How Does a VPN Work?
VPNs are very much in the news right now. Savvy computer users love them, advertisers and the government hates them. It protects our privacy, circumvents geoblocking and avoids censorship. But how does a VPN work and what can it do for you?
With everything we do online being tracked, assessed and used against us by the advertising industry, you would be forgiven for wanting a little privacy while online. Plus, the recent news that Congress sold out our privacy by allowing ISPs to collect and sell our browsing data to whomever they please is not good news for anyone but the ISPs. Anything we can do to maintain a little privacy is now essential.
What can a VPN do for you?
A VPN is a secure encrypted connection between your computer and the VPN server. It keeps you safe and secure while online.
VPN services are usually provided by a third-party. You install a small application on your device or your home router that creates a secure connection between that device and the VPN server. Nobody outside can see what you are doing or gain access to it. Only the company running the VPN has access to your traffic but only if they keep logs.
A VPN can:
- Secure your connection from hackers and anyone lurking on Wi-Fi hotspots.
- Secure your browsing habits from your ISP.
- Avoid geoblocking services such as those on Netflix or other services.
- Avoid censorship if your location blocks traffic.
- Allows you to use P2P services relatively safely.
On its own, a VPN does not deliver total security but it goes a very long way to preserving it. If you don’t want your browsing habits and personal data harvested and sold, a VPN is now essential.
How do VPNs work?
The usual type of VPN home users utilize is called a remote access VPN. Your device establishes a secure tunnel with a remote network provided by the VPN company. That connection is referred to as a tunnel and is encrypted and secured, usually by SSH.
The VPN process goes a little something like this:
Network traffic is broken up into small chunks called packets and are sent and received by routers across the internet. The data packet will include the source and destination address, an identifier and the payload. The payload is the actual data being transmitted. The identifier is used to reassemble the data in the correct order once it hits your device.
This is the basics of packet switching which is how the internet works. A long message is broken down into tiny chunks, sent to the destination and reassembled at the other end. The process is repeated hundreds or thousands of times per second every time you do something online.
A VPN tunnel takes that data packet and slips it inside another data packet. This new packet is encrypted and only has a single possible destination, your VPN server. Once it gets to that destination, the VPN hardware at the end strips off most of that second packet and sends the original on its way. All that remains is the return address, which is the VPN server and not your device.
On the return leg, rather than sending the packet directly to your device, it is returned to the VPN server which recognizes it as part of your VPN connection, wraps it up in another secure packet and returns it to your computer.
This method of sliding one data packet into another is called encapsulation and is used across the world for many things other than VPN.
Let’s use an analogy to see if I can make it a little clearer. You send a letter to Person A but don’t want anyone else to know. You write your letter and put it in its envelope. That’s the data packet. You then put that envelope inside another with a different address belonging to Person B. That is encapsulation. You send the letter to Person B, which is the VPN tunnel.
Person B opens the first envelope, sees the one inside and posts that to Person A on your behalf. When Person A replies, they send the reply to Person B, they put it inside another envelope and return it to you.
If you would like to know more about how a VPN works, this Microsoft Technet article is very informative.
What is publicly visible when you use a VPN?
If your ISP now has carte blanche to track your every move while online, what do they see if you use a VPN? Not a lot actually. They will see you are using their service but not what you’re doing. All they will see is a series of encrypted data packets being sent from your device to the VPN server. That’s it.
So that’s the basics of how a VPN works. It does get more complicated but the software and the VPN server takes care of all that for you. All you need to do is remember to always use it while online!