VPNs, or virtual private networks, are an important part of any security and privacy toolbox.
VPNs are essentially encrypted connections between two or more devices that enable you to route data through a secure "tunnel." Companies use them to allow employees to access corporate networks from outside the office. Commercial VPN services try to protect your internet traffic from eavesdroppers by routing it through remote servers. In theory, that means that a hacker eavesdropping on public Wi-Fi or your home broadband provider can’t see what you're doing online. Routing your traffic through a remote server can also make it look like you’re in another place, allowing people in countries like China and Russia to access sites that are blocked domestically.
But VPN connections are only as secure as the software that underpins them. Security researcher Thomas Ptacek says his industry is generally distrustful of VPN software. "There's always a gnawing feeling in the back of our skulls” of an unknown security weakness in VPN software, he says. One reason for that is that most VPN software is incredibly complicated. The more complex a piece of software, the harder it is to audit for security issues.