Virtual private networks (VPNs) are handy privacy tools designed to boost your digital security. With digital freedoms constantly under attack, and instances of censorship popping up around the world, it’s no surprise that more people are investing in VPNs than ever before.
In addition to encrypting your personal data, the best VPNs can secure public WiFi hotspots, unblock international streaming content, and even help you snag the best deals when doing your online shopping. The big question is: how?
The technologies that VPNs use, like encryption and protocols, can seem overly complex unless you’re already familiar with them. In this guide, I’ll walk you through these key concepts, unravel the mystery of how VPNs do what they do, and recommend a few of my favorite services.
What do VPNs do?
As soon as you hit the net, you’re constantly sending out data from your device and receiving data back. For example, you might send out a request to view a certain web page and receive the content of that web page in return, as a result.
This raw data can be seen by your internet service provider (ISP), and other invasive third parties if they happen to intercept it along its journey.
That’s where a VPN can help. Hundreds of VPNs exist, and though the quality of these services vary, they typically all work in a similar way. VPNs route your traffic through a secure endtoend encrypted tunnel that connects your device to a vpn server.
The VPN encrypts your data as it leaves your system, sending it to one of the VPN’s servers around the globe before it heads out onto the internet. Because the data is now encoded—scrambled—it’s unintelligible and can’t be exploited by ISPs or other snoopers.
What are servers?
In simple terms, servers are computers located somewhere around the globe that are running the VPN company’s software, and when you’re using a VPN, you are also running the VPN provider’s app or client on your machine. Your VPN will let you take your pick of servers via an interactive map or ordered list.
A second benefit is that the VPN server effectively becomes the origin of your internet traffic, meaning your location appears to be where that server (computer) is based—and not your actual location at home. So, you’ll get improved security and anonymity with a VPN (and other locationbased perks that I’ll cover a little later—and it’s good news if you’re an avid Netflix fan).
What is VPN encryption?
A VPN’s most important job is encrypting your personal data and web traffic. Connect to a VPN, and your financial details, logins, messages, browsing history, and other data are all sent through an encrypted tunnel in uncrackable code.
Let’s say you’re trying to log into Facebook. The request would be sent to your VPN service, which then establishes a connection between the device you’re using and a VPN server. Then, your VPN sends the login request to the VPN server via the encrypted tunnel I mentioned earlier.
When the VPN server receives the request, it sends it on to Facebook’s servers while it’s still encrypted. Facebook’s server receives the request, grants it, and sends the data back to the VPN server. This is where the VPN server reencrypts and dispatches the request to your VPN, where it’s deciphered and, finally, forwarded on to your device.
Your data is encrypted and decrypted at every point in this process. It might all seem complex, but Surfshark notes that it all “happens in a second” (or quicker) depending on your internet speeds.
It’s worth remembering that a heavyhanded government regime (or a particularly nosey ISP) could detect that your device is connected to a VPN—but they won’t be able to read any of the traffic heading out to the VPN server, and find out what you’re up to online, because of the VPN’s encryption. Plus, this encryption is so strong that it can’t realistically be broken.
What are VPN protocols?
In addition to encryption, protocols are another fundamental aspect of VPNs. VPN protocols are commands and processes that determine how your traffic travels from server to server via the encrypted tunnel.
NordVPN claims that each protocol offers a “different solution to the problem of secure, private, and somewhat anonymous internet communication”. Countless protocols are available, today, but the most popular include:
- Secure Sockets Layer (SSL)
- Transport Layer Security (TLS)
- PointtoPoint Tunneling Protocol (PPTP)
- IP Security (IPSec)
- Internet Key Exchange (IKEv1 or IKEv2)
- Layer 2 Tunneling Protocol (L2TP)
- WireGuard
- OpenVPN
However, the VPN landscape is constantly shifting, with protocols quickly growing outdated and new protocols rising up to take their place. NordVPN also believes that protocols are imperfect: “each may have potential vulnerabilities, documented or yet to be discovered, that may or may not compromise your security”.
OpenVPN and WireGuard are, generally, the two protocols you’ll find most of today’s top VPNs using, thanks to their speed and security. It’s also possible to switch protocols via your VPN app—which is handy if there’s a particular protocol you’d like to use. Just head into the settings menu of your chosen VPN to switch it up.
Keeping up with these protocols is important, since they play a huge part in the overall speed, security, and privacy of your VPN, and you’ll want to avoid using outdated protocols that put your data at risk.
OpenVPN, WireGuard, and proprietary protocols (including ExpressVPN’s LightWay and Hotspot Shield’s Catapult Hydra) are the safest options. IKEv2 is a solid alternative for mobile VPNs. This isn’t to say that other protocols are totally obsolete, but I’d recommend sticking to trusted picks if you want a reliable blend of speed and security.
How do VPNs unblock streaming sites?
While plenty of people use VPNs to boost their digital privacy, an increasing amount of folks are turning to VPNs to unblock streaming content from around the world.
How? Well, like I mentioned earlier, when you use a VPN and connect to one of its computers (servers), you’ll appear to be that computer and be identified by its IP address. If that server happens to be in a different country to you, the IP address will, too, and you’ll fool the sites you visit into thinking you’re in the location of your choosing. As a result, you’ll be able to check out content that’d otherwise be locked behind annoying georestrictions.
Want to learn more?
We’ve unveiled the most reliable streaming companions in our guide to best Netflix VPNs.
Here’s an example. BBC iPlayer is inaccessible to anyone living outside the UK. So, imagine that you’re in the US and want to check out some British content. You can fire up your BBC iPlayer VPN, join a server in the UK and, just like that, you’ll appear to be located somewhere in the British Isles. You’ll have your pick of BBC iPlayer shows, and the site itself will think you’re in the UK even though you’re still in the US.
Or, it should. There’s always a chance that content providers, like the BBC or Netflix, will detect VPN usage. They don’t want people getting around their regional restrictions, after all, and will try to pinpoint and block VPN connections to put a stop to any geoblock hopping. These providers can’t see your data—just that a VPN is being used.
For this reason, you might be identified as a VPN user and blocked, but the best streaming VPNs use pretty sophisticated software and methods of avoiding detection.
Content unblocking will always be a catandmouse game between providers and VPNs, with tactics and results constantly changing.
How VPNs work in a nutshell
VPNs route your traffic through a secure server, and not your ISP’s servers, and encrypt it. This means that thirdparty snoopers (like cybercriminals, your ISP, and your government) can’t read your traffic even if they happen to intercept it.
VPNs also use a variety of protocols to transfer your data. Currently, OpenVPN and WireGuard are today’s most secure, speedy, and wellregarded options.
In addition to securing your data (including financial information, logins, and browsing history), a VPN can also unblock global streaming content thanks to its server network. With servers placed around the world, users can pick a location overseas, be assigned a new IP address based in that same place, fool sites into thinking they’re physically there, and bypass georestrictions that’d otherwise prevent them from accessing regionspecific shows, movies, and sites.
FAQs
How do VPNs keep me safer online?
A VPN improves your online security by encrypting your data—ensuring nobody can snoop on it. While your ISP will (potentially) be able to see that you’re using a VPN, or that you’ve connected to an encrypted server, they won’t be able to crack the encryption provided by the VPN, or make sense of your sensitive data.
This is good news, as it means your ISP won’t be able to sell this information on to advertisers or surrender it to authorities upon request.
A VPN comes in handy when relying on public WiFi hotspots, too. These hotspots (usually offered by cafes, airports, and hotels) tend to lack adequate security measures, making them attractive to opportunistic hackers hungry for your data. VPN encryption ensures that your information remains secure, however, and totally unreadable.
VPNs can also boost your overall anonymity. By changing your IP address, they prevent your online activities from being traced back to your device, protecting you against snoopers and more direct threats like targeted DDoS attacks.
Are VPNs illegal?
In most cases, no. VPN use is legal in most countries—but there are exceptions to the rule. VPNs have been banned under strict regimes (like China and Russia), but it’s unclear how these bans might actually be enforced.
The important thing to remember is that while VPNs might be legal, what you do with it can still break the law.
What can’t a VPN hide?
VPNs encrypt your data and cloak your original IP address—but there are a handful of things that they can’t hide. One of these is your device type. Through the use of browser fingerprinting, the sites you visit can collect data (like operating system and browser type) that’ll inform them about what device you’re using.
Some VPN services can monitor your online activity, too, by keeping records of what you do and where you go when accessing the web. This is pretty invasive, and you’ll want to pick a secure VPN that adheres to a nologs policy to ensure that your provider isn’t sitting on sensitive information about your browsing sessions.
How do sites know I’m using a VPN?
A VPN assigns you a new IP address when you connect to one of its servers—but these servers are shared amongst the VPN’s user base. So, you might be given the same IP address as someone else. The fact that these IP addresses are shared across so many people has prompted some sites to figure out that they belong to VPNs and, ultimately, block them.
This doesn’t always happen. A lot of sites won’t mind the fact that you’re using a VPN—after all, it’d be a ridiculously expensive and timeconsuming endeavor to block, ban, or take action against everyone using a VPN.
We test and review VPN services in the context of legal recreational uses. For example: 1. Accessing a service from another country (subject to the terms and conditions of that service). 2. Protecting your online security and strengthening your online privacy when abroad. We do not support or condone the illegal or malicious use of VPN services. Consuming pirated content that is paidfor is neither endorsed nor approved by Future Publishing.