VPN: Virtual Private Network
A VPN creates a secure, encrypted tunnel between your device and the internet.
VPN: Virtual Private Network
A VPN, or Virtual Private Network, is a technology that creates an encrypted tunnel between your device and a remote server, routing your internet traffic through that server before it reaches its destination. It masks your real IP address, protects your data from interception, and allows you to browse as if you were physically located wherever the VPN server is.
What Is a VPN
When you connect to the internet without a VPN, your traffic travels directly from your device through your ISP to the destination server. Every device along that path, including your ISP, network administrators, and anyone monitoring the connection, can see which servers you are connecting to and potentially read unencrypted data. Your real public IP address is visible to every server you reach.
A VPN changes this by creating an encrypted connection, called a tunnel, between your device and a VPN server operated by the VPN provider. All your internet traffic is routed through this tunnel. From the perspective of your ISP, you are simply sending encrypted data to one address, the VPN server. From the perspective of the websites and services you visit, your traffic appears to originate from the VPN server's IP address rather than your real one. The content of your requests is visible to the VPN provider but not to your ISP or anyone on the network between you and the VPN server.
VPNs were originally developed for corporate use, allowing remote employees to securely access internal company networks over the public internet as if they were physically connected in the office. That use case remains central today, but VPNs are also widely used for personal privacy, bypassing geographic content restrictions, and securing connections on public Wi-Fi networks.
How a VPN Works
- You install a VPN client application on your device and connect to a VPN server by selecting a location from the provider's network
- The VPN client and server perform a handshake to authenticate each other and negotiate the encryption parameters for the session
- An encrypted tunnel is established between your device and the VPN server using a tunnelling protocol such as OpenVPN, WireGuard, or IKEv2
- Your device's routing table is updated so that all internet traffic is directed through the encrypted tunnel rather than directly to the internet
- When you request a website or service, your encrypted traffic travels through the tunnel to the VPN server
- The VPN server decrypts your request, strips your original IP address, and forwards the request to the destination server using its own IP address
- The destination server responds to the VPN server, which encrypts the response and sends it back through the tunnel to your device
- Your VPN client decrypts the response and delivers it to the requesting application
Your Device → ISP (can see destination + data) → Website
Your real IP visible to: ISP, Website, anyone on the pathYour Device → [Encrypted Tunnel] → VPN Server → Website
Your ISP sees: encrypted traffic to VPN server only
Website sees: VPN server's IP address, not yoursVPN Protocols
A VPN protocol defines how the encrypted tunnel is established and maintained. Different protocols make different trade-offs between speed, security, compatibility, and ease of configuration. Most modern VPN clients allow you to choose which protocol to use or select automatically based on network conditions.
| Protocol | Speed | Security | Best For |
|---|---|---|---|
| WireGuard | Very fast. Lean codebase with minimal overhead. | Excellent. Uses modern cryptography by default with no legacy cipher options. | Personal VPNs, mobile devices, performance-sensitive use cases. The recommended default for most users. |
| OpenVPN | Good, though slower than WireGuard due to larger codebase | Excellent. Mature, extensively audited, highly configurable encryption settings. | Enterprise deployments, situations requiring maximum configurability and cross-platform compatibility |
| IKEv2/IPSec | Fast, with efficient reconnection after network changes | Very good. Widely supported and well-tested. | Mobile devices that frequently switch between Wi-Fi and cellular, as it reconnects automatically |
| L2TP/IPSec | Moderate. Double encapsulation adds overhead. | Adequate but considered outdated. Potentially weakened by NSA. | Legacy systems where newer protocols are not supported. Avoid where possible. |
| PPTP | Fast due to weak encryption | Poor. Known vulnerabilities. Considered broken by modern security standards. | Should not be used for any security-sensitive purpose. Included only for historical completeness. |
| SSTP | Good | Good. Uses TLS over port 443, making it difficult to block. | Windows environments, bypassing firewalls that block standard VPN ports |
Types of VPN
VPNs are deployed in several different configurations depending on whether the goal is personal privacy, remote corporate access, or connecting multiple offices together.
| Type | How It Works | Common Use Case |
|---|---|---|
| Remote Access VPN | An individual user's device connects to a VPN server, encrypting their traffic and masking their IP address | Personal privacy, bypassing geographic restrictions, securing public Wi-Fi connections |
| Corporate Remote Access VPN | An employee's device connects to the company's VPN gateway, gaining access to internal resources as if they were in the office | Remote work, accessing internal file servers, databases, and intranets securely over the public internet |
| Site-to-Site VPN | Two or more entire networks are connected together through a persistent encrypted tunnel between gateway devices | Connecting branch offices to a headquarters network, linking cloud infrastructure to an on-premises data centre |
| Split Tunnel VPN | Only specific traffic is routed through the VPN tunnel while other traffic goes directly to the internet | Corporate VPNs where employees need access to internal resources without routing all personal browsing through the company network |
| Full Tunnel VPN | All traffic from the device is routed through the VPN without exception | Maximum privacy, high-security environments, bypassing network-level censorship |
What a VPN Does and Does Not Protect
A VPN is a powerful privacy tool but it is not a complete security solution. Understanding precisely what it protects and what it leaves exposed helps you use it appropriately and avoid a false sense of security.
| Scenario | Protected by VPN? | Why |
|---|---|---|
| Your ISP seeing which websites you visit | Yes | Your traffic is encrypted and the destination is hidden. Your ISP only sees an encrypted connection to the VPN server. |
| Your real IP address being seen by websites | Yes | Websites see the VPN server's IP address instead of yours. |
| Traffic interception on public Wi-Fi | Yes | Encryption prevents anyone on the same network from reading your data even if they intercept it. |
| Tracking by websites using cookies | No | Cookies identify you regardless of your IP address. Clearing cookies or using private browsing is needed separately. |
| Malware and viruses on your device | No | A VPN only encrypts network traffic. It provides no protection against malicious software already on the device. |
| Phishing attacks | No | A VPN does not prevent you from visiting a fake website or submitting credentials to a phishing page. |
| The VPN provider seeing your traffic | No | The VPN server decrypts your traffic before forwarding it. The provider can technically see your requests, which is why choosing a trustworthy no-logs provider matters. |
| Browser fingerprinting | No | Websites can identify your browser through its unique combination of settings, fonts, and capabilities regardless of IP address. |
Common Uses of a VPN
- Privacy from your ISP: ISPs can log and in some jurisdictions sell your browsing history. A VPN prevents your ISP from seeing which sites you visit by encrypting all traffic before it leaves your device.
- Securing public Wi-Fi connections: Public Wi-Fi networks in cafes, airports, and hotels are shared with strangers. An attacker on the same network can attempt to intercept unencrypted traffic. A VPN encrypts everything leaving your device, making interception useless.
- Accessing geo-restricted content: Streaming services, news sites, and other platforms restrict content based on the user's geographic location. Connecting to a VPN server in a different country makes the destination service believe you are located there.
- Remote work and corporate access: Employees working outside the office use corporate VPNs to access internal systems such as file servers, intranet portals, and databases that are not exposed directly to the internet.
- Bypassing censorship: In countries where governments restrict access to certain websites or services, VPNs can provide a path around those restrictions by routing traffic through servers in unrestricted countries.
- Protecting sensitive communications: Journalists, activists, lawyers, and others who handle sensitive information use VPNs to add a layer of protection against surveillance when communicating or researching.
VPN Limitations and Considerations
No VPN provides absolute privacy or security, and understanding the limitations prevents over-reliance on the technology.
- Trust shifts to the VPN provider: A VPN replaces your ISP as the entity that can see your traffic. A VPN provider that logs your activity is no better than a nosy ISP. Always check whether the provider has a verified no-logs policy, ideally confirmed through an independent audit.
- Speed reduction: Routing traffic through an additional server and encrypting it adds latency and reduces throughput. The extent depends on the VPN server's location, load, and the protocol used. WireGuard minimises this overhead significantly compared to older protocols.
- DNS leaks: If your device sends DNS queries outside the VPN tunnel, your ISP can still see which domains you are looking up even though the rest of your traffic is encrypted. A good VPN client routes DNS queries through the tunnel and uses its own DNS resolvers.
- Kill switch: If the VPN connection drops unexpectedly, your device may fall back to sending traffic directly over your regular connection, exposing your real IP address. A kill switch cuts your internet connection entirely if the VPN tunnel fails, preventing accidental exposure.
- Not a complete anonymity solution: Combining a VPN with browser cookies, logged-in accounts, and a consistent browser fingerprint still allows websites and advertisers to identify and track you. A VPN is one layer of privacy, not a complete solution on its own.
Frequently Asked Questions
- Does a VPN make you completely anonymous online?
No. A VPN hides your real IP address and encrypts your traffic from your ISP and anyone monitoring your local network, but it does not make you anonymous. Websites can still identify you through cookies, browser fingerprinting, and login sessions. The VPN provider itself can see your traffic. Achieving meaningful anonymity requires a combination of measures including using a no-logs VPN, private browsing mode, avoiding logged-in accounts, and tools like the Tor browser for the highest levels of anonymity. - Is it legal to use a VPN?
In most countries, yes. VPNs are legal in the vast majority of jurisdictions and are widely used by businesses and individuals for entirely legitimate purposes including remote work, privacy, and security. However, a small number of countries heavily restrict or ban VPN use, including China, Russia, Iran, and North Korea. Using a VPN does not make illegal activities legal. Activities that are illegal without a VPN remain illegal with one. - What is a no-logs VPN policy?
A no-logs policy means the VPN provider does not store records of your browsing activity, connection timestamps, IP addresses, or DNS queries. Because the VPN server can technically see your traffic, the only way to prevent that data from being used against you is for the provider to never record it. A genuine no-logs policy should be independently audited by a third-party security firm and ideally tested in practice through legal requests that the provider was unable to fulfil because no logs existed to hand over. - What is a VPN kill switch?
A kill switch is a VPN feature that monitors your connection and cuts all internet traffic from your device if the VPN tunnel drops unexpectedly. Without a kill switch, a sudden VPN disconnection would cause your device to fall back to your regular unprotected connection, briefly exposing your real IP address and unencrypted traffic. This is particularly important for high-privacy use cases where even a momentary exposure would be unacceptable. Most reputable VPN clients include a kill switch that can be enabled in settings. - Does a VPN slow down your internet connection?
Yes, to some degree. Routing your traffic through an additional server adds latency, and the encryption and decryption process consumes CPU resources. The extent of the slowdown depends on the physical distance between you and the VPN server, the server's current load, and the protocol in use. WireGuard is significantly faster than older protocols like OpenVPN and typically results in only a small percentage reduction in throughput compared to a direct connection. Connecting to a geographically close server minimises the latency increase. For most everyday use cases including streaming and browsing, the performance impact of a good VPN is barely perceptible.
Conclusion
A VPN is one of the most practical privacy and security tools available for both personal and professional use. It encrypts your traffic, hides your real IP address from the websites you visit, protects you on untrusted networks, and allows remote access to private networks over the public internet. Understanding what it does and does not protect against is essential for using it effectively as part of a broader security posture rather than treating it as a complete solution on its own. Choosing a provider with a verified no-logs policy, a reliable kill switch, and support for modern protocols like WireGuard gives you the strongest combination of privacy, performance, and reliability. Continue with IP addresses, DNS and caching, HTTPS and TLS, and how routing works to build a complete understanding of how your internet traffic travels and how it can be protected.