A virtual private network (VPN) is an essential security and privacy tool for anyone who browses the web or communicates online. In this article, we explain how VPNs actually work.
You’ve probably heard of VPNs. Maybe you’re even using one. With a VPN, you can hide your IP address, prevent hackers and spies from viewing your activity, and make websites think you’re in a country you’re not. VPNs are also useful for accessing blocked content and using peer-to-peer networks safely.
But do you know how VPNs work? We put together this article as a very simple explainer for the uninitiated. It covers the basic concepts and key features of a VPN.
First, you need to understand the Internet
To understand how VPNs work, it’s helpful first to look at how you connect to websites without a VPN.
Say you visit protonmail.com from your laptop at a café in New York. Your browser pulls information across a shared physical infrastructure (e.g. fiber-optic cables) from our servers in Switzerland, through vast cables on the bottom of the Atlantic Ocean, along the local lines in the city, before jumping the last few feet on the café wifi.
Along the way, your traffic passes through several routers (which help direct Internet traffic) and multiple Internet service providers (ISPs, the companies that carry Internet traffic).
And all of this happens in a very public way. That is, the IP address of your device accompanies your activity as it passes through these routers, ISPs, and servers over which you have no control. The owners of those servers and routers can log your data and sell it or turn it over to government authorities. Hackers, too, may intercept your data, particularly by monitoring your wifi network. Many popular websites still do not use TLS/SSL encryption, making any sensitive information you give to those websites accessible to attackers monitoring network traffic.
How does a VPN work?
When you use a VPN, instead of directly connecting to a website, you first establish an encrypted tunnel with a VPN server. All your traffic goes through the encrypted tunnel to the VPN server, before passing into the rest of the Internet.
Because a VPN establishes an encrypted tunnel between your device and the VPN server, your ISP can’t see your traffic. This also means that if you are connected to a public or compromised wifi network, an attacker monitoring that network can’t see your Internet traffic.
How does a VPN hide my IP address?
Since you are connecting to your final destination (for example, the website you actually want to visit) through a VPN server, the website only sees the IP address of the VPN server that you used. This prevents your real IP address from being exposed and helps to protect your privacy.
This also means that by connecting through a VPN server from another country, you can make it appear to a website that you are connecting from a different country, and this can be useful, for example, in bypassing censorship or geographic content restrictions.
What makes ProtonVPN different
In some ways, ProtonVPN works similarly to other VPN services as described above. However, due to our extensive security experience, ProtonVPN also comes with numerous extra features that make it far more secure. For example, when it comes to establishing an encrypted tunnel, ProtonVPN only uses the OpenVPN and IKEv2 protocols instead of weaker protocols, which can be broken. Furthermore, all ProtonVPN connections frequently rotate encryption keys (sometimes as often as once every 60 minutes). Constantly changing the encryption keys makes it much more difficult for an attacker to break the encryption, and even if a key is somehow compromised, it will only compromise traffic for a brief period of time instead of compromising all traffic.
ProtonVPN is also based in Switzerland, which has some of the world’s strongest privacy laws and makes it illegal to force us to monitor user activity. Because of this, ProtonVPN has a strict no-logs policy, and we do not record or track any of our users’ online activities. Paid ProtonVPN plans also come with advanced security features like Secure Core and integration with the Tor anonymity network.
We didn’t set out to build a VPN service when we started ProtonMail, but when our email users asked us to recommend a VPN, we saw a need for a service with greater security and privacy. ProtonVPN is part of our ongoing commitment to making Internet freedom available to all while maintaining the highest security standards. You can learn more about ProtonVPN’s security features here.
The ProtonVPN Team
Follow us to stay up to date on ProtonVPN news and releases:
You can get a free secure email account from ProtonMail here.