What Is A VPN And Why Do You Need One?

Filed Under: Travel Technology

Yesterday Ben wrote about how China’s government may start cracking down on VPN services, which may have caused you to wonder “What the heck is a VPN, and what does it have to do with travel?”

What it boils down to is that no public internet connection is inherently safe or secure. Sure, you might be taking extra precautions on your home network, or using firewalls on your devices, though in my experience most people aren’t.

Whenever you’re using a public connection you’re exposed to flaws in the network, and are a bit at the mercy of anyone using that same network. It doesn’t really matter whether you’re at a coffee shop, a hotel, or on an airplane.


That’s where a VPN (or Virtual Private Network) comes in. It helps protect your data, and is so inexpensive and easy to use that there’s really no reason not to.

Frequent travelers are exposed to a broader range of internet connections, so should be especially aware, but this really applies to everyone.

How do VPNs work?

At the most basic level, a VPN acts as a bit of a shield between your devices and the greater internet. We’re going to keep this explanation very simple, so if you’re an internet security expert of any kind (or if you’ve been around for my previous VPN explanations) you probably want to stop reading now.

When you connect to the internet, your communication with various websites is either encrypted or open based on what site you’re visiting.


Things like Gmail, your bank, Facebook — those are always encrypted (that’s what the https means at the beginning of the URL). So in theory those should be safe, but you’re relying upon the destination site and your internet service provider (ISP) to keep that connection secure. If you’re at home, you can probably trust your own network, but even https can potentially be circumvented by the ISP forcing you to use an alternate certificate (that’s why you sometimes see that padlock with the slash through it in the navigation bar, because the site certificate is suspect).

It gets complicated, but the takeaway is that even normally encrypted sites aren’t necessarily secure when you’re accessing them from a public network.

And everything else is potentially open-season.

Once you’re using a VPN, everything is encrypted to the server of the VPN provider. So it doesn’t matter as much what the security level of the individual sites is, because your VPN creates a shield for your device.


The VPN shield protects you from people reading your data when on public or shared WiFi (whether it’s Starbucks or Gogo). It also prevents less-legitimate sources from looking at your data (be it the guy hacking from the row behind you or the Chinese government), because all they can effectively see is the connection to the VPN. The rest of your internet usage goes into an opaque tunnel.

While obviously better, a VPN still isn’t perfect — it’s like drawing the curtains over your activities versus hanging out with the blinds open and lights on. That’s sufficient for the vast majority of us, and is likely a big improvement over whatever you’re already doing.

How are VPNs useful for travel?

Beyond the security reasons (which should be your primary motivation), VPNs are useful in that they let you circumvent geographic restrictions.

That’s because when you connect to your VPN, you can typically also choose the location of the VPN server you’re connecting to.


So if you’re in China, but you configure your VPN to connect to Hong Kong, you basically get the Hong Kong version of the internet, instead of China’s censored version.

It’s worth noting, however, that the countries that restrict internet access often aren’t terribly keen on VPNs either, so you’ll want to read up on any rules in advance. A VPN can also slow your connection down, which makes sense when you think about how it works, but it’s generally not that bad.

What’s the best VPN?

Honestly, there are hundreds, and as long as the company is reputable and trustworthy, they all work about the same (unless you’re going to China, where the internet is more complicated in general). The VPN company can theoretically see any unencrypted traffic, so you don’t want to use a fly-by-night operation. I’ve used a few different ones:


Last year I used ExpressVPN almost exclusively, and it worked really well. No problems in a variety of geographic locations, and the one time I did have a slight technical issue their customer service was fantastic.

If you’re going to be traveling internationally, especially if you’re going to China, this is the service I would use.



TunnelBear is cheap, and for people who just want more security at the coffee shop or for domestic travel, this is a great option. The basic version is free!

The premium version is less than $4 a month if you buy the annual package, and allows you to use up to five devices.


TunnelBear works on my computer and my phone, and I appreciate their commitment to the bear theme, which I find hilarious.

vyprvpn from GoldenFrog

Vypr is a highly reputable service in China, and was the one endorsed by my geek friends when we went a few years ago. It worked well, though the app was a bit fussier than I’d like, and we had to change servers pretty frequently.

If you’re going to China and need to rely on Google services, I’d sign up for Vypr as a backup to ExpressVPN. The internet situation in China is volatile, so having access to two VPN services could be important.


How do you setup a VPN?

It’s easy. With any of these services you’ll install a program on your computer or phone. Once you connect to the internet, you then open the VPN app to create the network “shield.”

They all have great tutorials should you run into issues, but it generally takes less than five minutes to configure a VPN service.

The one caveat is that you’ll want to set them up before you’re traveling. There are many countries where you can’t access these websites to download a VPN, and it’s better to install these kinds of things from a reliable internet connection anyway.

Bottom line

If you’re accessing public WiFi, ever, you really should be using a VPN.

The services aren’t that expensive, a VPN is easy to setup, and the extra protection is well worth it. I also recommend a password manager to create unique and complicated logins for individual sites (we use LastPass) as an added measure.

Do you use a VPN when you travel? Which one?

  1. Hexatech also works well, it’s free for iPhone not sure about android and you can get it from the App Store, astrill also works really well, and probably has the widest range of countries, however note hexatech is only for mobile devices and tablets and astrill is only for computers!

  2. The hospital I work in has a VPN. It blocks certain inappropriate sites (as expected), but that’s fine with me. I’ve thought about using it when I travel but never did it. I would suspect a hospital’s security would have to be very tight with confidentiality issues and all. How comfortable would you people feel about logging into financial institutions using overseas hotel wifi with this type of VPN?

  3. It’s impossible to access porn sites in Thailand. VPN might help in this case.

    Amazing hypocrites, those Thai people.

    I could like you to explain technically how VPN bypasses the firewall.

  4. @Dave Your hospital’s VPN is designed for people to be able to work at home, at the cafe, or overseas and still have a secure connection to the hospital network. The whole point of a VPN is to have this security.

  5. @ Dave — I would probably set up a personal VPN versus one managed by an employer, but it’s probably safe.

  6. @Jason if you run your own VPN on your own hardware then you lose the crowd anonymity you get with a commercial VPN.

  7. @Dave, I would strongly advise not doing that, for a myriad of reasons:

    1. Your employer can see, in plaintext, all traffic going through the VPN. They can set up automated monitors (e.g. the blocking of particular sites). If you enter a credit card number, the VPN provider (in this case, your hospital) can see it. Thus, you should really only use VPNs provided by your employer for professional responsibilities.

    2. I can’t speak to how your particular hospital is set up, but having done HIPPA-constrained consulting, logging into any production system can constitute a violation of HIPPA — you might have access to PII or other sensitive information by nature of being logged into the VPN.

  8. Jason–
    What you said makes sense and it’s what I suspected. But when I’m work on the hospital network, I oftentimes log on to banking and travel sites that require passwords. Are you saying the person who manages the network can see my passwords?

  9. No, when you goto banking and travel sites with https then it is encrypted before it hits the VPN and network

  10. @Dave, “anon” is correct, assuming that:

    – Your computer is using an up-to-date web browser,
    – Your web browser is using up-to-date SSL ciphersuites, and
    – The site you are visiting is protected with HTTPS and requests those up-to-date ciphersuites.

    In my experience with healthcare IT, the first two are not guaranteed.

  11. @Bruno, the SSL/TLS protocol provides some degree of protection for certain sites (those with valid, high-grade SSL certificates), and assuming that an ISP (notably not the VPN provider) isn’t doing nefarious things with your traffic, like issuing Man-in-the-Middle (MITM) certificates (if I recall correctly, the government of Iran was caught doing something like this, probably among others).

  12. My company deals with the as people in China use a VPN to purchase from our US sites instead of the China site. This allows them to get the cheaper US price.

  13. Well a VPN not only protects your data but also helps in protecting your device. Also please do yourselves a favour and do not use any ‘free’ VPNs, you are their product that means your browsing history etc. is up for sale.

    TorGuard and PIA seem to be the market leaders and please do not buy ‘lifetime’ service as it’s for the company’s lifetime not yours. Companies do close down all of a sudden as many people who bought lifetime service of RogueVPN found out a few months ago.

  14. I use Tunnel Bear when overseas to access my cable content. Primarily for sporting events. While it can slow down may connection it essentially does its job well. The only problem I have is being awake until 1AM to watch hockey games.

  15. I have a question.

    If I’m connecting from my browser, which has all the latest updates, to a reliable site, let’s say my bank, that I’m connecting HTTPS how can anyone see the unencrypted traffic? Even if I’m at Starbucks or some other isp, how can that happen?

    I don’t see how a VPN reduces/eliminates the risk of using an HTTPS connection to some secure site.


  16. Surprised you haven’t mentioned the amusingly-titled HideMyAss product. It’s been working well for me for three years now.

  17. All.

    1) just because you have a VPN, does not mean that it secures all connections. For example, the VPN @dave’s hospital uses likely only secures data going into/out-of the hospital network. It likely doesn’t route all traffic through the VPN. This is true of almost all work VPNs. Your company does not want you streaming Netflix through its network.

    2) VPNs do not in any way shape or form secure your “open” connections as @Tiffany claims. If you make an HTTP connection while on VPN, it will be secure until it gets to your VPN, but then your VPN will just make the HTTP (unsecured) request to the website for you. No data is hidden.

    3) do not rely on VPNs for anonymity

    4) especially in the US, the real issue isn’t really your ISP. Most in the US are fairly trustworthy. Further, do you know what ISP your VPN uses? Probably not. The bigger reason to use the VPN is to prevent man-in-the-middle (MITM) attacks between your computer and untrustworthy network infrastructure (such as the WiFi router at your local coffee shop). As long as you are connecting over HTTPS, and you see the green lock in your browser, MITM attacks are basically all you need to worry about.

  18. No one has mentioned this. I would primarily use a VPN to access Netflix overseas. They cracked down about 6 months ago and I gave up my VPN because it didn’t work any longer. Netflix got aggressive and started blocking/checking for VPN users and wouldn’t allow access. Has this changed? If I get a VPN again would I be able to see Netflix USA?

  19. @brian Netflix had to block VPN for their streaming rights it wasn’t a choice for them in the end. So no it doesn’t work anymore you can still use TiVo or hbonow Hulu etc. You can also download Netflix now to your device.

    I use private internet access it’s cheaper than some of these also they don’t keep logs of anything which to me is important I case that data gets breached.

  20. If you are connecting to a public wifi of any kind without the assistance of a VPN you’re basically doing the equivalent of having sex without protection and hoping for the best. Sooner or later someone is going to be sniffing your network packets for the goods. Do not bother with free VPN apps on iphones or androids. Most of them suck, IP leaks galore making them useless VPNs. I use a really really solid one but I’m not going to tell you who it is because I don’t want it going more mainstream than it has. Unnecessary attention will hurt it’s uberness. If you’re willing to do the investigation, search top VPN providers 2016. Here are some downside to VPN. Sites like facebook is going to drive you nuts because everytime you log in, FB is going to trigger an authentication because it won’t recognize you logging in from what it thinks is a computer that has never logged in with your credentials. So you’re going to be doing the FB photo quiz every time. When you do financial transaction or log on to anything with 2 factor authentication, the service is going to be suspicious of the ip address of your VPN and will bug you for futher authentication. In some cases I have had transactions denied because of vpn. Some sites will flat out deny you access not because of protection because they don’t want someone from another country accessing their site. You will have trouble if you do anything like chromecast your browser or miracast while the VPN is up. If the VPN server you are connecting to has a sucky speed you’re out of luck. Hopefully, they have plenty of servers for you to bounce off of. Lastly, VPN is not a free for all bullet proof vest. You do stupid stuff the man will know. If for example you launch your vpn and you log into some service like amazon, google, yahoo etc. they already know who it is that is attached to the ip address behind the vpn. Your service provider likewise will know you’re behind a vpn by monitoring your activity. While this may all seem sucky, you are still much better off using it when you are in a public wifi situation. Don’t be foolish.

  21. Opera (alternative browser similar to Internet Explorer or Firefox ) bundles in free VPN with their browser. This is available on iOS and android as well.

    If you really really want to be secure, use the TOR browser. Also available free for iOS or Andriod.

  22. I use Smart DNS. Great and reliable service. I have connections setup so I look like I’m in the US, Canada and the UK. I use the Canada and UK one for streaming TV networks over there, plus I can also look like I’m outside the US to get some US TV networks here.

  23. Somehow expressVPN does not work well at my home in Hangzhou China. Therefore I usually set up an openVPN server myself at Amazon Korea which is pretty fast compared to expressVPN.

  24. What about DotVPN for chrome?? Is this any good to use, or is it fairly basic and offers little protection?

  25. I’ve been using StrongVPN from ReliableHosting.com for several years now. It’s served me well for $55/year for SF/LA or UK exit. I’ve used it in China in the past – but not recently.

  26. @relidtm at 8:16pm – i’m moving to italy for about 6 months, and planned on using vpn to stream movies (netflix and amazon) and download books (from my public lib via amazon). it sounds like Netflix is not going to happen. do you know if i’ll be able to access amazon for movies and books?

  27. I strongly recommend Witopia – been using them for many years as I do business overseas. I’m paying $70/yr for a laptop and iOS devices. They have secure servers all over the world. Best to use one close to you unless it’s a banned country. So, for instance in China use the Bangkok server, or to be really careful connect all the way to San Francisco or LA.

    I second the notion above – DON’T USE FREE VPN’s – you are asking for trouble. And always use your solid VPN when in a cafe, hotel, airport, etc on a public WiFi network or built-in Ethernet (hotels sometimes still do this).

  28. Tiffany, thank you for this article. Can you please tell me if you have authentication issues when you log into your secure sites using LastPass and a VPN? I was wondering if the site does not recognize you every time you log in from your known device while traveling since it is seeing a different IP address by routing your information through the VPN. I am thinking about setting this up, but want to know all the different ins and outs before I commit and try to use it while out of the country.

  29. @ cnmaz — I haven’t really noticed any issues with that, or my 2-factor authentication. I think those things can still recognize the device somehow?

  30. @cnmaz — I have to re-authenticate every time I login to both Citi (credit cards) and my local bank (personal and business checking). No issues with any other financial sites, though. I’m running MacOS High Sierra with ExpressVPN and using Last Pass for password management. Not sure if that makes a difference. On my iPhone 8Plus, I have zero problems with ExpressVPN. Go figure.

  31. @wstc – well that is interesting. So it sounds like it would be site specific as to where they recognize the device itself with different IP addresses. I guess for the extra security and only having (possible) issues with just a couple of sites out of all that are accessed it would be worth the small trouble. Thanks for the additional information!

Leave a Reply

If you'd like to participate in the discussion, please adhere to our commenting guidelines. Your email address will not be published. Required fields are marked *