What Is The Difference Between A Proxy And A VPN?
A proxy is any server that sits between your device and a wider network, such as the internet. A virtual private network (VPN) server is a specific kind of proxy, but many other kinds of proxy exist. Although inaccurate (and as a result, confusing), VPNs are often contrasted to proxies.
In this article, we look at what a proxy is and provide an overview of the different kinds of proxy that are available.
What is a proxy?
As noted above, a proxy is a server that sits between your device and the internet. This means that your internet traffic passes through the proxy server and enters the internet using its IP address and physical location. Therefore, all proxies:
- Hide your real IP address from websites (and other internet resources, such as games servers, BitTorrent peers, and email servers) you visit on the internet
- Can be used to “spoof” your real geographic location
The connection between your computer and a proxy server is not always secured using encryption, but it often is. If a connection is encrypted:
- Your internet service provider (ISP) cannot see what you do on the internet. It can only see that you have connected to a proxy server.
- It also can’t see the contents of your internet traffic (for example, files you are downloading).
Most importantly, since your traffic passes through and is encrypted and decrypted by the proxy server, whoever runs the proxy server can monitor your internet activity. This is why it is crucial that you only use a trustworthy VPN to access the internet.
Technically speaking, this describes a forward proxy that sits between your computer and the internet. A reverse proxy, on the other hand, acts as a gateway between the internet and a small group of servers. The classic example of a reverse proxy is an office intranet that can only be accessed from the outside via a single (reverse proxy) server.
All the proxies discussed in the rest of this article are forward proxies.
VPNs vs. (other kinds of) proxies
If you are familiar with how VPNs work, this may all sound very familiar. The key differences between a VPN and most other kinds of encrypted proxy setups are:
- A VPN protects your entire internet connection, while most proxies must be configured on a per-app basis (for example, your browser or BitTorrent client).
- VPNs use highly secure VPN protocols, such as OpenVPN and WireGuard, that provide additional layers of security for your data rather than just the simple HTTPS used to secure most proxy connections.
- VPN providers are commercial entities, often subject to a great deal of public scrutiny. VPN companies, such as Proton, spend a great deal of time and money building large and highly secure network infrastructure and developing advanced features for their community.
As discussed below, commercial (non-VPN) proxy services do exist, but the advantages of VPN technology over regular HTTP and SOCKS proxy setups mean this sector is far less developed (and therefore also far less open to scrutiny) than the VPN industry.
Types of proxy
There are many different types of proxy servers. When people refer simply to a proxy or proxy server without additional context, they usually mean a SOCKS or HTTP proxy.
SOCKS (a contraction of “secure socket”) is a low-level internet protocol that does not interpret internet traffic. That is, it simply passes along all traffic without making any attempt to understand what it is. This makes it useful for simply forwarding all kinds of internet traffic, including traffic that uses protocols, such as:
- File Transfer Protocol (FTP)
- POP3 and SMTP (used for sending and receiving emails)
- Internet Relay Chat (IRC)
SOCKS’s ability to proxy BitTorrent traffic, in particular, is a popular reason to use SOCKS proxies, and they are sometimes known as “torrent proxies”. Together with the high bandwidth often consumed while torrenting, public SOCKS proxies can often suffer from a high server load.
Support for HTTPS is built into the SOCKS protocol, and it is often used to secure connections to SOCKS proxy servers.
SOCKS4 remains the most common version of SOCKS used by proxy servers, but SOCKS5 is the latest version. It provides proxy operators various ways to authenticate users, thus giving them greater control over who uses the server. Commercial proxy servers, for example, can use SOCKS5 to ensure only paying customers can connect to their servers. The benefits for people using SOCKS5 proxies, however, are minimal.
The Hypertext Transfer Protocol (HTTP) links websites and other resources on the World Wide Web. HTTP proxies are supported by a very wide range of apps and programs that use the HTTP protocol, most notably browsers.
Although reliance on the HTTP protocol limits HTTP proxies to a certain extent, it also allows them to operate at a higher level. This means they understand and interpret web traffic, which is useful for things such as:
- Filtering web content (for example, removing banners and unnecessary, or even dangerous, scripts)
- Restricting access to websites and other internet resources (for example, adult content)
- Caching media and content for improved performance
It also allows the proxy to do things that many people might be less happy about, such as:
- Censoring web content (for example, political content)
- Injecting advertising banners and malicious code — this is a particular problem with free HTTP proxy servers
HTTP connections are not secure by default, allowing your ISP and other third parties to monitor your internet traffic. However, connections can be encrypted using the HTTPS protocol that secures all internet traffic. HTTP proxy servers that use HTTPS to secure your connection to the proxy server are often called HTTPS proxies.
A web proxy is an HTTP proxy that you connect to inside your browser window without the need to download any software or configure your browser’s proxy settings. Most are free, but this is usually a downside, as many fund themselves by injecting banners, ads, and other (potentially malicious) scripts into your browser window.
Indeed, many web proxies disrupt your browsing experience to the extent that they make the internet all but unusable.
Transparent proxies sit between your device and the internet but are not something you deliberately connect to. In fact, you may not even know you are using one.
Benign uses of transparent proxies include the WiFi portals you sign in to on public WiFi hotspots and the filters that block inappropriate content on the WiFi provided by public libraries or schools. Less savory uses include censoring legitimate content for political, social, or religious reasons.
A proxy URL is not a true proxy but a web address that forwards to another URL. It can be useful for evading censorship when a URL is blocked.
The Tor anonymity network routes connections through multiple nodes, encrypting the connection each time. Each node acts as a proxy server and is run (at least in theory) by volunteers.
A private (or closed) proxy is any privately run proxy server that is not available to the public. Probably the most common example is a reverse proxy used by a company to act as a gateway to internal corporate resources, but it is also quite common for individuals to set up remote private proxy servers (which may be VPNs) to bypass censorship.
However, it is worth noting that such personal proxies and VPNs are not as good at protecting your privacy as commercial VPN services because ownership of the proxy server’s IP address can be easily traced back to you.
A commercial proxy (as distinct from VPN) is a paid-for service that allows you to connect to HTTP or SOCKS proxies run by a company. These connections are almost always secured using HTTPS.
Most commercial proxies run out of data centers, although commercial proxy services offering residential or mobile IP addresses are an emerging industry.
Commercial proxies are often categorized based on the amount of privacy they offer:
- Shared – A proxy server (and associated IP address) that is shared with many other customers.
- Semi-shared – A proxy shared with a limited number of other customers (typically three others).
- Exclusive or dedicated – You have exclusive use of the proxy and its associated (static) IP address, although it’s worth noting that almost always means a virtualized server hosted on a physical machine that hosts many such virtual servers. It’s also worth noting that having an exclusive IP reduces privacy since the IP address can be traced back to you.
Residential and mobile proxies
Most commercial proxies are operated out of data centers and use IP addresses that have been leased from an ISP. These blocks of data center-controlled IPs are sometimes blocked (a popular tactic used by streaming services that geo-restrict their content for copyright reasons).
Residential proxies are operated directly by ISPs, and therefore use IP addresses that are indistinguishable from “real” IP addresses that belong to physical addresses. They are therefore almost impossible to block and provide a higher level of granularity when using a proxy to spoof your location.
Mobile proxies are much like residential proxies, except they are offered by mobile internet providers.
A public proxy is available for anyone to use for free. Lists of public proxies are freely available on the internet, but we strongly recommend against using them.
This is because there is no way to know who is running the server and no reason to trust them. Indeed, since they can spy on everything you do online when connected to the server while asking for nothing in return for the time and effort required to run a proxy server, there is every reason to be suspicious.
Public proxies are usually rated according to their anonymity level.
- Level 1 (transparent proxy or caching proxy) – Not to be confused with the kind of transparent proxy discussed earlier in this article, these proxies will minimally hide your IP address. However, it still appears in the request header sent when connecting to web pages. Providing no effective privacy on the internet, level-1 proxies are mainly used to improve web performance by caching content.
- Level 2 (anonymous proxy) – This type of proxy provides some privacy on the internet by hiding your real IP address from the websites you visit. However, they make no attempt to hide the fact that you are using a proxy server. It is common practice for proxy servers to announce themselves as proxy servers by using FORWARDED headers when making page requests.
- Level 3 (elite proxy or high-anonymity proxy) – A level-3 proxy not only hides your real IP address but won’t announce the fact that you are using a proxy to websites you visit. Level-3 public proxies tend to be very popular, which can also make them very slow.
Why you should use a VPN
As we have discussed, there are many different types of proxy. VPNs and commercial proxies are similar in many ways and are often used to achieve similar ends. However, there are good reasons why the VPN market is so much bigger and more developed than the commercial proxy market.
- A VPN protects your entire internet connection and doesn’t need to be configured on a per-app basis.
- HTTPS secures connections to the proxy server, but advanced VPN protocols, such as OpenVPN and WireGuard, provide much higher levels of security. For example, OpenVPN additionally encrypts your data itself using AES-256, while WireGuard uses ChaCha20.
- Dedicated VPN apps and extensive network capabilities allow VPN companies to offer a wide selection of advanced features. For example, ProtonVPN runs servers in 55 countries, can unblock many popular streaming services, and features a DNS-based ad-blocker (which can also block malware and prevent website tracking), Secure Core VPN, Tor over VPN, alternative routing, VPN Accelerator, a kill switch, Smart Protocol, open-source and fully audited apps, and more.
The choice, of course, is yours.