other choice.

AES 256: The industry standard for encryption and can, for example, be used with the OpenVPN protocol. According to many, the AES 256 is the best and most efficient encryption standard, and that is true. Furthermore, the AES 256 standard has never been hacked, so it will also remain for a long time. AES protection is also available as AES 128, which also offers complete protection, although not as strong. AES 512 is in development, but will not appear for a few years.

How does encryption really work?

In short, encryption means that we put an extra layer of security on the information that is sent. To give an example:

  1. We send a message through the web.
  2. A secret encryption key makes the message unreadable to unauthorized people.
  3. The message is sent (no one has any idea what the message contains).
  4. Finally, the same message can be unlocked and read by a recipient with the correct passwoVPN servicerd.

On VPN connections, what we already know is the AES encryption that is applied. All the major VPN providers offer AES 256 encryption, and they are all high performance and security options.

Registration policy

The level of security that a VPN provider can offer depends largely on what types of logs it keeps. For example, VPN companies can store:

  • Connection logs: inform them what time we connect and from what specific VPN server.
  • Information on how many devices we use at the same time:  harmless.
  • Payment records: They are always encrypted and cannot be used to track us.
  • Email Logs: These are also encrypted and cannot be used to find out who we are. However, sign up with an anonymous email address like the one Protonmail offers.
  • IP addresses:  Although they are also encrypted and generally cannot be used to track us, alarms start to sound. From a theoretical point of view, they can discover who we are by saving this type of information.
  • Traffic logs: describes exactly what we do on the web. Generally, only free VPNs keep this type of logs.

In general, the general rule says: the fewer records you keep, the better.

Full transparency is preferred

Outside security companies can examine the top-performing VPN providers. These check, among other things, the source code, the servers, and, in short, that the company is behaving correctly.

Is it legal to use a VPN service?

Yes almost always. More specifically, VPN connections are fully allowed throughout the western world, including Scandinavia, the United States, Canada, and the United Kingdom.

Keep in mind that our physical place is always important from a legal point of view. If we are in Spain and browse through a US server, Spanish law always applies.

Right now, VPN connections are completely banned in China, Turkey, Belarus, Russia, Iran, North Korea, and the United Arab Emirates.

Does a VPN service make us completely impossible to track online?

Short answer?

No, but almost.

Long answer?

Without a VPN connection, anyone curious can see what we do online. A person with the correct access or some digital tools can take a closer look at everything we left behind on the Internet.

If, instead, we use a VPN service, all Internet traffic is encrypted and, therefore, it is almost impossible for them to intercept our tracks.

Take a look at the following factors before fully deciding:

  • Does the VPN provider keep any logs? If so, which ones?
  • How is payment information encrypted?
  • Are the encryption and security protocols strong enough?

Ultimately, and as you have surely understood, not all VPN companies are equally good or safe to protect us online.

Is using a free VPN service secure?

No, in many cases they are even scams. Servers must be kept in good condition, staff must be paid, etc. If the VPN company we use is not a paid one, then our information is probably their main source of income. Because from somewhere they have to get the money to maintain the company.

Since they do not naturally generate money (i.e. through monthly or annual fees), advertisements may be displayed in a timely and timely manner, and all traffic may be recorded for subsequent sale to advertising agencies, etc. So it’s even better to trust ISPs to keep us safe than to use a free VPN service. But beware, it is also not recommended to blindly trust that.

How much does a good VPN service cost?

So far, as I write this article, I have reviewed over 55 VPN providers and the average cost is about $5/month. Some VPN providers are somewhat more expensive, like Perfect Privacy, but they also have a level of security that seems out of this world.

However, we should never pay more than $10/month. At least for me, that’s the limit. Plus, when it comes to longer subscriptions, we can also save quite a bit.

Can we access Netflix with a VPN?

Going into regional unlocking and copyright, we ask ourselves if we can watch Netflix with a VPN. The answer is yes.

You are not breaking any law. They will not persecute or arrest you. As long as you pay for your Netflix subscription every month, I don’t think they’ll be concerned if you’re accessing the service with an IP address from another country to view content that’s unavailable in your region.

More specifically and according to some studies, this is done in 75% of cases.

Why are streaming giants blocking content by region?

The short explanation is that those who shoot movies and TV shows want to make more money. If we take Netflix as an example, they do not own all the material, but rather buy it from various television companies and film studios. Sometimes Netflix even sells its own TV series and movies to various TV channels for a profit.

That said, large companies impose special conditions when materials are sold to each other, such as:

  • “You can see movie X in the United States, but if you want to offer the same movie in Europe, you have to pay more.”

As you may have noticed, the copyright system is fully involved in the film industry, and it’s always us who are affected, while the streaming giants bathe in Uncle Gilito-style money.

How does the regional blockade work?

Companies use advanced proxy solutions to keep customers in “wrong” countries away from materials destined for other regions. But luckily, here VPN technology also comes to our rescue.

All we have to do is change the server to a suitable country. For example, to access Netflix offerings in the United States, North American servers are the most appropriate.

Can we navigate more safely?

Yes, and this is a great reason why many people choose to get a VPN service. In principle, all premium providers provide full support for Torrent and P2P traffic, with very few exceptions.

Torrenting, by the way, is a rewriting of the Bittorrent protocol, a wonderful technology that allows us to quickly share large files with other file-sharers. The technology itself is completely legal, but downloading copyrighted files is something that many are unaware of.

Here it is important to examine how VPN providers relate to file sharing. But we’re lucky – almost every major option allows us to participate in this noble hobby, including Cyberghost, VPN Surf, NordVPN, ExpressVPN, VyprVPN, Surfshark, and many more.

When it comes to torrents and P2P, it’s also important to take an extra look at the registration policy. If no confidential records are kept, we can be sure that the VPN company will not keep any file sharing records either, and then it is green light.

Another important factor, of course, is speed. Sharing files over a slow connection is never recommended. In many cases, a good speed rate is a difficult factor to achieve. All VPN providers sell “blazing fast speeds,” but before signing up for the service we have no idea if this is true or pure marketing.

But luckily, I’ve done a major speed test, and among the best performance alternatives we find NordVPN and Cyberghost, which I coincidentally have already mentioned several times in this article.

Can we use VPN services on iOS and Android?

Many of the top alternatives also offer proprietary VPN clients for various operating systems.

Among 10 best performing VPN options I’ve been reviewing, NordVPN, Cyberghost, and Tunnelbear are the best VPNs for Android.

A few years ago we had to enter Settings> General> VPN to be able to connect to the service. But today, this is automatic on both Android and iOS, as all-important settings can be approved through our fingerprints or faces. Therefore, the installation process has accelerated from several minutes to … nothing?

Since there are several free VPN apps for Android, I also have to warn you of something. According to a Digital Information World report, more than 60% of free options on Google Play request permission to access suspicious information such as: external storage, accurate user location data, call logs, and the ability to make configuration changes of the system. Although VPN applications require certain permissions to function, most of the permissions requested by free solutions can lead us to risky circumstances.

And according to another report, around 40 percent of free apps on Android contain viruses, spyware, or any other type of threat. In other words, you should never prefer free options: use a premium service.

Can we use a VPN service on a SmartTV and with Kodi?

Since both Kodi and our smart TVs require an Internet connection to function well, a VPN service can protect us in a good way. If we, for example, protect our streaming sessions through Kodi, no one but us will know what we are seeing.

There are mainly two ways that we can use a VPN to protect our smart TVs and Kodi devices.

Install the VPN service directly on the device

Many of the premium options have apps that are suitable for smart TVs, especially for Android TV. With a TV equipped with Android or a Kodi box, just go to Google Play and download the correct application, log in, and connect to a suitable server.

Since Kodi works on many more devices than just Android and Android TV, it is also important that the VPN provider offers patented and easy-to-use apps for more devices.

I can reveal that Cyberghost, ExpressVPN, and NordVPN work well for both Kodi boxes and SmartTV.

Install the VPN service on the router

Kodi can be used on virtually every device out there, and there is often no problem installing a VPN service on the device you use to peek at Kodi. But when it comes to machines like Chromecast, Chrome OS, Rasberry Pi, and Roku devices, it gets even more complicated.

So we only have one option left: install the VPN directly on the router. This should not be considered an emergency solution, but it is really the best we can do. But we’ll talk more about this in the next section.

How to configure a VPN service on the router?

We bought a sled first … oh no. There are many ways to connect to a VPN server, and the best option is to bring the VPN service to a router. Thanks to this, we will never have to install an application on the devices on which we want to navigate safely. In other words: our phones, smart TVs, Kodi, laptops, tablets, and other devices are automatically protected as soon as they connect to a VPN-equipped router.

But how do we do this? We must first make sure that our router works with a VPN service. We can usually find out by looking at the manufacturer’s website or sites like DD-WRT Database.

DD-WRT Database

By installing third party software like DD-WRT or Tomato, your router will get the necessary support for OpenVPN, as well as many other advantages. However, the big disadvantage is that the installation process itself (or the so-called “flash”) is somewhat difficult for beginners to implement.

In my opinion, a dedicated VPN router with built-in support for OpenVPN is the best option.

Of course, the choice is entirely yours, but in my experience, a router with VPN support natively provides the smoothest experience.

VPN and Tor browser: are they compatible?

The technology Tor uses and the VPN technology are very different, even if they are used for exactly the same thing: protecting ourselves online. Tor uses a large number of nodes to keep us anonymous on the Internet, and with VPN technology, one server is applied at a time.

These techniques work very well, and to get the best protection, we can use both at the same time to get the most effective protection.

There are two options to choose from: first connect to a VPN server and then start Tor, and vice versa: first start Tor and then connect to a VPN server. The first is called “VPN over Tor” and the second is called “Tor over VPN”.

In my opinion, the best way to do this is to run “VPN over Tor”. Thanks to this type of connection, we obtain excellent protection along with all the advantages offered by the Tor network.

But of course, there are drawbacks. Due to the way the Tor network is built, it is very likely that we will get a not very fast speed, in addition to also incorporating a VPN connection in the game, so this will be reduced even more. But as I said, are you looking for extreme anonymity? So VPN over Tor is the best option.

IP Leaks and Kill Switch Tools

IP leaks

An IP leak occurs when the VPN provider we use cannot hide our IP address in a good way. For example, if we want to take a look at the Netflix catalog of the United States, which would otherwise be regionally blocked, we go to the site> we connect to a VPN server> and nothing happens. The streaming service is still blocked … what’s going on?

In these cases, we could have been involved in an IP leak when our real IP address was accidentally revealed and Netflix took it into account to finally “kick us out.”

But I want you to understand that it doesn’t have to be the fault of the VPN provider if we suffer an IP leak. Sometimes it can be the router, sometimes the browser, and sometimes various plugins that we use in the browser.

All the VPN providers that I have mentioned in this article have been tested for possible security leaks and have worked well. Almost all premium providers use advanced scripts to avoid this type of inconvenience.

Kill Switch Tool

The Kill Siwtch function is the best we have to prevent IP leaks. Thanks to this tool, our Internet connection is completely broken if we lose contact with the servers of the VPN provider.

Almost all premium providers offer Kill Switch solutions: ExpressVPN and NordVPN are two good examples.

VPN and SmartDNS: what’s the difference?

SmartDNS technology, as the name implies, is smart, but we don’t get any new, public IP addresses. SmartDNS technology also does not intend to use any kind of encryption, and the level of security is worse, compared to VPN technology.

However, the SmartDNS variant has an advantage. This technology works wonderfully well so that we can access foreign streaming services, although if you want to do it anonymously, then VPN technology is what you need. CactusVPN and VyprVPN offer a SmartDNS and VPN solution in one package. In other words, we don’t have to choose between the two options.

Your internet operators are manipulating the speed

Almost all Internet operators are manipulating our connection speeds in the evenings and weekends, which is when the load is greatest. By the way, this is not a myth, but something that is well known and written in the terms that you have accepted by becoming a customer of your operator

In other words, our internet operators can limit certain bandwidth-consuming services like YouTube, Netflix, HBO, and more to equalize server load. But we can get rid of this with a VPN, as internet operators will not know what we are doing online and thus cannot manipulate our connections.

That said, you may not have a good experience with streaming services, but over the years I have used VPN, YouTube, and similar services they have never misbehaved. And I probably have to thank to this technology.


What are the benefits of VPN technology?

  • Our Internet connection is encrypted and we are protected from the curious eyes.
  • We can take advantage of regionally blocked services, such as the Netflix catalog in the United States.
  • We maximize our anonymity online.
  • Internet operators can no longer manipulate our connection (at least not so easily).
  • The level of security improves significantly when we connect to public Wi-Fi networks.

Leave a Comment

Your email address will not be published. Required fields are marked *