TLDR
If you don’t care whether your government or internet service provider (ISP) can see which websites you visit or what servers you connect to, and you’re using the internet freely without any restrictions, then you probably don’t need a VPN.
If you live in a place where certain sites and services on the internet are restricted or blocked, or where you could be legally threatened, fined, or arrested if you use peer-to-peer file-sharing protocols like BitTorrent, privacy tools such as Tor, or attempt to visit certain websites, you might need a VPN.
If you need a quick VPN recommendation, I would look through the VPN subreddit and FMHY’s privacy resources.
Also know that a VPN might be overkill if you only want to bypass censorship, using encrypted DNS and anti-censorship tools can be enough.
How Does it Work?
When you browse the internet without a VPN, your device connects directly to the website’s server, and the data travels through your ISP (Internet Service Provider). Most websites nowadays use HTTPS (you can tell by the lock icon in the address bar), which means your ISP can’t see what you’re doing on that site, but they can still see which sites you visit, when you connect, and how much data you use.
When you use a VPN, your device connects to the VPN server through an encrypted tunnel. The VPN server then connects to websites on your behalf, so the sites see the VPN’s IP address, not yours. Your ISP can see that you’re connected to a VPN server, but they can’t see what websites you visit or what data you send. Your VPN provider can see that activity instead, meaning you’re transferring your trust from your ISP to the VPN service.
For a better explanation, read this article by Privacy Guides.
What is it used for?
Torrenting
Torrenting uses the BitTorrent peer-to-peer (p2p) protocol for file sharing. When you use it to download or upload copyrighted material, your IP address becomes visible to all the other peers. Copyright monitoring companies can log that IP, trace it to your ISP, and send a DMCA notice. Some ISPs ignore these notices, while others forward them to customers or impose penalties. It highly depends on local anti-piracy laws. Using a VPN masks your real IP with the VPN server’s IP address, and most VPN providers do not act on DMCA notices unless required by local law.
Bypassing Geo-Restrictions and Online Censorship
A VPN routes your traffic through servers in other regions so you appear to be where the server is. This hides your real geolocation and lets you access region-locked services or content blocked by local authorities.
Remote Access
Devices on a self-hosted VPN server can communicate with each other easily as if they are on the same local network. This can help you remotely access your home server or your Network Attached Storage (NAS) device.
Privacy
A VPN enhances privacy by hiding your DNS requests and data patterns from ISPs, network administrators, and other observers. This prevents them from seeing what you access online. It also protects against tracking, making it harder for advertisers or other trackers to link your browsing across sites.
A VPN does not necessarily enhance your security. It does not protect you from malware, phishing, or software vulnerabilities. If you want to enhance your security, there are many tools that can help you like ad-blockers and password managers, but most importantly, you want to educate yourself on online privacy and security and start by figuring out your threat model. Also know that the biggest threat is, and will always be, the user.
A VPN does not completely anonymize you. Your activity can still be tracked by your VPN provider and by the servers you connect to, especially if you log into online accounts or reuse personal identifiers. For better guaranteed privacy, look into using The Onion Router (Tor).
How to choose a VPN?
Free
Free VPNs are either free VPN configs that random people share, free tiers of commercial VPNs, or ones that aim to run solely on donations. Most of them are limited in speed and/or unreliable, but most importantly, they don’t guarantee privacy and can sell your personal data.
I would recommend Cloudflare WARP. It’s technically a VPN because it changes your IP address, but it doesn’t change your location because it routes your traffic through a Cloudflare server that is most likely in your country. However, it doesn’t require registering with an account and is easy to run on any device.
Paid
For most people, I would just find the cheapest recommended one from a comparison chart. Just beware of cheap offers that force you into multi-year contracts.
If you want to compare them yourself, outside of pricing, look out for:
Privacy & Ethics
While your requests are hidden from your ISP and they can’t log your activity, your VPN provider can, and they do because it’s data that they can sell to data brokers. It’s also data that they can use to snitch, by choice or by being forced to by authorities. While most VPN providers declare that they have a “No Logs” policy, you are only taking their word for it. Also understand that you can’t be untraceable on the internet unless you stop using it altogether.
Features
VPN providers often try to sell you extra features like password managers or cloud storage. They may also make completely false claims, such as their VPN protecting you from malware or using some special technology that makes it more private than others.
It’s all BS. A VPN should do one thing and do it right. The only feature you might find useful is the ability to forward ports.
Self-hosted
Self-hosting a VPN can be cheaper than a paid VPN. It will cost you the VPS hosting and a little bit of time for setup, but you get good speeds and no limitations on how many devices you can connect.
For maximum compatibility, use OpenVPN. It’s widely used and trusted by banks, corporations, and governments, and has clients for nearly every device. If you want something modern, fast, and minimal, use WireGuard.
Both are not easy to set up, so I would use a helper script or tool.
Another one worth mentioning is Amnezia. It’s resistant to Deep Packet Inspection (DPI), a common method used for enforcing censorship and blocking VPN connections. It’s also very easy to set up; all you need is SSH access to a VPS with either the root account or a user account with passwordless sudo.
Be wary of VPS bandwidth limits. You will get charged extra if you exceed your limit.
If you’re torrenting, I would try and avoid VPS providers based in Germany or any other country with strict anti-piracy laws.
Tips
- If you use a VPN for torrenting, make sure to bind your torrent
client to your VPN interface so that if your VPN disconnects, your
torrent client also disconnects and your IP address doesn’t leak.
- A self-hosted VPN can also be used for port
forwarding. Some VPN servers allow you to port forward but with some
limitations. Port forwarding improves torrent performance by allowing
peers to initiate
connections to you.
- If you’re using WireGuard and facing bandwidth limits, look here.
Links and Resources
- VPN Subreddit
- FMHY’s Privacy Resources
- FMHY - Anti Censorship
- PrivacyGuides
- Eric Murphy - “Caring about privacy almost ruined my life.”
- Arch Linux System Hardening
- The Onion Router
- RiseupVPN
- Cloudflare Warp
- Techlore’s VPN Comparison Chart
- OpenVPN Open Source Community Edition
- WireGuard VPN
- Amnezia Starter Guide
- Remote Access & Port Forwarding - VPN
- The Wiki - Torrenting Guide - Port Forwarding
- nitred/nrwgmtufinder