In simple terms, and for the purpose of privacy, a Virtual Private Network (VPN) achieves two primary objectives: mask your IP address and encrypt network traffic.
What does you ISP know about you?
Everything. Your Internet Service Provider (ISP) is in the powerful position of being capable of controlling many aspects of your online experience. This control is mostly theoretical and regulated but they know about every connection made through their service and in many cases sell this data or “anonymised” versions of it, to third parties 1. They are also responsible for assigning you with your (unique) IP address.
Why is your IP Address important?
Whenever you do anything on the internet, your devices and apps are broadcasting information about you and what you are doing. Collectively, this information can be used to identify you as uniquely different from other people.
One piece of information that is almost always broadcast is your IP address. While personally identifying you using only an IP address isn’t possible without your ISP’s assistance, combined with other information it can be used to uniquely identify you. Some services, Netflix for example, use your IP address to determine which country you are in and use that to allow or refuse access to their service.
One way to prevent your ISP from collecting and selling all of your online activity to shady data brokers without your consent, and to get an IP address that isn’t unique, is to use a VPN.
When you connect to a VPN provider, you are assigned an IP address that is the same as everyone else using that service (“anonymised”) and your your online activity is encrypted (made unreadable by others). The VPN provider knows the IP address your ISP assigned you, but every other site you connect to doesn’t.
In case it isn’t clear, you are shifting trust from your ISP to a VPN provider. The VPN provider can do the same things your ISP can so it’s important to do your research and make sure you trust the VPN provider more than your ISP.
One of the simplest and most user-friendly VPN providers is TunnelBear with 500MB included in their free plan. I usually recommend them to people just starting to dip their toes into using a VPN.
Download the Mac app and open it up.
You’ll be presented with a prompt to install their helper tool. Go ahead and do that.
If you haven’t created an account, you can do that within the app. Use an email alias if you want to retain some level of anonymity.
…or click the link at the bottom of the window and log in if you already have an account.
Once signed in, click the little cog icon in the top right of the window and select “Preferences”. In the “General” section I’d recommend selecting at least both checkboxes for notifications.
In the “Security” section, select “VigilantBear”. This is TunnelBear’s version of a “kill switch” (fancy term for stopping all network traffic) which will ensure that your internet connection will only work if you are connected to the VPN and your real IP address won’t “leak”.
In the “Trusted Networks” section, select the checkbox to always connect to your VPN. If you have networks that you don’t need the VPN activated, you can add those to the “Trusted Networks”.
The main app window is simply an on/off toggle switch and a menu to select what country you want your connection to go through and show up in to all those companies that love to collect your (masked) IP address.
The default setting is “Fastest” which will choose the country for you. Clicking the arrow allows you to specify one of your choosing.
Once that’s done go ahead and click the toggle…
Once connected, you’ll show up to “IP collectors” as being in the country you chose and your IP address will be the one TunnelBear assigns to you.
You can confirm the change in IP address by visiting ifconfig.co with VPN disconnected and then connected.
VPN providers like TunnelBear have a large network of servers (fancy word for other computers connected to the internet) spread out across different countries. Each of these servers have their own IP address and when a VPN provider routes your internet traffic through them you show up as having the IP address of the server that they connected you to. One of the benefits of this approach is that a large pool of other people also share this same IP address, thereby making your online activities much more difficult to uniquely attribute to you.
I personally like TunnelBear and use it in some situations but you should always do your research before trusting your online activities to any company. They were acquired by McAfee in 2018 and their last annual independent security audit was in 2019, so take that into account when making choices.
Here are some of the things to look out for:
- Is any part(s) of their software Open Source? Open Source software is publicly available for inspection and while you may not be able to personally verify it’s legitimacy, others can and do.
- Is their business headquartered in a country that makes getting customer data easy or difficult for governments or other entities?
- What kind of community exists around the company and their product(s)?
- Have they undergone independent security audits?
- What personal data is required for account creation?
Other factors like logging, data retention, and ownership aren’t usually possible to verify, but still worth researching.
See how well you're doing and learn how to improve in other privacy & security areas The Privacy Checkup.