For a more information on how VPNs work, read our detailed VPN guide. Also: What is an IP address and how do you change it with a VPN? Also: How the top VPNs compare The modest decrease to your connection speed is barely noticeable for browsing, but can be disastrous for online games. Being able to simultaneously connect to sensitive sites and services through your secure VPN, and to non-sensitive games and apps means you won’t constantly need to enable and disable your VPN connection when switching tasks. This is important as forgetting to enable it at the wrong time could leave you exposed to security risks. URL-based split tunneling targets traffic being routed to specific URLs, encrypting only that traffic. This type of setup could be configured to encrypt all traffic directed toward your bank’s website, your office’s sign-in and HR pages, or your medical providers’ portal. Any traffic tied to a specific URL can be filtered in this way, while traffic to any unspecified URLs remains on your standard connection. Many VPNs offer a browser extension to help users set which URLs will be encrypted. App-based split tunneling is nearly identical to the URL-based variety, but it filters the traffic of specific apps, rather than specific URLs. A few coordinating examples would be logging into your bank’s mobile app, accessing your company’s Slack, or using your medical insurance providers’ telehealth software. An app-based split tunneling setup will encrypt any traffic associated with those apps, while less sensitive data, like your TikTok scrolling, would stay unencrypted. It’s particularly useful for use with mobile device VPN installations. Inverse split tunneling is best for people that want nearly all of their traffic encrypted. The above two options leave your traffic unencrypted unless you specifically add it to their encryption lists. Inverse split tunneling does the opposite by encrypting everything on your system by default. Anything you don’t want encrypted will then need to be specified. To continue the above examples, your banking, work, and medical traffic would automatically be encrypted, while your TikTok activity would need to be manually set to use an unencrypted connection. Also: The fastest VPNs: Get great speeds without sacrificing security 1) Does this app, site, or service interact with private or sensitive data? This includes things like financial information, personal and medical data, log-in credentials, two-factor authentication, and even photos of your family.
Yes – You should almost certainly use your VPN for this data to protect it from bad actors. No – It’s probably safe to transmit over your standard, open network.
2) Am I trying to access content that isn’t available in my country or region? One popular use for VPNs is to gain access to streaming media that isn’t normally available in your region.
Yes – You’ll want to route your traffic through your VPN, specifically through an available region where the content you want to watch is available. No – VPNs typically don’t provide any benefit for basic streaming that was already available in your area. Skip it.
3) Does my current activity require the best possible speed? Activities like online gaming and certain high-resolution video streams will suffer from even the very slightly degraded speeds provided by the fastest VPNs.
Yes – Skip the VPN unless you absolutely need it. Even excellent VPN services introduce a little latency and reduce speeds slightly. It could ruin a highly competitive game, or 4K video stream. No – Feel free to use your VPN’s connection.
Also: Best VPN for streaming: Unlock Hulu, Netflix, and more The most common risk is a DNS leak. Without delving into the technical details, a DNS leak happens when you unintentionally expose the details of your traffic to bad actors. A full tunnel VPN deployment encrypts everything, while split tunneling encrypts only a portion. This means there’s always a risk, however small, that some traffic that should have been encrypted will remain unsecured. This can be mitigated by ensuring that you’ve correctly configured which apps, sites, and services use your VPN and which don’t. Poor configuration is behind most DNS leaks, which are caused by users being unaware that they’re leaving sensitive data exposed. For those worried that they may forget to secure something sensitive, inverse tunneling is a great option due to it encrypting everything by default, with only the apps and sites you manually choose reverting to your standard network. Also: The best cheap VPNs You can find reviews and additional coverage for most of these providers by clicking on their names below.
ExpressVPNNordVPNSurfsharkPrivate Internet AccessProtonVPNCyberGhostIPVanishPureVPNAtlas VPNIvacy