VPN service
{{Short description|Commercial service for proxied Internet access}}
{{For|the more general concept|virtual private network}}
{{Dynamic list|multiple=yes}}
{{Use dmy dates|date=February 2025}}
A virtual private network (VPN) service is a proxy server marketed to help users bypass Internet censorship such as geo-blocking and users who want to protect their communications against data profiling or MitM attacks on hostile networks.
A wide variety of entities provide VPN services for several purposes. But depending on the provider and the application, they do not always create a true private network. Instead, many providers simply provide an Internet proxy that uses VPN technologies such as OpenVPN or WireGuard. Commercial VPN services are often used by those wishing to disguise or obfuscate their physical location or IP address, typically as a means to evade Internet censorship or geo-blocking.
Providers often market VPN services as privacy-enhancing, citing security features, such as encryption, from the underlying VPN technology. However, users must consider that when the transmitted content is not encrypted before entering the proxy, that content is visible at the receiving endpoint (usually the VPN service provider's site) regardless of whether the VPN tunnel itself is encrypted for the inter-node transport. The only secure VPN is where the participants have oversight at both ends of the entire data path or when the content is encrypted before it enters the tunnel.
On the client side, configurations intended to use VPN services as proxies are not conventional VPN configurations. However, they do typically utilize the operating system's VPN interfaces to capture the user's data to send to the proxy. This includes virtual network adapters on computer OSes and specialized "VPN" interfaces on mobile operating systems. A less common alternative is to provide a SOCKS proxy interface.
In computer magazines, VPN services are typically judged on connection speeds, privacy protection including privacy at signup and grade of encryption, server count and locations, interface usability, and cost.{{cite web |last=Paul |first=Ian |url=https://www.pcworld.com/article/3198369/privacy/best-vpn-services-apps-reviews-buying-advice.html#toc-7 |publisher=PC World |title=Best VPN services of 2018: Reviews and buying advice |at=How we tested |date=2018-01-02 |archive-date=2018-01-04 |archive-url=https://web.archive.org/web/20180104160416/https://www.pcworld.com/article/3198369/privacy/best-vpn-services-apps-reviews-buying-advice.html#toc-7 |url-status=dead}}{{cite web |last=Eddy |first=Max |url=http://uk.pcmag.com/software/138/guide/the-best-vpn-services-of-2018 |publisher=PC Magazine |title=The Best VPN Services of 2018 |date=2018-01-15 |archive-date=2018-01-18 |archive-url=https://web.archive.org/web/20180118002225/http://uk.pcmag.com/software/138/guide/the-best-vpn-services-of-2018 |url-status=dead |quote=It's important to keep a few things in mind when evaluating which VPN service is right for you: reputation, performance, type of encryption used, transparency, ease of use, support, and extra features. }}{{cite web |last=Athow |first=Desire |url=http://www.techradar.com/vpn/best-vpn#how-to-test-a-vpn |publisher=TechRadar |title=The best VPN services for 2018 |at=How to test a VPN |date=2018-01-13 |archive-date=2018-01-17 |archive-url=https://web.archive.org/web/20180117232459/http://www.techradar.com/vpn/best-vpn#how-to-test-a-vpn |quote=We were looking for features, value, and clear and honest pricing. Free ways to learn more about a service - free plans, trial periods, refund periods - were important, and we also looked for companies which maintained your privacy when you signed up (no email address required, trials available without credit cards, Bitcoin available as a payment option). |url-status=dead}}{{cite web |last=Athow |first=Desire |url=http://www.techradar.com/vpn/best-vpn#how-to-choose-a-vpn-here-are-6-tips |publisher=TechRadar |title=The best VPN services for 2018 |at=How to choose a VPN: Here are 6 tips |date=2018-01-13 |archive-date=2018-01-17 |archive-url=https://web.archive.org/web/20180117232459/http://www.techradar.com/vpn/best-vpn#how-to-choose-a-vpn-here-are-6-tips |url-status=dead}}
In order to determine the degree of privacy and anonymity, various computer magazines, such as PC World and PC Magazine, also take the provider's own guarantees and its reputation among news items into consideration. Recommendation websites for VPNs tend to be affiliated with or even owned by VPN service providers.{{Cite journal |title=Investigating the VPN Recommendation Ecosystem |url=https://www.ieee-security.org/TC/SPW2022/ConPro/papers/ramesh-conpro22.pdf |journal=IEEE Security}}
In 2024, 1.6 billion people will use VPNs. By 2027, this market is projected to grow to $76 billion.{{Cite web |last=Hooson |first=Mark |date=2025-03-03 |title=VPN Statistics |url=https://www.forbes.com/uk/advisor/business/vpn-statistics/ |access-date=2025-03-19 |website=Forbes UK |language=en-GB}}
VPN use cases
- Accessing geo-restricted content. VPNs allow users to bypass regional restrictions by hiding their IP address from the destination server and simulating a connection from another country. For example, users in regions with limited streaming libraries can use VPNs to access content available in other locations, such as accessing Netflix US from abroad.{{Cite journal |last=Smith |date=2023 |title=Unlocking Streaming Libraries: How VPNs Bypass Geo-Restrictions |url=https://techprivacyjournal.org/vpn-geo-restrictions |journal=TechPrivacy Journal}}{{Cite web |title=What Is Geo-Blocking and How to Bypass It in 2024? |url=https://www.01net.com/en/vpn/geo-blocking/#:~:text=You%20can%20bypass%20geo-blocks,through%20a%20free%20web%20proxy |access-date=2024-11-20 |website=01net |language=en-US}}
- Protecting data on public Wi-Fi. Public Wi-Fi networks, such as those in cafes or airports, often do not provide isolated encryption for each connected device. In those cases, VPN services can provide a certain level of protection. When in use, potential eavesdroppers on the network can only observe that a connection to the VPN server is made by a user's device.{{Cite journal |last=Karaymeh |first=Ashraf |last2=Ababneh |first2=Mohammad |last3=Qasaimeh |first3=Malik |last4=Al-Fayoumi |first4=Mustafa |date=2019-10 |title=Enhancing Data Protection Provided by VPN Connections over Open WiFi Networks |url=https://ieeexplore.ieee.org/document/8923104/ |journal=2019 2nd International Conference on new Trends in Computing Sciences (ICTCS) |pages=1–6 |doi=10.1109/ICTCS.2019.8923104}} As of June 2025, however, approximately 98% of human-generated internet traffic was encrypted using TLS through the HTTPS protocol, as estimated by Cloudflare.{{Cite web |title=HTTP requests by HTTP/HTTPS time series: Distribution of HTTP requests by HTTP protocol (HTTP vs. HTTPS) over time |url=https://radar.cloudflare.com/explorer?dataSet=http&groupBy=http_protocol&filters=botClass%253DLikely_Human&timeCompare=2025-06-01 |url-status=live |access-date=June 9, 2025 |website=Cloudflare Radar}} When TLS is used, network eavesdropping can only point out the IP addresses or hostnames a user is connecting to. Interception of network requests by a bad actor in the form of a Man-in-the-middle attack will most likely result in a certificate warning in being displayed in the user's browser, as described in IETF RFC 5280.{{Cite report |url=https://datatracker.ietf.org/doc/rfc5280/ |title=Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile |last=Boeyen |first=Sharon |last2=Santesson |first2=Stefan |last3=Polk |first3=Tim |last4=Housley |first4=Russ |last5=Farrell |first5=Stephen |last6=Cooper |first6=David |date=2008-05 |publisher=Internet Engineering Task Force |issue=RFC 5280}} SSL stripping (the practice of downgrading a connection to unencrypted HTTP{{Cite news |last=Greenberg |first=Andy |date=2009-02-18 |title=Breaking Your Browser's 'Padlock' |url=http://www.forbes.com/2009/02/18/black-hat-hackers-technology-security_0218_blackhat.html |archive-url=https://web.archive.org/web/20140227132201/http://www.forbes.com/2009/02/18/black-hat-hackers-technology-security_0218_blackhat.html |archive-date=2014-02-27 |access-date=2025-06-09 |work=Forbes |language=en}}{{Cite news |title=SSLStrip Hacking Tool Released -- Dark Reading |url=http://www.darkreading.com/security/news/214502801 |archive-url=https://web.archive.org/web/20131002162345/http://www.darkreading.com/security/news/214502801 |archive-date=2013-10-02 |access-date=2025-06-09 |work=Dark Reading |language=en}}{{Cite journal |last=Shahid |first=Muhammad Azhar |last2=Akram |first2=Urooj |last3=Shahid |first3=Muhammad Mazhar Ali |last4=Samad |first4=Ali |last5=Mushtaq |first5=Muhammad Faheem |last6=Majeed |first6=Rizwan |date=2020-11 |title=A Systematic Approach Towards Compromising Remote Site HTTPS Traffic Using Open Source Tools |url=https://ieeexplore.ieee.org/document/9318180/ |journal=2020 IEEE 23rd International Multitopic Conference (INMIC) |pages=1–6 |doi=10.1109/INMIC50486.2020.9318180}}), however, doesn't always result in a browser warning,{{Cite journal |last=Hossain |first=Md. Shohrab |last2=Paul |first2=Arnob |last3=Islam |first3=Md. Hasanul |last4=Atiquzzaman |first4=Mohammed |date=2018-04-01 |title=Survey of the Protection Mechanisms to the SSL-based Session Hijacking Attacks |url=http://www.macrothink.org/journal/index.php/npa/article/view/12478 |journal=Network Protocols and Algorithms |volume=10 |issue=1 |pages=83 |doi=10.5296/npa.v10i1.12478 |issn=1943-3581}} although this has been partly mitigated by the implementation of HTTP Strict Transport Security.{{Cite web |last=Ali |first=Junade |date=2017-10-20 |title=Performing & Preventing SSL Stripping: A Plain-English Primer |url=https://blog.cloudflare.com/performing-preventing-ssl-stripping-a-plain-english-primer/ |url-status=live |access-date=2025-06-09 |website=The Cloudflare Blog}}{{Cite book |last=Bramwell |first=Phil |title=Hands-on penetration testing on Windows: unleash Kali Linux, PowerShell, and Windows debugging tools for security testing and analysis |date=2018 |publisher=Packt Publishing |isbn=978-1-78829-509-3 |location=Unleash Kali Linux, PowerShell, and Windows debugging tools for security testing and analysis}} Hence, this use case of VPN services is subject of discussion.
- Ensuring privacy for activists and journalists. Activists and journalists working in restrictive or authoritarian regions often use VPNs to maintain anonymity and protect sensitive communications. VPNs mask IP addresses and encrypt data, ensuring safe access to information and secure communication channels.{{Cite web |author1=Chiara Castro |date=2024-01-26 |title=Data privacy: top VPN helps journalists and activists to stay safe online |url=https://www.techradar.com/pro/vpn/data-privacy-top-vpn-helps-journalists-and-activists-to-stay-safe-online |access-date=2024-11-20 |website=TechRadar |language=en}}
Criticism and limitations
Users are commonly exposed to misinformation on the VPN services market, which makes it difficult for them to discern fact from false claims in advertisements.{{Cite journal|last1=Perta|first1=Vasile C.|last2=Barbera|first2=Marco V.|last3=Tyson|first3=Gareth|last4=Haddadi|first4=Hamed|last5=Mei|first5=Alessandro|date=2015-04-01|title=A Glance through the VPN Looking Glass: IPv6 Leakage and DNS Hijacking in Commercial VPN clients|url=http://dx.doi.org/10.1515/popets-2015-0006|journal=Proceedings on Privacy Enhancing Technologies|volume=2015|issue=1|pages=77–91|doi=10.1515/popets-2015-0006|issn=2299-0984|hdl=10044/1/56834|s2cid=3468680|hdl-access=free}} According to Consumer Reports, VPN service providers have poor privacy and security practices and also make hyperbolic claims.{{Cite web |last=Grauer |first=Yael |title=VPN Testing Reveals Poor Privacy and Security Practices, Hyperbolic Claims |url=https://www.consumerreports.org/vpn-services/vpn-testing-poor-privacy-security-hyperbolic-claims-a1103787639/ |access-date=2023-01-18 |website=Consumer Reports |date=30 September 2022 |language=en-US}} The New York Times has advised users to reconsider whether a VPN service is worth their money.{{Cite news|last=Chen|first=Brian X.|date=2021-10-06|title=It's Time to Stop Paying for a VPN|language=en-US|work=The New York Times|url=https://www.nytimes.com/2021/10/06/technology/personaltech/are-vpns-worth-it.html|access-date=2021-12-21|issn=0362-4331}} VPN services are not sufficient for protection against browser fingerprinting.{{Cite web|title=You Tossed Your Cookies But They're Still Tracking You; Here's How to Hide Your Browser Fingerprint|url=https://www.pcmag.com/how-to/you-tossed-your-cookies-but-theyre-still-tracking-you-heres-how-to-hide|access-date=2021-12-21|website=PCMAG|language=en}}
Common misconceptions
- A VPN service does not make one's Internet use private. Users can still be tracked through tracking cookies and device fingerprinting, even if the user's IP address is hidden.
- A VPN service can log the user's traffic, although this depends on the VPN provider.
- A VPN service does not make the user immune to cyberattacks.{{cite web |last1=O'sullivan |first1=Fergus |title=VPN Myths Debunked: What VPNs Can and Cannot Do |url=https://www.howtogeek.com/753661/vpn-myths-debunked-what-vpns-can-and-cannot-do/ |website=How-To Geek |date=27 September 2021 |access-date=16 January 2022 |archive-date=13 November 2022 |archive-url=https://web.archive.org/web/20221113172155/https://www.howtogeek.com/753661/vpn-myths-debunked-what-vpns-can-and-cannot-do/ |url-status=live }}
- A VPN service is not in itself a means for good Internet privacy. The burden of trust is simply transferred from the ISP to the VPN service provider.{{cite web | url=https://ssd.eff.org/en/module/understanding-and-circumventing-network-censorship | title=Understanding and Circumventing Network Censorship | date=25 April 2020 | access-date=15 October 2022 | archive-date=15 October 2022 | archive-url=https://web.archive.org/web/20221015202322/https://ssd.eff.org/en/module/understanding-and-circumventing-network-censorship | url-status=live }}{{cite web | url=https://cdt.org/insights/techsplanations-part-5-virtual-private-networks/ | title=Techsplanations: Part 5, Virtual Private Networks | date=16 October 2018 | access-date=15 October 2022 | archive-date=15 October 2022 | archive-url=https://web.archive.org/web/20221015202316/https://cdt.org/insights/techsplanations-part-5-virtual-private-networks/ | url-status=live }}
- A VPN service is not a VPN. VPNs allow you to access a private network from a remote location as if you were in the same place. VPN services do not grant access to private networks.
Legality
{{see|VPN blocking}}
In March 2018, the use of unapproved VPN services was banned in China, as they can be used to circumvent the Great Firewall.{{Cite news |title=Businesses, consumers uncertain ahead of China VPN ban |language=en-US |work=Reuters |url=https://www.reuters.com/article/us-china-vpns/businesses-consumers-uncertain-ahead-of-china-vpn-ban-idUSKBN1H612F |access-date=2018-04-03}} Operators received prison sentences and were penalized with fines.{{Cite web|date=2017-12-21|title=Man jailed for 5½ years, fined US$76,000 for selling VPN in China|url=https://www.scmp.com/news/china/policies-politics/article/2125326/man-jailed-51/2-years-fined-us76000-selling-vpn|access-date=2020-08-10|website=South China Morning Post|language=en}}{{Cite web|last=Cimpanu|first=Catalin|title=Chinese man arrested after making $1.6 million from selling VPN services|url=https://www.zdnet.com/article/chinese-man-arrested-after-making-1-6-million-from-selling-vpn-services/|access-date=2020-08-10|website=ZDNet|language=en}}{{Cite web|date=2020-07-30|title=Using a VPN to watch porn gets a man punished in China|url=https://www.scmp.com/abacus/tech/article/3095201/man-punished-using-vpn-scale-chinas-great-firewall-and-watch-porn|access-date=2020-08-10|website=South China Morning Post|language=en}}{{Cite news|date=2019-01-11|title="翻墙"网民受罚 中国进一步强化网络管控|language=zh-Hans|trans-title=Internet User Fined for Scaling Great Firewall - China strengthens Internet Control|work=BBC News 中文|url=https://www.bbc.com/zhongwen/simp/chinese-news-46823319|access-date=2020-08-10}} Russia banned various VPN service providers in 2021.{{Cite news |date=2022-03-14 |title=Russians' demand for VPNs skyrockets after Meta block |language=en |work=Reuters |url=https://www.reuters.com/technology/russians-demand-vpns-skyrockets-after-meta-block-2022-03-14/ |access-date=2022-04-07}}
Comparison of commercial virtual private network services<span class="anchor" id="comparison"></span>
= Privacy =
PC Magazine recommends that users consider choosing a provider based in a country with no data retention laws because that makes it easier for the service to keep a promise of no logging.{{cite web |last=Eddy |first=Max |url=http://uk.pcmag.com/software/138/guide/the-best-vpn-services-of-2018 |publisher=PC Magazine |title=The Best VPN Services of 2018 |at=Can You Trust Your VPN Service? |date=2018-01-15 |archive-date=2018-01-18 |archive-url=https://web.archive.org/web/20180118002225/http://uk.pcmag.com/software/138/guide/the-best-vpn-services-of-2018 |url-status=dead}} PC Magazine and TechRadar also suggest that users read the provider's logging policy before signing up for the service, because some providers collect information about their customers' VPN usage.{{cite web |last=Krebs |first=Brian |authorlink=Brian Krebs |url=https://krebsonsecurity.com/2017/03/post-fcc-privacy-rules-should-you-vpn/ |title=Post-FCC Privacy Rules, Should You VPN? |work=Krebs on Security |date=2017-03-17 |archivedate=2018-01-18 |archiveurl=https://web.archive.org/web/20180118024429/https://krebsonsecurity.com/2017/03/post-fcc-privacy-rules-should-you-vpn/ }} PC World recommends that users avoid free services as a rule of thumb and said free services either sell their users' browsing data in aggregated form to researchers and marketers, or only offer a minimal amount of data transfer per month.{{cite web |last=Paul |first=Ian |url=https://www.pcworld.com/article/3198369/privacy/best-vpn-services-apps-reviews-buying-advice.html#toc-6 |publisher=PC World |title=Best VPN services of 2018: Reviews and buying advice |work=What to look for in a VPN |date=2018-01-02 |archivedate=2018-01-04 |archiveurl=https://web.archive.org/web/20180104160416/https://www.pcworld.com/article/3198369/privacy/best-vpn-services-apps-reviews-buying-advice.html#toc-6 }}
= Technical features =
Notes
{{notelist|group=VPN_table02}}
= Encryption =
Notes{{notelist}}
= Definitions =
The following definitions clarify the meaning of some of the column headers in the comparison tables above.
{{glossary}}
{{columns-list|colwidth=50em|
{{term|1=Anonymous payment method|2=Anonymous payment method {{anchor|Anonymous payment method}}}}
{{defn|1=Whether the service offers at least one payment method that does not require personal information. Even if a service accepts a cryptocurrency like bitcoin, it might still require that the customer hands over personally identifiable information (PII) like their full name and address.}}
{{term|1=Bandwidth|2=Bandwidth {{anchor|Bandwidth}} }}
{{defn|1=Whether the users' bandwidth is logged while using the service, according to the service's privacy policy.}}
{{term|1=Diskless|2=Diskless {{anchor|Diskless}} }}
{{defn|1=Whether the service's server hardware is connected to hard drives, according to the service provider. If the servers are diskless, the service provider should be unable to log any usage data.}}
{{term|1=First-party DNS servers|2=First-party DNS servers {{anchor|First-party DNS servers}} }}
{{defn|1=Whether the service provides its own domain name system (DNS) servers.}}
{{term|1=Kill switch|2=Kill switch {{anchor|Kill switch}} }}
{{defn|1=Whether the service has the ability to immediately sever your connection to the Internet in the event that the VPN connection fails. This prevents a user IP address leak.{{cite web |url=https://www.top10vpn.com/guides/vpn-kill-switch/ |title=What Is a VPN Kill Switch? |url-status=live |archiveurl=https://web.archive.org/web/20220802163519/https://www.top10vpn.com/guides/vpn-kill-switch/ |archivedate=2022-08-02 }}}}
{{term|1=Logging|2=Logging {{anchor|Logging}} }}
{{defn|1=Whether the service stores information about their users' connection or activity on the network, according to the service's privacy policy or terms of service. If logging isn't mentioned in those sections but denied somewhere else on the website, the particular table cell will be marked as "No" in yellow and include an explanatory note.}}
{{term|1=Privacy Impact Score|2=Privacy Impact Score {{anchor|Privacy Impact Score}} }}
{{defn|1=An indicator of a website's usage of potentially privacy intrusive technologies such as third-party or permanent cookies, canvas trackers etc.{{cite web |url=https://webcookies.org/doc/privacy-impact-score |title=Cookie Privacy Impact Score |url-status=dead |archive-url=https://web.archive.org/web/20171230101417/https://webcookies.org/doc/privacy-impact-score |archive-date=2017-12-30 }} The score can be in the range from 0 to 100, where 0 is minimal privacy impact (best) and 100 is the biggest privacy impact (worst) relative to other web sites. The score also has a simplified letter and colour presentation from A to F where A is "No cookies" and F is "Score above three standard deviations from the average". The metric is developed by WebCookies.org.}}
{{term|1=Obfuscation|2=Obfuscation {{anchor|Obfuscation}} }}
{{defn|1=Whether the service provides a method of obfuscating the VPN traffic so that it's not as easily detected and blocked by national governments or corporations.{{cite web |url=https://blog.torproject.org/obfsproxy-next-step-censorship-arms-race |title=Obfsproxy: the next step in the censorship arms arce / Tor Blog |author=Tor |work=Tor Blog |date=2012-02-16 |url-status=live |archiveurl=https://web.archive.org/web/20180111044351/https://blog.torproject.org/obfsproxy-next-step-censorship-arms-race |archivedate=2018-01-11 }}{{cite web |url=https://community.openvpn.net/openvpn/wiki/TrafficObfuscation |title=TrafficObfuscation - OpenVPN Community |author=OpenVPN |work=Wiki |url-status=live |archiveurl=https://web.archive.org/web/20180111044622/https://community.openvpn.net/openvpn/wiki/TrafficObfuscation |archivedate=2018-01-11 |author-link=OpenVPN }}}}
{{term|1=Offers WireGuard|2=Offers WireGuard {{anchor|Offers WireGuard}} }}
{{defn|1=Whether the service provider offers the WireGuard tunneling protocol.}}
{{term|1=SSL rating|2=SSL rating {{anchor|SSL rating}} }}
{{defn|1=The service's website's overall SSL server rating according to Qualys SSL Labs' SSL Server Test tool.}}
{{term|1=Supports Obfsproxy|2=Supports Obfsproxy {{anchor|Supports Obfsproxy}} }}
{{defn|1=Whether the service has an implementation of the Tor subproject Obfsproxy.}}
}}
{{glossary end}}
References
{{Reflist}}
{{commons category}}
{{VPN}}
{{DEFAULTSORT:VPN services}}