You’ve probably heard of VPNs. Maybe you’re even using one. With a VPN (Virtual Private Network ) you can hide your IP address, prevent hackers and spies from viewing your activity, and make websites think you’re in a country you’re not. VPNs are also useful for accessing blocked content and using peer-to-peer networks safely. A virtual private network (VPN) is an essential security and privacy tool for anyone who browses the web or communicates online.
But do you know how VPNs work? We put together this article as a very simple explainer for the uninitiated. It covers the basic concepts and key features of a VPN.
What is a VPN ?
To understand how VPNs work, it’s helpful first to look at how you connect to websites without a VPN.
Say you visit protonmail.com from your laptop at a café in New York. Your browser pulls information across a shared physical infrastructure (e.g. fiber-optic cables) from our servers in Switzerland, through vast cables on the bottom of the Atlantic Ocean, along the local lines in the city, before jumping the last few feet on the café wifi.
Along the way, your traffic passes through several routers (which help direct Internet traffic) and multiple Internet service providers (ISPs, the companies that carry Internet traffic). And all of this happens in a very public way. That is, the IP address of your device accompanies your activity as it passes through these routers, ISPs, and servers over which you have no control.
The owners of those servers and routers can log your data and sell it or turn it over to government authorities. Hackers, too, may intercept your data, particularly by monitoring your wifi network. Many popular websites still do not use TLS/SSL encryption, making any sensitive information you give to those websites accessible to attackers monitoring network traffic.
How does a VPN work?
When you use a VPN, instead of directly connecting to a website, you first establish an encrypted tunnel with a VPN server. All your traffic goes through the encrypted tunnel to the VPN server, before passing into the rest of the Internet.
Because a VPN establishes an encrypted tunnel between your device and the VPN server, your ISP can’t see your traffic. This also means that if you are connected to a public or compromised wifi network, an attacker monitoring that network can’t see your Internet traffic.
Since you are connecting to your final destination (for example, the website you actually want to visit) through a VPN server, the website only sees the IP address of the VPN server that you used. This prevents your real IP address from being exposed and helps to protect your privacy.
This also means that by connecting through a VPN server from another country, you can make it appear to a website that you are connecting from a different country, and this can be useful, for example, in bypassing censorship or geographic content restrictions.