When you’re accessing your VPN’s list of servers, you might come across one that says “China”. “Cool,” you think, “this VPN has a server in one of the most VPN-hostile countries in the world!”
Then the realization hit you that in order to operate in China, VPNs have to agree to share their users’ data with the government. Wait, does this mean all your data is compromised?
Not necessarily, as will be explained in this article. VPNs nowadays utilize “virtual server locations” that allow them to provide an IP address from one country, even if the server itself is located in another.
Bare metal vs. virtual
Before we dive into why you should be aware of virtual VPN locations, it is first important to understand the meaning between a physical (“bare metal”) server and a virtual one.
A physical server is a real, physical computer. It is an actual machine that is located in a real-world location. It looks pretty much like your standard computer, with lots of wires and racks around it for bandwidth and memory. It’s also likely located in a temperature-controlled room that prevents it from bursting into flames from all those cores running at full speed. Such locations can also be owned by the VPN provider itself (on-site ownership) or rented from a different provider (co-location).
Physical servers are fast and powerful, and they are also very secure. Most VPN providers have their own bank of physical servers kept under lock and key, accessible only by a select team of employees. They also often sell this as an additional service, giving their customers the chance to access a higher level of security (that is, if they trust their VPN providers).
A virtual server, on the other hand, is a server that runs within a server. This means it has no presence in the real world, and its location is in bits and bytes. In practice, a powerful physical server can host a slew of virtual servers – and sometimes such servers do not even belong to the same company or service. It’s more complex to set up than a physical server, but there’s no need to invest in extra hardware.
From a VPN provider’ standpoint, virtual servers are very attractive. For one, by renting a virtual server the company no longer has to spend extra establishing a physical infrastructure in a specific country. Also, for the same level of capabilities, a virtual server is more affordable than a physical one. A VPN provider can usually rent a virtual server in the target country’s data center.
And this distinction between a physical and virtual server is one of the points that will separate a trustworthy VPN from the rest.
Who owns what server, and why?
For a VPN provider to expand, it only has two choices: to buy new servers and set them up in the target country, or to rent a server in that country.
Should the VPN choose to have a virtual server, a lot of issues can arise. Foremost among these is privacy, since unless the VPN company keeps its personnel in the vicinity of the shared server, there’s no way for it to be 100% sure the host server isn’t skimming its user’s browsing data. Remember that encryption only happens to and from the VPN server – from the server to the destination, it’s a free-for-all since the destination can’t see who is accessing what anyway. Anyone tapping the virtual VPN server may not be able to see who is doing what, it’s possible for them to analyze the collective user activity in order to profile the userbase of that VPN.
Neither can the VPN company be 100% sure no one has tampered with its server settings to compromise the privacy of its users, such as by changing obfuscation measures. Additionally, a data center in a specific country can have very different privacy policies, and local authorities may have the power to seize the data in their servers.
Privacy isn’t the only concern for virtual VPN servers, either. Sometimes these servers suffer from latency issues (sluggishness) due to the less-capable hardware assigned to them and the additional “hops” it takes to connect from the main VPN network, to the virtual server network, to the destination server, and back.
Thankfully, for most top VPN providers, the share of virtual servers is particularly low. And for the more privacy conscious among them, they have markers that let people know that they are connecting to a virtual server location, not an actual physical server. As mentioned above, the dominant server type can draw the line between a good VPN provider and a lousy one – only a legit VPN provider would go the extra mile to invest in physical servers to serve their customers better.
For these top dogs in the VPN industry, the only reason to use a virtual VPN server is not to cut costs, but to provide an IP address that allows the user to surf content from the target country. Consider our China example earlier – the VPN in question may have a physical server somewhere else that does all the security and encryption. Then, that server bounces the connection to a virtual server in China in order to simulate traffic coming from within the country. This does not pose as much security risk since the data is already encrypted before reaching the virtual server. The VPN gets the chance to provide an IP in a normally restrictive location, while the user gets added flexibility by being able to connect to the target country.
In the end, the question of virtual servers is all about transparency. If the VPN provider has a legitimate reason to use virtual servers, it’s best if it expressly states so. If not, then at least there should be a way for users to see that the server they are connecting to is a virtual one, and where the actual location really is. A user may feel confident connecting to a server in Honduras, for example, but if they don’t know it’s a virtual connection and the real server is located in the United States, they may not be surfing as anonymously as they had thought.
Most of the best VPN providers either mark their virtual servers in their app’s server list, or they may have separate pages showing which of their servers are virtual. It’s worth looking for these pages or notifications as well when you’re testing out your subscription.
Unfortunately, it’s not that easy to test out whether or not a specific server is a virtual or a physical one. You can, of course, ask the VPN provider directly through their customer support lines, but if that doesn’t work you can do your own tests by logging into the server you want to test and pinging its server address. If the ping’s round trip time (rrt) is less than 2, there’s a high chance the VPN server is located in the same country. You might also want to log into other VPN servers to check if any of them show an even shorter rrt – that may be a sign the server is actually in the latter country! You can also compare these results to a traceroute done in the same manner. A legit physical server should have about the same results as the rrt you got earlier.
The whole VPN industry revolves on the subject of trust – using one means you don’t trust the internet which might be keeping its eyes on you, so you trust a VPN instead to protect you. The matter of admitting whether a VPN company is using a virtual server not only goes towards the improvement or worsening of this trust.