Everything You Need to Know About VPNs and How They Work

Virtual private networks, or VPNs, may seem complicated at first glance. In-app settings like protocol selection, split tunneling and obfuscation might make you think you need a computer science degree to understand what a VPN is and how to use one. Essentially, a VPN encrypts your internet traffic and masks your IP address, which, similar to your home address, can give away your physical location. Because of this, a VPN lets you keep your online activity private from your internet service provider or make apps and websites to think you’re in a different state or country.

Thankfully, the basics are relatively easy to digest, and we’ve answered some of the most common questions folks have about VPNs. We’ve spent over a decade testing VPNs for a multitude of use cases and across various platforms — throughout which time we’ve acquired a wealth of knowledge and expertise on the subject. Our experience has helped us identify the most important things you need to know about VPNs and what they can do for you. This way, you can start using VPNs for a host of online activities, including streaming or gaming. We’ll update this story regularly, so be sure to check back often.

What is a VPN?

Put simply, a VPN is software that establishes a secure connection between your computer and the internet by running your internet traffic through an encrypted tunnel to a server in a remote location. This encrypted connection can help you protect your privacy online, and it can help you bypass firewalls and unblock geographically restricted websites and streaming content. Your ISP won’t know what apps you use and websites you visit, and by the same merit, apps and websites don’t can’t see your ISP or public IP address. More on all that below.

Why should I use a VPN?

You should use a VPN if you value your online privacy in any way whatsoever. But a VPN can do so much more than just hide your online activity from third parties like your ISP, government agencies, cybercriminals, advertisers or any other snoops. Here are some of the reasons you should consider a VPN, depending on which type of VPN user you are.

Critical VPN users

If you have critically heightened privacy needs — whether in the US or a country with internet censorship blockades — you should prioritize security and privacy when choosing a VPN. For instance, investigative journalists, attorneys, physicians and activists can benefit from using a VPN.

  • If you want to evade internet censorship, you should use a VPN.
  • If you want to bypass firewalls at work or school, or those imposed by the government of the country you’re in, you should use a VPN.
  • If you want to access communication tools including Messenger, WhatsApp, X, Instagram and Zoom from countries with repressive regimes, you should use a VPN.
  • If you’re in a country during any period of political or social unrest when access to vital communication tools is suspended or restricted, you should use a VPN.
  • If you’re traveling and connecting to unsecured public Wi-Fi hotspots, you should use a VPN.
  • If you want to prevent your internet service provider from monitoring your internet activity, you should use a VPN.

Casual VPN users

If you’re not thinking about government surveillance or ISP monitoring when you are considering a VPN, then you’re a casual user and you can use your VPN for tasks a bit less privacy-critical.

  • If you want to unblock geo-restricted streaming content on services like Netflix, Hulu, Prime Video, Max and Disney Plus, you should use a VPN.
  • If you want to access your bank account from abroad, you should use a VPN.
  • If you want to find the best deals on anything from video games to cosmetics to airline tickets, you should use a VPN.
  • If your ISP is throttling your internet speeds for any reason, you should use a VPN.
  • If you’re a gamer and want to globalize your gaming experience and join gaming networks all over the world, you should use a VPN.

How does a VPN work?

When you connect to a VPN through its app or desktop software, your VPN encrypts your internet connection. As your traffic passes back and forth through that encrypted connection — traveling the virtual tunnel between your device and the server you selected — your online activity and your IP address are effectively masked from outside entities.

In a nutshell, the process works like this: As you connect to a VPN server, your device and the VPN server swap encryption keys during a process known as a “handshake.” This handshake process is instant, and it’s essential because it ensures that only the VPN server will be able to decrypt the data you’re sending from your device, and that only your device will be able to decrypt the data being sent back from the VPN server.

Once the handshake is complete, your secure tunnel to the internet is established. Your data is encrypted before it leaves your device, and it then gets shot through the tunnel to the VPN server, where it is decrypted and passed along to the website you’re visiting. Then the website sends data back to the VPN server, where that website’s data is encrypted and shot back through the tunnel to your device. Once it arrives on your device, the website data is decrypted so you can read it.

Any entity attempting to monitor your activity when you’re connected to a VPN will see a bunch of gibberish. They won’t see what websites you’re visiting, what you’re buying, what you’re downloading or what personal information you’re transmitting. (And they won’t see that you’ve been on YouTube watching Men Without Hats’ Safety Dance music video on repeat for the past six hours.) The encrypted VPN tunnel hides all of that.

What does a VPN do?

A VPN keeps your internet traffic private and hidden from anyone looking to snoop on what you do online — whether it’s your ISP, your employer, your school, network administrators, hackers on public Wi-Fi, web trackers or government agencies. In the process, the VPN also conceals your true IP address and swaps it out for the IP address of the VPN server you’re connecting through, meaning any website you visit sees the VPN’s IP address rather than your own. Because your IP address is tied to your physical location, the sites you visit won’t know where you actually are. Instead, they’ll think you’re wherever the VPN server you’re connected to is. (Yes, this is the key to unblocking geo-restricted content across the web.)

How much does a VPN cost?

The price of a VPN typically depends on how long you’re willing to commit to the VPN provider. With most VPNs, the longer you commit, the more money you can save in the long run. Many VPN providers these days offer yearly plans, two-year plans, three-year plans or even lifetime subscription plans. However, given the volatility of the VPN market, we do not recommend committing to a single VPN for more than a year at a time. VPNs get bought and sold, performance fluctuates, features come and go and terms of service may change over time. If you end up going with a long-term subscription plan, you could be paying anywhere from $40 to $250 per year, depending on the provider. If you choose a monthly plan, you’re probably going to be looking at about $5 to $15 a month. Go with whatever suits your needs and budget best, but remember that more expensive doesn’t necessarily equate to higher quality.

We generally recommend avoiding most free VPNs. For one, there’s a good chance they’re going to be selling your data to advertisers and other third parties, which defeats the whole purpose of having a VPN in the first place. Some free VPNs have even been known to inject users’ devices with malware and are downright dangerous to use. Even if that’s not the case with every free VPN, most will be limited in the number of server locations offered, data allowance, speed, unblocking ability, features and so on. The only free VPN we recommend is Proton VPN’s free tier, because it’s secure and doesn’t put any restrictions on usage or speed.

A laptop with a secure connection

VPNs protect your data by encrypting it in a virtual tunnel.

Sarah Tew/CNET

Are VPNs legal to use?

In the vast majority of countries, VPNs are perfectly legal to use. There’s nothing wrong with taking steps to protect your privacy online, and you shouldn’t have to worry that using a VPN for privacy will get you in any kind of legal trouble. That said, there are countries where VPNs are banned and/or illegal. If you’re using a VPN in a country like China, Iran, Oman, Russia, Belarus, Turkmenistan, or the United Arab Emirates (to name a few), then you may find yourself in legal trouble if you’re caught. The irony, however, is that these are the kinds of places that restrict access to certain apps and platforms, which can therefore only be accessed via VPNs. As a result, in those locations, only VPNs that provide obfuscated servers can safely protect your online data by disguising your VPN traffic as ordinary HTTPS traffic.

But VPNs are totally legal throughout most of the world, and you won’t run into any legal trouble just for using one. Keep in mind, though, that engaging in illegal activity online is still illegal regardless of whether you’re using a VPN.

Will a VPN make me totally anonymous online?

No, a VPN won’t make you totally anonymous online, and don’t let any VPN company try to convince you otherwise. Complete anonymity via VPN is a common misconception that only breeds a false sense of security. It’s virtually impossible to achieve absolute anonymity online, but that doesn’t stop many VPN providers from trumpeting misleading claims about keeping users anonymous. A VPN is an excellent tool for protecting your online privacy by encrypting the data you transmit through the tunnel, but it won’t be able to make you 100% anonymous online. The digital footprint you create as you use the internet is next to impossible to completely cover up.

Read more: Why You Should Be Skeptical About a VPN’s No-Logs Claims

Hand working on laptop illustrating cyber crime

VPNs protect your privacy from outside observers, but they’re not a substitute for good internet security practices.

Can I get hacked while using a VPN?

Yes, you can get hacked while using a VPN. Even though you’re using a VPN for online security and digital privacy, you still need to follow basic security best practices when you use the internet. If you click on a phishing link or download a shady email attachment, you may be supplying your sensitive personal data or giving full access to your device directly to a hacker regardless of whether you’re using a VPN.

Read more: Data Privacy Tips Digital Security Experts Wish You Knew

Do VPNs protect against malware?

While some VPNs offer basic malware blocking and anti-phishing protections, don’t rely on your VPN to replace your dedicated antivirus program. You can easily infect your device with malware if you’re not careful online, even if you’re connected to a VPN. It’s ultimately up to you to practice basic cyber hygiene and protect yourself from malware.

Read more: 3 Things VPNs Can’t Help You With

Will a VPN speed up my internet connection?

Generally, no, a VPN won’t speed up your internet connection unless your ISP is deliberately throttling your connection. The process of encrypting your data coupled with routing your traffic through a remote server — which may or may not be an ocean away — will take some time, and will slow down your connection speeds. This is a normal and an unavoidable consequence of using a VPN. If you’re using a quality VPN that offers fast connection speeds, however, your speed loss will be barely noticeable.

But if your ISP is throttling your connection, you could theoretically use your VPN to boost your connection speeds. Maybe you’re downloading a ton of stuff at once, or maybe you’re gaming heavily, or engaging in some other data-intensive activity that’s eating up bandwidth and putting a strain on the network. Your ISP may throttle your connection as a result.

A VPN sidesteps that throttling because everything you’re doing is hidden from your ISP. If your ISP doesn’t know what you’re up to, it doesn’t know what traffic to throttle. Still, under normal circumstances, you shouldn’t expect your VPN to increase your internet speeds.

Can I use a VPN on my phone?

Yes, you can use a VPN on your mobile device, like a phone or tablet. Any VPN provider worth its salt will offer a user-friendly mobile app that you can download to your phone whether you’re running Android or iOS. Although it’s not as objectively secure as the OpenVPN protocol, we’d recommend using the IKEv2 protocol when running a VPN on your phone whenever possible because it is fast, secure and reliable, and it will stay connected even if you switch between Wi-Fi and cellular data. That last point is what makes IKEv2 an ideal protocol for mobile devices. The top VPN providers all offer support for the IKEv2 protocol, so you should have no issues connecting via the protocol when using a VPN on your phone.

VPN logo on mobile phone

You can use a VPN on most internet-connected devices.

Sarah Tew/CNET

What are the different types of VPNs?

There are multiple kinds of VPNs, with the most common being personal or consumer VPNs such as ExpressVPN, NordVPN, Proton VPN and Surfshark. Here are the various varieties of virtual private networks.

  • Personal VPNs: Also known as consumer VPNs, these use a client or app to connect you to a server. You pick a location from the server list and your web traffic gets encrypted. Most folks use personal VPNs for travel, basic privacy, unblocking streaming content, circumventing throttling restrictions and bypassing censorship.
  • Remote access VPNs: A remote access VPN is typically used in the workplace to access information like connecting to file servers from anywhere, or work from home with an encrypted connection. For instance, an IT person from may use a remote access VPN to install software on your computer; the VPN makes it look like two geographically distant PCs are on the same local network.
  • Site-to-site VPNs: A site-to-site VPN connects multiple physical offices (sites). There are intranet site-to-site VPNs, which bridge the local networks of different locations, such as satellite offices of one company. Extranet site-to-site VPNs allow internet and external parties — like a company and its clients — to share resources from around the world, with measures in place to limit access for outside organizations.

Bottom line

It’s more important than ever to take steps to protect your privacy online: No one’s going to do it for you. Getting answers to your questions about VPNs is an important first step. Your next move is to get yourself a VPN and start using it. Take a look at our guides, reviews and comparisons to find the best VPN for your particular needs.