Do I Need a VPN?

Before we begin, you need to assess for your threat model, which is described in more detail in this guide here. I suggest reading through it before proceeding.

There is an industry out there that is scaring people into thinking they need a VPN for privacy and security reasons. All a VPN does is redirect your browsing activity from your internet service provider (ISP), to that of another, and by using a VPN, you are adding a third-party in between as the data first travels through their servers.

This may raise the question why any one would use a VPN as, on the face of it, that actually seems less secure! Well, it again depends on your threat model. For example, if you are on public Wi-Fi, the connection to the internet will be passed through someone else’s servers and they could be intercepting your data, or someone else on the network may be intercepting. In these cases, trusting your data to a VPN may be the better option.

Depending on your jurisdiction, what the laws are and how they are enforced, using a VPN when accessing “dodgy” websites might be a must. In these cases, you do not want your ISP to know you access such websites as they may block your connection or warn you, possibly referring you on to the authorities.

Which VPN?

I would advise against a VPN company that has been using scare tactics to get customers. I find these to be deceitful.

I would also secondly very strongly advise against using a free VPN. As I mentioned, by using a VPN, you are entrusting your data to a third-party who has your data pass through their servers, and these servers are not free to operate. If you are not paying for the upkeep and maintenance of a VPN, you need to question how is the VPN getting the money it needs to function? In a lot of these cases, the answer is that free VPNs are intercepting data and monetising it in some way - you are the product here, trading away your privacy for free access to that VPN.

Some services bundle VPNs in with existing products, but I would first read through the fine print to see if these services are operating a log-free policy, do not monetise your data, and are not part of a jurisdiction that shares your information to the authorities. If they seem somewhat legitimate, such as through Proton Unlimited, you may save money by bundling a few services you already use together, and so it could be worth investigating further.

If you push me for a name, Mullvad are usually quite trusted. They are based in Iceland with no logging, charging five euros a month, which can be paid through a number of ways, and have a high level of anonymity - something which you might find important depending on your threat model. For example, if you are an activist, a whistleblower, live in an oppressive regime, or other similar high risk situations where your name and banking information cannot be linked back to having a VPN account, such arrangements might be more beneficial.