VPN

A VPN, or virtual private network, is a secure connection between people and devices over the Internet. A VPN makes going online safer and more private by stopping people from seeing who you are, where you are, or what you’re looking at.

vpn

What is a VPN?

VPN stands for virtual private network. A VPN is a private connection between people and devices over the Internet. Where a “real” private network connects devices in one location for the purposes of sharing data, a “virtual” private network uses encryption technology to recreate the security of a private network and connect devices that are not in the same location.

VPNs are typically used by remote employees to access files and programs on the business network (aka intranet) as if they were actually in the office. Likewise, big corporations spread across multiple locations use VPNs to connect satellite offices to the main office.

VPNs aren’t just for work though. Outside the office you can use VPNs to safeguard your privacy a few different ways:

  • Hide your identity using encryption to conceal your actual IP address.
  • Spoof your location by accessing the Internet using servers around the world.
  • Mask your online activity by making it difficult to track you.

You might need a VPN if you want to do things like:

  • Stay safe while using public Wi-Fi.
  • Stay safe while peer-to-peer (P2P) gaming or file sharing.
  • Stop nosey sites from tracking you.
  • Bypass the Internet censorship in your country.
  • Speak out safely as a journalist or political dissident in a repressive country.
  • Watch streaming video content from another country.

Because VPNs can be used to circumvent state-sponsored Internet censorship, the legality of VPN use varies. In some countries like Russia, for example, unrestricted VPNs are outright illegal. Whereas in China, VPNs are blocked but not necessarily illegal.

While using a VPN might make you an accidental criminal, legitimate cybercriminals like using VPNs too. Case in point: VPNs can hide the IP address being used to control a botnet during a DDoS attack. More commonly, VPNs are used to download copyrighted or illegal content without catching the attention of Internet service providers (ISPs) or law enforcement.

Over on Malwarebytes Labs we reported on a suspicious VPN advertised as “the only free VPN that doesn’t keep logs.” Ironically, attempting to download the VPN infected victims with a keylogger.

To be clear, VPNs encrypt your data and hide your location and identity, but they don’t protect you from viruses, ransomware, and other forms of malware, including spyware and keyloggers.  Accordingly, if you’re using a VPN, you still need a cybersecurity program.

Now that we have a basic understanding of what VPNs are and how people use them, let’s take a closer look at how VPNs work, how you can set up your own VPN, and things to avoid when setting up a VPN.

“Simply put, a VPN makes going online safer and more private by creating a digital middleman between your device and the Internet. Through the use of a VPN, people can’t figure out who you are, where you are, or what you’re looking at.”

How do VPNs work?

Simply put, a VPN makes going online safer and more private by creating a digital middleman between your device and the Internet. Through the use of a VPN, people can’t figure out who you are, where you are, or what you’re looking at. At a time when the concept of online privacy is challenged every day by companies and organizations hungry for our data, one can see how a VPN might come in handy.

So think of a VPN as a tunnel that starts at one point, burrows through the Internet, and emerges at another point. This tunnel can be used by people on opposite ends to securely send data to each other. Some VPN tunnels can connect several parties simultaneously.

Before users can access the tunnel, the VPN first confirms both parties are who they say they are via username and password. Assuming all parties pass the ID check, they’re allowed to use the VPN.

Finally, VPNs encrypt any data that passes through the tunnel. This is how VPNs keep nosey parties from snooping on your Internet activity and the main reason legitimate users (read: not cybercriminals) use VPNs. Without delving too deeply into the modes and methods of VPN data handling, here’s what you need to know: Data is encrypted as it enters the tunnel and it’s decrypted as it leaves the tunnel using encryption keys. The various methods by which data is packaged and encrypted is known as tunneling protocol.

There are two types of encryption keys: symmetric and public. With symmetric keys, everyone has the same key. This is akin to everyone having the same password to the secret clubhouse. If someone who isn’t a member of the clubhouse learns the password, then everyone’s security is compromised. And this is why we have public keys.

With public keys everyone gets to have one, same as before, and everyone can send an encrypted message. However, each public key has a paired, private key on the receiving end. The private key is never shared. Only your computer knows it and uses it to decipher incoming messages. With this system, it doesn’t matter if your public key is compromised since the underlying private key is still secure.

Latest news on VPNs

300 shades of gray: a look into free mobile VPN apps
Malvertising on iOS pushes eyebrow-raising VPN app
One VPN to rule them all

What are the types of VPNs?

There are two basic VPN types: remote access and site-to-site.

Remote access VPN. As you might’ve guessed, a remote access VPN allows someone outside a given network (they’re on a business trip or working from home) to connect and access resources securely on that network.

Site-to-site VPN. Conversely, a site-to-site VPN is typically used by companies and organizations with multiple offices spread across locations around the country or around the world to connect and share data securely.

At the consumer level, there are two additional types of VPN: router VPNs and VPN services.

Router VPNs. Writing for Malwarebytes Labs, Senior Security Researcher Jean Taggart recommends the router VPN as the “one VPN to rule them all.” As an at home solution, the convenience of a router VPN can’t be beat. Any device connected to your home network is automatically protected by the router VPN—even devices that don’t support VPNs natively (e.g. Xbox and PlayStation). The only problem with router VPNs is that they’re difficult to setup. If you’re willing to give it a shot, you can read Jean’s step by step instructions for setting up a router VPN.

VPN services. When people talk about VPNs today, they’re usually referring to a VPN service. With a VPN service, you don’t have to own, setup, or maintain anything. Rather, the VPN service is responsible for the servers, the encryption, and the user authentication. Customers need only install the VPN service provider’s software on their device, by which they’re able to log in to the VPN service’s servers. VPNs services are available for Windows, Mac, Android, iOS, and Chromebook.

“When people talk about VPNs today, they’re usually referring to a VPN service. With a VPN service, you don’t have to own, setup, or maintain anything. Rather, the VPN service is responsible for the servers, the encryption, and the user authentication.”

What is the history of VPNs?

Let’s hearken back to the early days of the Internet. In the early-to-mid-90s people working from home needed a way to quickly and securely access resources kept on the office network. This typically meant connecting your home computer to the office network via unsecured, low-speed dial-up connection. This is where Microsoft engineer Gurdeep Singh-Pall recorded his name on the annals of Internet history.

In 1996 Singh-Pall (who’s now a VP at Microsoft) created a basic form of VPN known as point-to-point tunneling protocol or PPTP, for short. PTPP uses weaker forms of security to keep the riffraff out. While you wouldn’t want to use PTPP today, it was the best way to work remote in its time, being much more secure and speedy than dial-up. It even won the PC Mag Technical Excellence Award in Networking Software.

In 1998 China started to build the Great Firewall to block content from outside the country. As mentioned earlier in this piece, Chinese citizens can and do get around this Internet censorship by using VPNs to connect with outside servers. While VPNs aren’t technically illegal, there is an established history of people being fined for using them.

For the first ten or so years of existence, VPNs were used almost exclusively by businesses and their employees. It wasn’t until the early 2000s that people started to realize the value of VPNs at the consumer level, primarily as a way to protect one’s privacy while using new P2P file sharing services like Kazaa.

“It wasn’t until the early 2000s that people started to realize the value of VPNs at the consumer level, primarily as a way to protect one’s privacy while using new P2P file sharing services like Kazaa.”

In 2013 we learned from Edward Snowden’s disclosures on global surveillance, that the National Security Agency (NSA) had found a way to routinely crack certain obsolete VPN technologies, including PTPP.

In 2016, the video streaming service Netflix started blocking VPNs on the basis of copyright protection. The argument being that users were accessing TV shows and movies not licensed for their region or content for which the rights were sold to some other provider in the region. As an example, the long-running British sci-fi series Doctor Who was removed from Netflix US in 2016, because the rights had been sold to competing streaming service Amazon Prime. However, by way of a VPN, Americans can still watch Doctor Who on Netflix UK.

Hulu and BBC iPlayer adopted similar stances against VPN usage, with the streaming services starting to block VPNs in 2014 and 2015, respectively.

How do I use a VPN?

Here are four quick tips to get you started with VPNs.

  • Do your research. Sometimes VPNs are used by cybercriminals to track your activity and that’s precisely what you’re trying to avoid by using a VPN. A little due diligence goes a long way here. For starters, read the reviews (on a trustworthy review site) before committing to a VPN. You may also want to stick with a trusted vendor within cybersecurity. For new customers looking to bundle their cybersecurity and VPN service, take a look at Malwarebytes Premium +VPN.
  • Avoid free VPNs. Free vs. paid is the litmus test for determining a VPNs legitimacy. Legitimate VPNs typically cost money while free VPNs exist for criminals who don’t want to leave a paper trail. If there’s any way a cybercriminal can be implicated in the use of a VPN to commit crimes, they’ll avoid it. That said, the majority of free VPNs are run by criminals, for criminals.
  • Decide if you need P2P and BitTorrent. As a general policy, some VPNs don’t support BitTorrent and other P2P file-sharing services. There’s nothing inherently criminal about P2P, though such services can be used to share copyrighted or illegal material. That said, if you plan on using P2P, make sure your VPN will allow you to do so before signing up and opening your wallet.
  • Use a good cybersecurity program. VPNs are just one aspect of an all-encompassing cybersecurity strategy. If you’re a business owner or IT admin, you might take a look at Malwarebytes for Teams or one of our other business solutions. Otherwise, home users interested in using the Internet safely and privately should take a look at Malwarebytes for Windows, Mac, iOS, Android, and Chromebook.

For additional tips on keeping your business safe, check out our “5 simple steps to securing your remote employees.” Also see our case study “Lattes, lunch, and VPNs: securing remote workers the right way.”

Cybersecurity info you can't do without

Want to stay informed on the latest news in cybersecurity? Sign up for our newsletter and learn how to protect your computer from threats.

Select your language

Cybersecurity basics

Your intro to everything relating to cyberthreats, and how to stop them.