Ever wondered how a Virtual Private Network (VPN) keeps your data secure or why it’s called a VPN in the first place? In this post, I’ll be going over the basic attributes of a VPN to better understand how they work.
I recently downloaded a new VPN (or Virtual Private Network) this past weekend. If you’re like me and spend a lot of time (perhaps too much) watching youtube videos you’ve probably seen an ad for VPNs like ExpressVPN, NordVPN and maybe even ProtonVPN. While all these companies offer different VPN services, there is clearly some underlying mechanism that makes something a VPN. Having only a rudimentary understanding of what a VPN actually is, I was interested in learning more. For instance, why is it called a VPN? What makes a network virtual? And what makes them so secure?
So, let’s take a look behind all the fancy UX/UI design choices into what makes something a VPN and how they actually work.
What is a VPN?
From my in-depth research (a look through the Wikipedia page for VPNs), a VPN is a network that “uses network virtualization to extend a private network across a public network … via the use of encryption and tunneling protocols.” Now that is definitely a mouthful but a few key terms that stood out to me are: network virtualization, private network, encryption and tunneling protocols.
First, let’s take a look at the private network part of VPN (given that it is in the name) as well as the concept of network virtualization.
Private Network vs Virtual Private Network: What’s the difference?
Private Networks
While a public network, e.g. airport Wi-Fi, is any network that is publicly accessible to a user without any sort of restriction, a private network is not. Private networks are things like your neighbor’s password-protected home Wi-Fi, eduroam, or a network of data servers hidden behind a firewall. The main idea is that a private network typically involves some form of access control to restrict which users can access the network.
Forms of access control can include things like firewalls to filter network traffic, user authentication like with eduroam or a general password shared with trusted users.
However, the next question is what makes a private network become a virtual private network?
Virtual Networks
One way to think about network virtualization is through this example. Consider a room with 5 people. All 5 people can easily speak to each other because they are physically in the same room. Now imagine that on the other side of the world is another room with a different group of 5 people. While the two groups are physically distant, if we set up a video call between them, all 10 of them can talk to each other.
In the same way, network virtualization is a way to turn separate private networks into one seemingly cohesive network. The two groups of 5 each represent a private network, while the video call represents the software processes that connect the two networks together.
So in the case of VPNs the use of network virtualization allows multiple private networks to connect to form a larger private network that users can connect to.
Private networks on their own have several security advantages namely the ability to control who has access to them. However, even though your home Wi-Fi is technically a private network, it is still strongly advised to use a VPN for added security. But what is that added security?
Encryption & Tunneling
A big promise that VPN companies make is that your data will be encrypted from end-point (e.g. your browser) to end-point (e.g. your bank’s website) but how do they actually ensure that?
In an overly simplified nutshell, when you connect to a VPN, you’re actually connecting to one of several servers. To establish that connection the VPN then creates an “encrypted tunnel” between you and the server. There is a lot more to be said about how encryption works but that is a whole story all on its own. However, to put it simply, the encrypted tunnel is created by exchanging encryption keys between your device and the server so that all data sent between them cannot be read by anyone else (including your ISP).
Whenever you access the internet your data is routed through the VPN server which masks (obscures) your IP address. This is because all your traffic appears to come from the VPN server rather than your device. If your IP address cannot be traced back to you then your data cannot be easily tracked.
If an attacker (or your ISP) tries to read the data moving between you and the VPN server, all they will see is an encrypted message and will be unable to determine which sites you visited or which networks you accessed.
All of this combined with the use of private networks makes VPNs a very secure way to access the internet. Not to mention, you can access content from different regions by simply connecting to a server in that region.
I hope this helped you better understand how VPNs work but I would encourage you to read more about it if you’re interested! There’s a lot more information out there.
— Aadi