What is a VPN?

I’ve been watching a lot of YouTube videos lately, and I’ve been seeing a lot of videos sponsored by different VPN (Virtual Private Network) providers.  And in every one of those sponsored spots, I hear the same kind of things: “Protect your online banking with a VPN!” “Without a VPN, your internet traffic can be tracked by hackers!” “VPNs let you feel safe while you’re browsing online!”

At best, those statements are misleading.  At worst, they’re a downright lie.  Now, VPNs aren’t necessarily bad. In fact, I set up my own VPN server that I use when I’m traveling!  There’s definitely a time and place for VPNs.  Today, I’m going to dispel some misinformation, and maybe convince you that, under the right circumstances, a reputable VPN service is an important tool for web privacy.

What does a VPN do?

A VPN is a middleman server that you use if you don’t trust your computer’s route to the internet, or if you want to make it look like your traffic is originating from somewhere else.

Let’s break that down a bit and start briefly with how the internet works.  Some of our veteran readers might remember I wrote a post about this last April!

Your internet data makes a lot of stops between you and it’s destination. Every stop along the way is a chance for someone to read that data.

When you open a webpage, your computer sends a postcard to the website’s address requesting the data needed to display the site.  Between your computer and the website’s server, there’s a bunch of other servers that handle the postcard.  First, it goes through your router.  Then it goes off to your ISP.1Internet Service Provider, i.e. Comcast, Verizon, AT&T, etc.  Then it goes to the website’s ISP.  Then, finally, it goes to the website.  When the website sends the information back, it goes through that whole chain again.  Every computer along the way can read that postcard and see where it’s headed.

Want to know just how bad it is?  Here are all the computers involved with me going to eff.org.  That’s 10 whole computers that read my request between me and the website server!

The traceroute command in Windows (tracert in Linux) shows all the servers involved with connecting to another server. I’ve blurred out the local ISP and Datacenter servers for privacy.

Now, that’s not necessarily a bad thing.  Computer 1 is my home router.  I own that, and I trust it.  Computers 2-5 are part of my local Comcast datacenters.  Now, I’m not particularly fond of Comcast or anything, but at the end of the day, I trust them enough not to do anything overtly horrible.2Though, this trust may be misplaced based on some US legislation from 2017 allowing ISPs to collect and sell user information.  Computers 6 and 7 are part of the major fiber optic network that all ISPs share, and are part of the internet’s backbone.  Computers 8-10 are part of the website’s ISP, and are the only way to get to the website.  Finally, we reach the website’s server at #11.

Now, let’s say I’m browsing the web at a sketchy coffee shop, or at an airport with unsecured WiFi, or in a country with strict censorship laws.  This is a perfect case to use a VPN since I definitely don’t trust those routes to the internet.

A VPN adds another server as a destination in the middle of that list, and encrypts the data between it and your computer.

With a VPN, data between you and your VPN is encrypted, so your ISP and router can’t see it or where it’s going. The website serves the request from the VPN, so it can’t see where the request originated. Your VPN and it’s ISP can see everything though, so be careful.

Let’s follow the postcard in this situation.  Before you go online, you and your VPN share a secret code so that any communication between you two can only be read by you two.  You send a postcard to your VPN server asking it to get the website for you.  The VPN server sends a second postcard to the website.  When it gets the data back, it encrypts the data with your secret code and sends a copy back to you.

As far as your sketchy coffee shop WiFi is concerned, the only thing it can see is a bunch of postcards with garbled text going to and from just your VPN server.  It doesn’t know what websites you’re visiting, or what information you’re getting.  The website, on the other hand, only sees the postcard originating from the VPN server.  It has no idea that the original request come from elsewhere.

What doesn’t a VPN do?

Using a VPN isn’t always safer than not using a VPN.

Using a VPN funnels all your web traffic through a different server.  Basically, you’re moving your trust from your ISP to some other service.  If you trust that service, then great!  But be very, very careful where you place your trust.  It’s possible that fancy VPN service you see advertised might be worse than even Comcast!  The Electronic Frontier Foundation3EFF, i.e. my go-to resource for all things internet privacy and security recommends this list to check the reputability of different VPN services.4If you’re reading this, you should probably also check out EFF’s article about VPNs here

A VPN will not protect you against malware.

All a VPN does is shuffle your traffic around a bit to make it more difficult for computers between you and the internet to see what websites you visit and what information you’re sharing.  It does nothing to check that the actual information is safe and will not protect you from downloading viruses or from drive-by attacks.  A VPN might protect you from a common type of attack from hackers on the same network as you, but it will do nothing against hackers elsewhere on the internet.

A VPN only protects part of your data’s journey on the Internet.

Because a VPN is just a stop in the middle of your postcard’s route, it won’t do anything to help the second half of the journey.  If the website’s server is compromised, or the website uses an evil ISP to connect to the internet, then your data will still be compromised just the same, with or without a VPN.

tl;dr:

A VPN (Virtual Private Network) is a middleman server that provides a protective tunnel between it and your computer for web traffic.

A reputable VPN will
… protect information you send over the internet from prying eyes between you and the internet.
… hide your browsing habits from your ISP.5Internet Service Provider
… make your traffic appear to come from somewhere else, sometimes even other countries!

A reputable VPN will not
… protect you from viruses, malware, or remote hackers.
… protect your information from compromised web servers or other ISPs.
… give you a pass to make poor decisions online free from repercussions.

A disreputable VPN will
… steal all your data.
… sell your information to everyone who wants it.
… manage to be way worse than even Comcast.

Leave a Reply

Your email address will not be published. Required fields are marked *