Proxies Versus VPNs
There seems to be a lot of confusion, especially among new users, regarding the difference between proxy servers and Virtual Private Network (VPN) servers (sometimes referred to as VPN tunnels). To make matters worse, there is actually a variety of different types of proxy servers, and VPN tunnels use several different protocols to establish a connection.
You’re probably wondering what the difference is between proxies and VPNs, how they differ, which is better, and what the advantages and disadvantages are. There’s no easy answer to this question, because it really depends on what data you’re trying to access and how much security you need.
Having said that, I typically don’t use a proxy server, and I would rarely ever pay for a proxy service. Since you can get quality VPN services for about the same price, I don’t see much value in paying for proxies. If you’re on the fence about which technology to choose, I would almost always advocate the use of a VPN service.
Before we dig into the nitty-gritty details of how these technologies differ, let’s first discuss how they are similar.
Unblocking Content with Proxies and VPNs
If your chief aim is to unblock content that is censored or prohibited due to your geographic location, know that both proxy servers and VPN servers will get the job done. Both act as a sort of middle man between your computer and the destination web server, by providing a function called Internet Protocol (IP) address masking. This is why they are able to unblock foreign content. But what is IP address masking, and how does it work? Well, first we need to discuss the concept of IP addresses.
Every computer has an IP address, and for the purposes of this illustration, let’s assume that every IP address is globally unique. These addresses are analogous to your home address and the public mail system, and are used to send data to a specific, unique destination computer. Furthermore, IP addresses are distributed around the world by geographic region. When a server sees an IP address, it can intelligently gauge which country (or even the exact city) in which the IP address resides.
IP addresses consist of four numbers separated by three periods. The following is an example of a public IP address:
Some services like Netflix, BBC iPlayer, Hulu, and HBO look at an incoming connection’s IP address and make decisions regarding whether to block or permit that connection, based on the user’s location.
As an example, let’s pretend that you live in Chicago and want to access BBC iPlayer’s content (which is only accessible in the UK). The BBC iPlayer server would note that your IP address (for example 188.8.131.52) resides in Chicago, and then block the connection. If you wanted to unblock the BBC content from Chicago, you would first need to connect to a proxy service or VPN server that is hosted in the UK.
In so doing, you would essentially be borrowing a UK IP address from the server, thus allowing you to connect to the BBC server. The proxy or VPN server will make web requests on your behalf, and then send your computer the data it downloads. The destination BBC server would only see a single inbound connection from an IP address from the UK; the proxy or VPN server acts as a sort of IP address broker.
Not only does IP address masking allow users to unblock foreign content, but it also protects users’ anonymity. As long as the VPN server doesn’t log user activities (and none of the legitimate services do), destination web servers never see the user’s true IP address. Furthermore, the same IP address can be shared among many users, making it virtually impossible to track users’ online activities.
Unfortunately, proxy servers suffer from one fatal flaw, as detailed below.
Proxy Server Basics
There are several types of proxy servers, as we’ll discuss shortly. First, I want you to be aware that while they do provide anonymity (by and large), most proxy servers do nothing to increase your security. For instance, even though an HTTP web proxy will anonymize your IP address and allow you to unblock websites, your data will be sent in an un-encrypted format.
That’s the main drawback to proxy servers. As your data is transmitted through the public internet, third parties can capture and read it without your consent. Though it’s not always legal to do so, illegality hasn’t ever stopped hackers. More worryingly, governmental agencies and big businesses have sophisticated means to track what you’re doing online.
Through anonymity, proxy servers can help mitigate ad tracking mechanisms. But governments and ISPs can still read the data you’re transmitting, which may or may not have dire consequences. If, for instance, you’re in a country that has strict internet censorship, you could be in a world of hurt if you get caught accessing censored content.
On a happier note, proxy servers typically have less overhead than VPN connections, since proxies don’t take the time to encrypt data. As such, I would only recommend using proxy servers to unblock inconsequential data, such as trying to stream movies from your favorite media site, like Netflix or Hulu.
The following are a few types of the most common proxy servers:
• HTTP/web proxy server – used for web browser data using the HTTP protocol. Does not offer encryption (unless the website you’re trying to connect to uses HTTPS).
• SOCKS proxy server – comparable to a transport protocol, like Transmission Control Protocol (TCP) or User Datagram Protocol (UDP), in that it does not support native encryption through the Socket Secure (SOCKS) connection. Instead, the protocol running through the SOCKS server must provide encryption.
• Domain Name System (DNS) proxies and Smart DNS – not really a true proxy per se, but helps provide access to a cached DNS system.
Proxy server pros:
• Some proxy services are free
• Extremely low overhead
• Often bundled with VPN packages for free
• Allows users to unblock websites
Proxy server cons:
• Most proxy services lack encryption
• Unencrypted proxy connections can be eavesdropped upon by malicious, nosy third parties
• You don’t always know who is hosting a proxy server if it’s a free connection; it could be a legitimate server, or a trap by a hacker or some stranger living in his/her mother’s basement
VPN Tunnel Basics
VPN tunnels fill the gaps left by most proxy services. Since VPN tunnels offer data encryption, it’s impossible for third parties like governments, Internet Service Providers (ISPs) and hackers to eavesdrop on your data transmissions as they traverse the public internet.
The following are among the most common and popular VPN connection protocols and technologies:
• PPTP (Point to Point Tunneling Protocol) – only offers weak encryption, is easily cracked, and should be avoided when sending sensitive and private data.
• L2TP/IPsec (Layer 2 Transport Protocol/IP Security) – offers secure encryption and is fairly common among VPN services.
• OpenVPN – an open standard that frequently uses AES-256-bit encryption and SHA-256, and is the most common standard among VPN service providers.
There are certainly other types of encryption technologies, but these three seem to dominate the industry. In fact, there are a few oddball encryption protocols that are proprietary to individual providers; however, these proprietary protocols are usually a modified version of OpenVPN.
Raw data encryption is perhaps the largest advantage of a VPN tunnel. It works by using complex mathematical formulas to encrypt data in such a way that it can only be decrypted with a unique key. One of the strongest types of encryption is AES-256, which is so powerful that mathematicians estimate it would take billions of years (with the world’s fastest computers) to crack a single key. Even though it’s theoretically possible, to put it bluntly, it ain’t gonna happen. That’s why people say it’s virtually impossible to break an AES-256 key.
While L2TP and OpenVPN are still extremely strong protocols, I’d advise you stay away from PPTP. It was created back in the early 1990s by a Microsoft consortium. Needless to say, it has long been an antiquated protocol that only offers weak encryption. In fact, due to flaws in its algorithm, it can actually be cracked with relatively cheap software. However, that doesn’t mean it’s entirely useless.
Though I would not recommend using it to send sensitive data, PPTP is still moderately useful for gaming and streaming multimedia content. You see, PPTP has less overhead than OpenVPN and L2TP, making it a little more efficient. You’ll still encounter latency overhead, because your data must first be routed through a VPN server, but PPTP eats up fewer CPU cycles than other encryption alternatives.
In summary, the following are the advantages and disadvantages of VPN tunnels over proxy servers:
VPN server pros:
• Offers secure encryption that can’t be broken
• Makes your data invisible to third parties like governments, ISPs, ad tracking agencies, and hackers
• Allows users to securely unblock content
• Includes extra features that surpass proxy services, such as double data encryption, DNS leak protection and kill switches
VPN server cons:
• More processing overhead than proxies, due to encryption
• Typically cost money (though some of them are extremely cheap)
I’m something of a security nut, so admittedly a little biased. I don’t often see much value in proxy servers, especially if the data isn’t encrypted. I certainly wouldn’t pay for a service that only provides unencrypted proxy connections, since you can get VPN services for next to nothing these days.
Personally, I like the peace of mind of knowing that my data is safe, secure, and anonymous. With features like cascading VPN tunnels, double data encryption, anti-Web Real-Time Communication (WebRTC) leaks, anti-Internet Protocol version 6 (IPv6) leak protection and DNS leak protection, I see too much value in VPN tunnels to opt for an inferior technology. Furthermore, many VPN clients come with a kill switch to help prevent unencrypted downloads when using peer-to-peer or BitTorrent clients.
Perhaps the only viable reason I’d use a proxy is to stream blocked content, like BBC iPlayer or a blacked-out sports game. However, since I can already do that with my VPN tunnel, I don’t have need of a proxy server. Lastly, I’d caution you to watch out for proxy services masquerading as VPN tunnels. I’ve run across a couple of services in my time that claimed to be “smart VPN tunnels” or “light VPN tunnels,” which turned out to be nothing more than a Smart DNS or HTTP proxy service – it pays to read the fine print!