A virtual private network (VPN) is an essential tool for maintaining your privacy when using the internet. It connects your device to a VPN server, which is run by a VPN provider (such as Proton VPN).
These typically operate many servers located around the world (Proton VPN runs over 1900 VPN exit points in over 65 countries worldwide).
The connection between your device and the VPN server is securely encrypted so that your ISP can’t see the contents of your data. DNS queries are routed through the encrypted connection (also known as a VPN tunnel) to be resolved by your VPN provider, so your ISP can’t know which websites or other resources you visit on the internet.
Similarly, websites you visit can’t see your real IP address. All they can see is the IP address of the VPN server.
- A VPN protects you from your ISP
- A VPN protects you from government surveillance
- A VPN protects you from censorship
- A VPN helps protect you from website tracking
- A VPN protects you from P2P peers
- A VPN protects you from public WiFi hackers
- A VPN protects you from public WiFi hosts
- What does a VPN not protect you from?
- Netshield Ad-blocker
- Gain extra protection with Secure Core
What does a VPN protect against?
This setup might sound simple, but it protects you against a wide range of threats on the internet.
A VPN protects you from your ISP
Usually, your ISP can know a great deal about what you do on the internet. If you visit websites that are not protected by HTTPS, then it can see everything you do on that website, including every page you visit on the website and anything you enter into online forms (for example, payment details).
Fortunately, most websites these days are protected by HTTPS. This prevents your ISP from seeing what you do on a website, but it can still see which websites you visit. This provides it with a great deal of personal information about you, even if it doesn’t know what exactly you do on a website.
After all, it’s fairly easy to work out your political affiliation if you regularly visit gop.com, your sexual orientation if you visit Grindr, or your medical condition if you visit an abortion clinic’s website.
And in the United States, ISPs fought hard to win the right to sell your browsing data for advertising purposes.
A VPN protects you from government surveillance
By far the easiest way for governments to spy on their citizens is to require ISPs to log their customers’ online activity.
In the EU, the 2006 Data Retention Directive (DDR) was declared invalid by the Court of Justice of the European Union in 2014 on human rights grounds, but by that time, most EU countries had transposed it into local law. Not one of these countries has since repealed local implementation of the DDR, so most countries in the EU can legally demand that ISPs log their customers’ browsing histories.
The UK has gone even further than this with the far-reaching Investigatory Powers Act 2016 (aka the “Snoopers Charter”), which allows it to require ISPs to store customers’ browsing histories for twelve months. The UK government is working hard to realize this ambition.
In India, the Department of Telecommunications has had virtually unrestricted access to web traffic directly from ISPs.
The United States has no mandatory data retention laws, but Edward Snowden’s NSA disclosures made it clear that the use of national security letters (NSLs) accompanied by gag orders requiring ISPs to cooperate in government mass surveillance programs is very widely practiced.
And so on.
A VPN stops your ISP from being able to log what you do online, and is therefore highly effective at stopping untargeted government surveillance of your online activity.
Just be aware that it won’t stop government surveillance that is targeted specifically at you (for example, the type of surveillance carried out by the NSA’s Computer Network Operations unit).
A VPN protects you from censorship
Repressive governments around the world try to restrict their citizens’ access to the free and open internet. With a VPN, you can easily bypass these restrictions by simply connecting to a VPN server located somewhere that doesn’t censor the internet.
Of course, governments are aware of this, so some of them also try to block access to VPN services. Many VPN providers work to counter these blocks using obfuscation technologies such as Proton VPN’s WireGuard TCP and Stealth protocols.
These technologies can be highly effective at overcoming VPN censorship blocks, but doing this is always a game of cat-and-mouse.
Although government censorship is the most high-profile (and worrying) kind of censorship that a VPN can overcome, they can also be useful for unblocking internet restrictions at work or college.
A VPN helps protect you from website tracking
Websites and other internet resources that you visit can usually know your IP real address, the numerical value assigned to your internet connection by your ISP. This number uniquely identifies your internet connection, and with the cooperation of your ISP, can be used to track down your name, address, and other personal details. It also gives websites a good idea of your geographic location.
When using a VPN, they can’t see your real IP address. All they see is the IP address of the VPN server (and you appear to access the internet from the location of the VPN server, not your real location).
Note that websites often have other ways to track you than just your IP address, such as cookies and device or browser fingerprinting. However, bad as such tracking is, it’s not as invasive to your privacy as knowing your real IP address.
Proton pro-tip: All Proton VPN apps include NetShield ad-blocker, a DNS filtering feature available if you are on Proton VPN plus plan helps to block website tracking and malicious scripts.
A VPN protects you from P2P peers
The BitTorrent protocol allows you to share files directly with other torrent users without the need for them to be hosted on a centralized server. The downside of this is that for torrenting to work, everyone sharing the same file as you (your “peers”) can see your real IP address.
However, if you use a VPN, the IP address that your peers’ see is the IP address of the VPN server, not your real IP address.
It is therefore strongly advised to only torrent when protected by a VPN. Proton VPN allows torrenting on our special P2P-optimized servers, which are available to everyone on a Proton VPN Plus plan.
Proton pro-tip: Improve your torrent speeds with Proton VPN’s port forwarding feature.
A VPN protects you from public WiFi hackers
A VPN encrypts the connections between your device and the VPN server. This prevents anyone who tries to intercept your WiFi connection on an unsecured public WiFi network, whether using WiFi sniffing, evil twin hotspots, or other hacking techniques, from accessing your data.
Hackers abusing public WiFi hotspots used to be a serious menace, but the widespread adoption of HTTPS in recent years means the danger is greatly reduced. If a website uses HTTPS, a hacker should be unable to see what you do on that website.
However, DNS spoofing or DNS poisoning continues to be a risk because DNS requests are still often sent unencrypted to ISPs. A VPN protects against this, as it will route all DNS requests through the VPN encrypted tunnel to be resolved by its own DNS server.
A VPN protects you from public WiFi hosts
You know the long list of Terms and Conditions you scroll through and agree to as quickly as possible so you can access a public WiFi network? That’s your privacy you’re signing away.
The biggest danger when using public WiFi these days isn’t criminal hackers, but the WiFi hosts themselves. Many public hotspots are commercial enterprises that make money selling your browsing history to advertising and analytics companies.
With a VPN enabled, WiFi hosts can’t see what you get up to when connected to their network.
Proton pro-tip: Sign-up using a disposable SimpleLogin by Proton email address so the WiFi operator has no way to track who you are.
What does a VPN not protect you from?
A VPN on its own doesn’t protect you from malware or from being hacked outside of public WiFi networks.
In response to the growing use of VPNs, websites have developed a raft of technologies designed to identify and track you, even if they can’t see your IP address. These include cookies, fingerprinting, HTTP E-Tags, web (or DOM) storage, and browser history sniffing.
A VPN itself cannot protect you against these kinds of tracking, but none of them are as invasive as simply knowing your real IP address.
Although a VPN on its own can only prevent website tracking by hiding your real IP address, all Proton VPN apps also have a DNS filtering feature called NetShield Ad-blocker.
Available to everyone with a Proton VPN Plus plan, this can block not just ads, but also malicious scripts, and many forms of tracking.
Gain extra protection with Secure Core
Secure Core is a feature available to everyone on a Proton VPN Plus plan.
Secure Core is a “double-VPN” feature. With it enabled, your connection is routed through not just one, but two VPN servers. The first of these is located only in a jurisdiction with very strong privacy laws — Iceland, Switzerland, or Sweden. The second server is any of our regular VPN servers.
Secure Core provides additional protection against the unlikely possibility of a server being compromised in some way. It also greatly reduces the potential for end to end timing attacks that aim to identify a VPN user by correlating the time between network traffic entering the VPN server and exiting it.
A VPN can’t protect you against all threats on the internet, but the number of threats it can protect you (or help to protect you) against makes them an essential tool for anyone who cares about privacy and security on the internet.
An important thing to remember is that your VPN provider replaces your ISP in terms of what it can see. Unlike ISPs, most VPN services are designed to protect your privacy, but it is important to choose one that you can trust.
Proton VPN is trusted by millions of activists, journalists, and ordinary people around the world. We are based in Switzerland, which has some of the strongest privacy laws in the world.
Not only do we keep no logs, but under Swiss law we can’t be required to start logging. All our apps are open source and have been independently audited, and our no logs infrastructure has also been independently audited. Our apps also use only the strongest open source VPN protocols and encryption standards.