How important is your online privacy? One of the best ways to protect it is to use a VPN (virtual private network). A VPN gives your devices a private, secure internet connection and allows you to get around blocked overseas websites. They're also good to use when you're on a public Wi-Fi network.
On this page:
- How does a VPN work?
- Four reasons to use a VPN
- How much do VPNs cost?
- VPNs and piracy
- Why hide your IP address?
- What to look for in a VPN provider
- How to check your online location
- Security vs speed
- What happens to your metadata?
We're on your side
In more than 60 years of making a difference for Australian consumers, we've never taken ads or sponsorship.
Instead we're funded by members who value expert reviews and independent product testing.
With no self-interest behind our advice, you don't just buy smarter, you get the answers that you need.
You know without hesitation what's safe for you and your family.
And you'll never be alone when something goes wrong or a business treats you unfairly.
Learn more about CHOICE membership today
How does a VPN work?
In a nutshell, a VPN helps keep your secrets – especially financial information – safe. A VPN encrypts any information sent and received by your computer so that it can't be intercepted and decoded, like a secure 'digital tunnel' between you and your online destinations. It also routes your information through various servers so that it can't be traced back to you.
As far as websites can tell, you're at the location of one of many worldwide servers that your encrypted data passes through. That's how you can get around geographical restrictions or extra costs that can come from shopping overseas online. To them, it'll look like you're based at the location of the nearest server used by your VPN service.
Four reasons to use a VPN
- To protect yourself from online identity theft while using a public Wi-Fi internet connection.
- To maintain your personal privacy by preventing others having access to your online activities, location or identity.
- To access content only available in other countries due to geoblocking, like watching Hulu or BBC TV from outside the US or UK. We believe consumers should have the right to purchase overseas products and content without geographical restrictions.
- To get around bandwidth throttling, which is when your internet service provider (ISP) detects and de-prioritises certain types of internet traffic, such as torrent downloads or streaming video, and slows down your connection. Turning on your VPN prevents the ISP detecting the type of information being transferred, so you should regain normal speed.
How much do VPNs cost?
If you want reliable download speeds, support, easy set-up and the most features, the cost of a paid VPN is well worth it. Most VPN services will generally cost anything from $5–15 per month for an individual (not business) user, but choosing one based on the cheapest price isn't the best way to go.
While price can play a part in your final decision, where multiple services offer similar benefits, you need to look at how each provider meets your particular needs.
What about 'free' VPNs?
Should you go with a free VPN service? For most people, the answer is probably no. Choose the wrong one and you could be putting yourself at more risk than if you weren't using a VPN at all. Any free service has to make money somehow to keep it going.
A free service may be doing it 'on the cheap' and may not be able to afford to have their security as up to date as paid services. But even if they're on the up and up privacy-wise, you could pay in other ways though ad-riddled browsing, slow speeds and limits on data and time spent online. And if the service is free then maybe you're actually the product. They have to pay for their servers somehow, which could mean tracking information about your online activity to sell to third parties.
So if you're tempted to try a free VPN service, read the fine print terms and conditions very carefully. But this goes even if you're using a paid service. There are no 'standard' terms and conditions, and they'll vary from company to company.
What a VPN won't do
With all this talk about how a VPN will secure your identity and protect you while online, it's worth noting what a VPN won't do.
It won't secure your home network connection
You still need to make sure your home router or mesh network is securely connected to the internet. Make sure encryption is turned on (the WPA2 setting is the best many are capable of but the newest and best setting is WPA3), and use a strong password to stop others getting access to your network, using up your data allowance by piggybacking on your connection and possibly even getting access to your private information.
It won't protect your computers from malware
A VPN is no replacement for properly installed and configured antivirus software on your computer. That should always be turned on and kept up to date. Though some VPN services include antivirus checking in their list of features, this should be seen as an extra level of protection and shouldn't be relied on for general protection.
Public hotspot danger
The explosive growth of public Wi-Fi hotspots is a boon for on-the-go consumers. It's also a boon for criminals who prey on unsuspecting customers using laptops and mobile devices with unprotected connections.
Free Wi-Fi is commonplace at cafes, restaurants, public libraries, airports, schools, hotels and local businesses, and government and major telcos are getting on board as well.
This sounds great, but hackers can 'camp' at a popular Wi-Fi hotspot (or nearby within signal range) and 'sniff' your network traffic to see what you're doing. They can intercept any transmissions (i.e. email, web browsing) that aren't encrypted, possibly gaining access to your passwords and other private information.
For example, you should never use banking websites or apps at a public Wi-Fi hotspot without a VPN. How likely is it that your information will be intercepted at a hotspot if you don't use a VPN? Who knows? But is it worth taking the risk? Definitely not.
VPNs and piracy
Isn't a VPN a piracy tool? The short answer is no. The ongoing controversy around getting access to overseas streaming video content has put the spotlight on VPNs. Once the domain of business users and hackers, VPNs are now mainstream tools for everybody to use to protect themselves online.
VPNs are often mentioned in the context of getting around geoblocking so you can watch legitimate commercial online content which is otherwise restricted from viewing in your geographical area. Getting around geoblocking is not the same as online piracy, in which copyrighted content is downloaded without payment. Like torrents, VPNs are legitimate internet tools, but they can be used for legal or illegal purposes.
There are other ways to get around geoblocking, such as using a proxy service. However, this simply bypasses region checking and doesn't protect you by encrypting your data stream. Using a VPN hides your IP address for all your net activities including browsing, email, instant messaging and VoIP (voice over IP) and encrypts all data.
Why hide your IP address?
A lot of online services know where you're connecting from as soon as you go online and they keep tabs on you from then on. This might add some convenience to your online shopping, social network posts or even web browsing, but you should have the right to opt out of this tracking when needed.
There are numerous other reasons for wanting to hide your IP address, including:
- encrypting your information transferred over public wireless systems
- shopping overseas online to get around location-based artificial price inflation
- preventing anybody from tracking your web browsing
- leaving no digital footprint of your identity, whereabouts and online activity
- getting around bans or blacklisting of your IP address
- getting around censorship filters and government snooping that in some countries can put you at risk of losing your job, your freedom or possibly even your life. A VPN can help you communicate with the rest of the world in a way that can't be traced back to you.
What to look for in a VPN provider
- Wide support via numerous servers in different countries.
- Unlimited data transfers, with no excess data usage charges.
- Unlimited reconnections, allowing you to connect as many times as you like.
- Virtual location choice, allowing you to choose a specific virtual location, like the USA or UK.
- Deep packet inspection protection, preventing the identification of VPN data in transit by third parties (e.g. government, hackers, ISPs) using deep packet inspection methods.
- Multiple OS support Programs and apps for operating systems across computers and mobile devices, including Windows, macOS, Linux, iOS, Android, and Windows mobile.
- Privacy policy Does the provider log and store any personally identifiable information about you? Providers may keep track of the number of connections to their servers and when they occur, for load-balancing and maintenance purposes, but shouldn't save logs of who you are and what you connected to. Check the provider's privacy policy carefully.
- Online and/or phone support Responsive customer and technical support to provide quick and helpful solutions to any issues that arise, preferably 24/7 because problems can occur around the clock and support services could even be in a different time zone.
- Stealth tools to prevent the VPN being blocked (see below).
- Ease of cancellation has become particularly important in today's highly competitive market where huge discounts are routinely offered for new users. Joining a VPN service is usually quite easy, but some services make it a lot easier to sign-on than to opt-out. To discontinue some services you might have to cancel via PayPal separately, email the VPN service directly, or even lodge a support request. Ideally, a VPN service will give you the option of making a one-off, fixed-time purchase (such as a year) without activating a subscription. Not many do this, but some let you simply turn off (end) your subscription in your user management area on their website. Look for a subscription for a specified time (e.g. 1, 3, 6, or 12 months) rather than ongoing.
Stealth protection
The rise in popularity of VPNs prompted a backlash of sorts, with some websites blocking them so that you can't access the site if you're using a VPN. This sort of traffic blocking forces people to abandon the safety of the VPN or not use the website.
There's also the case that you might not be blocked outright – perhaps your internet connection is running slowly because it's being 'throttled' by your ISP. This throttling of your speed can be imposed by an ISP simply because you're using a VPN. Fortunately, there's a way around it.
Many VPN services now include the option of using so-called stealth technology in their product (though it may not be actually labelled as such in the program). Stealth tools can disguise your VPN traffic as regular web traffic, even when subjected to deep packet inspection.
Most commonly, stealth tools disguise VPN data packets as regular HTTPS traffic. Because HTTPS connections are often used for secure transmissions including passwords, credit card numbers and more, they don't get blocked. Stealth mode can impose extra overhead on traffic, so use it only if required.
If you find you can't get on to certain websites when you're using a VPN or if you suspect your traffic is being throttled, turn on stealth mode (if you have it) and see what difference it makes.
How to check your online location
It's when you see evidence of your location being recorded right in front of you that the realisation of how vulnerable you are really sinks in. But using a VPN can make it look like you're in another country, all at the click of a mouse.
For example, instead of showing where you're really located in Sydney, you can appear to be in Paris, London, Frankfurt, the USA or wherever your VPN provider has servers. To see where the internet thinks you are, try whatismyipaddress.com.
Plug the DNS location leak
Under certain conditions even a VPN won't prevent a DNS leak revealing to snoopers which local internet servers you're actually using, rather than the DNS servers provided by the VPN service. You can check for a DNS leak by using the online tool at DNSLeakTest.com.
Security vs speed
Using a VPN gives you more security, but there is often a trade-off in connection speed, which will vary over time and from service to service, because using the VPN adds a layer of complexity to your internet access. This can compound the problem of simply using broadband, which can in itself be unpredictable, especially in peak times, due to it being shared among many users. However, our latest VPN testing has found this to be much less of a problem than in past years, and in many cases the drop in performance when using a VPN is negligible.
If you have a slow connection, you can reduce some of the performance hit of a VPN by using a proxy server, rather than VPN server, to help bypass geoblocking of streaming content. As with a VPN, a proxy server can make it appear that you're located in another country, and because it doesn't encrypt the connection it can be faster, but note that it won't provide the level of security of an encrypted VPN connection.
If you find your VPN speed lagging, you can try doing the following.
- Check your local network. Other users on your local Wi-Fi network could be causing congestion. Also, your ISP connection could be slower due to heavy traffic or an outage affecting your area.
- Swap servers. Check the VPN server you're connected to and try a closer one, preferably in the same country.
- Security check. Changes to your security software can affect your whole system. Check your antivirus and settings and turn off other programs you're running to see if it makes a difference.
- Check the protocol. A VPN can use various connection protocols such as OpenVPN, L2TP/IPSec and more. Try using a different one and comparing your speed.
- Reboot. Many problems can be solved by turning it all off and back on again. Start with your computer and if needed do the same to your modem/router.
- Give it time. Most speed drops caused by external factors are temporary. You might have to wait a while until your ISP's network performance lifts. Try browsing without the VPN running and if it's still slow contact your ISP.
What happens to your metadata?
The information that VPN services track is always a hot topic, especially since data retention laws came into effect in Australia. Under those laws, telecommunication and internet providers are to hold onto communications metadata for all customers for two years.
Metadata includes information about when, where, how, what, from where and to whom it was sent. It doesn't relate to the content of the communication, so the body of an email, the details of a text message, all the content on a webpage and phone conversations are not considered metadata. However, metadata gives away certain information that can give insight into communications, which is why law enforcement agencies want it stored. Critics say the system can be open to abuse.
VPN providers know users want privacy and most will state that that they don't log personal information. However, they will admit that they need to record certain non-personal connection information for a time so that they can provide a good service. This can help them track peak demand times, for example, so they can balance the load on their servers to work more effectively. Again, you should check the fine print of the VPN provider and query them specifically about any concerns.
Laws that affect handing over user information to the authorities vary from country to country. A legal requirement for a provider in one country may not necessarily relate to another. But no matter where you are, just using a VPN is unlikely to provide much protection if you're suspected of criminal activity. VPNs can help protect your right to legally access goods and services, but CHOICE does not endorse or condone the use of VPNs for any illegal activity.
Beware free mobile VPN apps
VPN apps for mobile devices are highly popular and numerous on app stores, particularly 'free' ones. But you should avoid using free apps, particularly from unknown companies.
An investigation into 150 free mobile VPN apps by Top10VPN.com in late 2018 (updated in 2021) found that 25% of them failed to protect users due to DNS and other leaks, and 85% were found to have excessive permissions or functions, creating the potential for users' data to be manipulated or sold to third parties.
Simon Migliano, head of research at Top10VPN.com, said, "Every time you connect to a VPN, you're trusting the service provider to be responsible with your browsing data. This is why it's so critical that VPN companies publish enough information about themselves and their policies to allow consumers to make informed choices." He added that "while these findings show most free VPNs should be avoided, there are a handful of services that are perfectly legitimate".
The bottom line is that if your privacy is important enough to you to use a VPN, then it's important enough to pay for. Only use reputable services and remember that the real price of a so-called free app may be paid in ways you wouldn't choose if you knew.
Stock images: Getty, unless otherwise stated.