Virtual Private Networks (VPNs) are a handy tool. But it's all too easy to use them for the wrong task, misconfigure them, or otherwise make common VPN mistakes. Here's how to avoid them and get the most out of your VPN service.

Assuming a VPN Ensures Anonymity

One of the most important VPN misconceptions to get out of the way immediately is that using a VPN makes you anonymous online. Assuming a VPN automatically makes you anonymous online is the biggest VPN mistake you can make if your goal in deploying a VPN is hiding your identity.

A VPN can help make your online activities private and, when used properly (and with great caution) can be part of your toolkit for maintaining online anonymity. But a VPN isn't some silver bullet or privacy cloak you can throw over your shoulders and instantly become anonymous. In many ways, a VPN is analogous to a burner phone.

If you buy a burner phone anonymously with cash and never use the phone to identify yourself or connect the phone number with anything from your existing life, it's a fairly anonymous tool. But if you buy the phone with your credit card, immediately start calling people you know, and sign up for services linked to your real-life identity with the phone, then any semblance of anonymity goes out the window.

Much like that, if your goal in using a VPN is to remain anonymous for whatever purpose, then your need to treat the VPN as one part of your privacy plan. You should go out of your way to avoid linking yourself to the activity on the VPN network, including anonymously signing up for the VPN.

Misunderstanding What a VPN Can and Can't Do

The potential anonymity (or lack thereof) is so important we broke that out into a distinct entry above and emphasized it. But misunderstanding, overall, what a VPN can and can't do is the second biggest mistake people make.

A VPN is simply a virtual private network: you connect your computer, phone, or even entire router to a network distinct from the network it is already on. This setup can be as simple as connecting your work laptop to the internal LAN of your home office across town or as complex as routing your entire internet connection through a VPN to appear as if you are in a country on the other side of the world.

But fundamentally, that's all a VPN is: an encrypted tunnel from where you are to somewhere else that makes it looks like all the traffic from your device is coming from wherever somewhere else happens to be.

That tunnel can help stop a coffee shop Wi-Fi hotspot from spying on your connection, allow you to watch a streaming service like Netflix by bypassing geographic restrictions, protect you while torrenting, or give you access to LAN-based resources at your home office. But it won't magically make you anonymous, protect you from malware or ransomware, or change your connection and habits while using it.

Paying for a VPN for Remote Home Access

When configuring a VPN network, there are two crucial components, a VPN server (which hosts the VPN service and accepts connections) and a VPN client (which connects to the server). Paying for a VPN service doesn't help you set up a client-server model with your home network, it helps you set up a client-server model with a remote VPN service.

If your goal is to connect securely to your home network, you don't need to pay for a commercial VPN service. Instead, you need to set up a VPN server on your home network so you can phone home when you are away. You don't need a third-party service to access files on your home network securely.

It's worth noting that you can use your home connection as a VPN, but it has some notable limitations. First, you're limited to geo-shifting from wherever you are in the world to your home internet address---no pretending to be from Canada or Austria. Second, you're limited to the speed of your home connection. If your home internet connection has a very slow upload, you'll have little success using it as a VPN for Netflix or other high-demand activities. But if you have a fiber connection and your only goal is protecting yourself from shady public Wi-Fi hotspots, it's certainly one way to do it.

Not Testing Your VPN Connection

The fundamental function of a VPN is to create a secure tunnel to a remote network. If the tunnel isn't secure or leaks data, the VPN's utility is greatly diminished. At best, you're not getting what you paid for, and maybe your attempt to geo-shift and watch Netflix fails. But at worst, if your motivation for using a VPN is higher stakes than watching Stranger Things, you could end up in jeopardy.

With that in mind, you should always take the time to test your VPN connection to ensure that the connection is secure and it isn't leaking DNS or other data.

Using Old Encryption Schemes

If it's worth doing, it's worth doing right. Just like the encryption schemes used for Wi-Fi security and any other number of things, VPN encryption has evolved and improved over the years.

It's not the early 2000s anymore, and unless you're trying to connect an ancient device to a VPN and have no other choice, there's no reason to use old VPN encryption standards like PPTP or L2TP/IPsec. Instead, you should use modern VPN encryption schemes like OpenVPN and WireGuard.

Using a Free or Cheap VPN

You don't need to spend a lot of money on a VPN service, but you should seriously consider a quality commercial VPN provider over a free or dirt cheap one.

While we have some recommendations for free VPNs (most of which are very basic limited plans from commercial providers), VPNs are very much a get-what-you-pay-for experience.

On the legitimate side of things, free VPNs are slow and/or have limited bandwidth. On the shadier side of things, free VPNs are actually free because they're looking at your data or otherwise trying to monetize the experience in the absence of you directly paying for the VPN.

If you're considering a free or cheap VPN, consider what you're using it for and what's at stake. If you're trying to maintain your privacy, it's worth investing in a reputable VPN. If you're just trying to get access to a new IP address to vote a second time for free Minecraft server loot or something very low-stakes, you may not care about privacy or the security of your data.

Failing to Use a No-Log VPN

The less anybody knows about what you do online, the better. And if you're worried about your privacy enough to use a VPN, the last thing you want is to successfully bypass your ISP or government's logging attempts just to have your VPN log all your internet activity anyway.

This is why it's important to opt for a no-log VPN. No-log VPNs do the minimum amount of logging necessary to operate the VPN service but don't log additional data (and discard any identifying information).

Routing Your Entire Internet Connection Through a VPN

It isn't always a mistake to route your entire internet connection through a VPN tunnel, but doing so by default for the vast majority of people is a mistake.

If you have an explicit and pressing reason to do so, such as you're working remotely in a foreign country and routing your entire connection back to your home country or you're securely tunneling to another country to avoid persecution, by all means, you should do so.

But for the average person, buying a VPN-friendly router and wrapping their entire internet connection in an encrypted tunnel doesn't make much sense. For example, let's say you're Joe Smith, and you live in Buffalo, NY. You buy a VPN router, pay for a VPN service, and you set the VPN server to Austin, TX.

Effectively all this accomplishes is slowing down your internet connection because all VPN tunnels have overhead introduced by the encryption process. Assuming you continue to log into your email, browse the web, watch Netflix, log into social media, and so on, you'll still look like Joe Smith from Buffalo. The only difference is your local ISP won't see what you're up to. Ultimately, that's not a worthwhile tradeoff, so we recommend that most people skip connecting their home network to a VPN.

Torrenting Through US-Based VPN Servers

Obscuring your identity and location while torrenting is a common use for VPNs. If you're using VPNs for torrenting, you can't use just any old VPN service. Opting for a VPN outside of the United States is crucial to avoid legal complications stemming from DMCA notices and related complications.

And if you're on the fence about using a VPN or not, yes, you really do need a VPN when torrenting, and no, incognito mode won't protect you when torrenting.

Failing to Use a Kill Switch

People opt to use VPNs for a variety of reasons, but whatever their motivation, they certainly don't want the VPN suddenly turning off and exposing their internet traffic---be it personal data or active torrents.

That's why you want to use a kill switch. Without a kill switch, when your VPN disconnects, your connection simply rolls over to the existing internet connection. One minute you're connected to a remote server in Lithuania. The next minute you're back on your connection in the U.S.

From a privacy standpoint (and a legal standpoint if you're torrenting or such), that's a disaster. A kill switch will shut down the connection if the VPN tunnel disconnects. You won't have internet access until you remedy it, but you also won't have data leaks revealing your identity or linking your torrents to your personal IP address.

Not everyone one of the mistakes and misconceptions we've outlined here applies to every person's situation, but familiarity with common mistakes will help you use VPNs effectively for your needs and with minimal risk.