A reader recently sent me this question: Why do I need a VPN? Isn’t a proxy server good enough?
I’ve written a number of articles on VPNs, as well as CNET’s directory of the best VPN services, and so I get lots of interesting questions. Over time, I’ll try to answer most of them.
This week, we’re looking at why a proxy server can’t protect you like a VPN can.
To understand that, you need to understand the difference between a proxy server and a VPN. Let’s start with proxy servers.
Proxy servers were initially deployed by companies and ISPs to reduce internet traffic. The reasoning was that some sites were likely to be visited a lot by their users, and instead of downloading the same pages over and over again for different users, why not cache those pages locally for a while, and present those cached pages to each new user who made a request.
This reduced the bandwidth expense of the enterprise or ISP providing access to users, and also, sometimes, reduced the page load time for users. The way this worked was that users made an http request to the proxy server (proxy means something that represents something else) and the proxy then passed that request on to the web server.
As far as the web server was concerned, the user was the proxy, not the originating user on their computer. When the proxy examined or logged the IP address of the request, it was that of the proxy server, not the user.
The practice of using proxy servers expanded to the privacy community for users who want to hide their IP addresses from the servers they are accessing. There are all sorts of reasons you’d want to do this, from protecting your location if you’re concerned about stalking, to illegally watching media content by effectively lying about your country of origin.
This use of proxy servers differs substantially from that of the corporate bandwidth-reducers, because most proxy servers that were set up to conceal originating IP addresses don’t cache data. As a result, they’re relatively lightweight in terms of the infrastructure required to support them. Over time, quite a few free and fee-paid proxy services found their way to the internet at large.
In a way, most VPN services are also proxy services. For a more detailed introduction to VPN services, see my intro to VPNs on CNET. The key thing you need to know is that VPNs don’t just spoof the originating IP address, they also encrypt and secure all internet traffic between your machine and the VPN service.
That’s a huge difference from simple proxy servers. If you send an unencrypted message through a proxy server, anyone between you and that server could intercept your message and read it.
Here’s another way to think about it. If you’re using an open Wi-Fi connection at a local coffee shop and you’re using a proxy service, anyone else using that Wi-Fi connection might be able to intercept and read everything you send.
On the other hand, if you’re on that very same connection, but communicating through a VPN, everything you send is packaged, encrypted, and unreadable.
Proxies also only provide simple spoofing of http and https (i.e., web) traffic. VPNs protect your entire internet connection, which includes all traffic, no matter where or what it’s intended for.
That’s why I strongly recommend a VPN over a mere proxy. Concern over whether or not your private information gets intercepted is far more important than trying to simply spoof an IP address.
If you do use a VPN, remember that since all your traffic is going to travel through the service you use, you should use a reputable provider. In my last VPN article, I explained why I tend not to trust free VPN services. For VPN services that are worth considering, take a look at my 2017 directory of the best VPN services. There are some winners there.
You can follow my day-to-day project updates on social media. Be sure to follow me on Twitter at @DavidGewirtz, on Facebook at Facebook.com/DavidGewirtz, on Instagram at Instagram.com/DavidGewirtz, and on YouTube at YouTube.com/DavidGewirtzTV.