ELI5: What is a VPN and how does it work?

ELI5: What is a VPN and how does it work?

You pass your friend a note in class, he passes you back a note. This is great, but then your teacher walks by and grabs the note away mid-pass and can read it out loud, now everyone knows you like Susie and asked your friend Bob to ask her out for you.

Jack is the classroom monitor who has the freedom to walk around during class. So you instead have a system where people pass Jack notes as he walks by them, and he distributes them to the people they go to, and collects up their responses. If Jack gets stopped, there’s a bunch of notes he’s holding, but the teacher doesn’t know which person wrote which note and where it’s going, only Jack knows that.

Jack is your VPN. Rather than connect directly to the website you want to access, you send a request to your VPN, the VPN connects to the site in question, they get back the result, and they return it to you. Someone watching your traffic sees that you’re making a request to the VPN, but not what the end point of that request is. Someone watching the VPN’s traffic sees the sites its requesting from, but not who made those requests.

Additionally, this can help you bypass some region-specific content restrictions. If you connect directly to Netflix, you only see the shows available to US viewers. If you connect to a French VPN, and through there connect to Netflix, you’ll instead see the shows that are available to French viewers. This can be used to bypass some censorship in addition to avoiding surveillance.

Another piece you may have heard of is TOR, The Onion Router, which connects to the “Dark Web”. TOR is effectively a multi-step, crowdsourced VPN network. Rather than A connecting to B which requests from C, then sends back to B to send back to A, you put multiple nodes in between the source and the destination. Each step only gets to see where it came from and where it’s going. So A sends a request to B saying “Pass this to C and return it to A”. B passes it on to C, C opens the message and it says “Pass this on to D and return it to B”. D gets a request saying “Request the result of the website and pass it back to C”. D gets it back, and sends a message back to C. C sends to B, B sends to A. No one step of the network knows both who made the request and where it’s going. There’s also websites that are kept distributed across this network that can only be accessed via the network.

A VPN is a service where your internet connection - in part or in full - instead runs down a connection to this VPN service. It builds a sort of tunnel through the internet to the VPN server, and it acts like a second router for your internet connection even though it’s miles away. Most typically, the VPN server encrypts the data and requires you to login to it. Your internet connection is effectively moved to the VPN server location and your own internet just sees you connected to that VPN.

For many jobs with work-from-home options, you will install a VPN client on your PC or one is included with your work issued laptop. It connects to the company VPN, and suddenly it’s just like being in the office, with access to all the office services like printers, files, etc.

There’s also a number of services that provide VPNs just for people who want to buy them. Claiming to offer privacy since your internet data goes to the VPN company rather than whoever your ISP is, but also the option to select your endpoint making it possible to seem like you live in a different country or such. It has niche uses, and most internet interaction is already encrypted anyway so the benefits are minor unless you can really make use of that “I live somewhere else” feature.

A VPN act like middle man in the communication between your computer and the various internet server.

Imagine that whenever you send a letter, you must write your home address on the enveloppe to receive a response. When you use a VPN, you send your letter to some third party with your address on it, then the third party replace your address on the enveloppe with their own. This way, the recipient of your letter cannot know who you are and where you live. The recipient then send their response to the third party who forward it back to you.

When you send a letter in the mail, you have the address it’s going to and your return address on it. Anybody in-between you and the destination knows exactly who sent the letter and who will receive it (although they don’t know what’s in the letter.)

Using a VPN means you put the VPN’s address on the envelope. Inside that envelope is another envelope that has the address of the actual recipient (and the return address of the VPN). When the VPN receives the mail, it opens the outer-most envelope and mails out your inner envelope. When the recipient mails something back, they mail it to the VPN which then mails it to you.

So as far as the post office (or anybody in the middle) is concerned you are corresponding with the VPN. As far as the receiver of the letter you sent is concerned, it came from the VPN.

“VPN” actually means a few different things. Technically, it’s a private network that acts over a public network.

But when most people say “VPN”, they mean “that program that lets you pirate stuff.”

Those programs work by redirecting your traffic from one place to another, then forwarding it along. You send your traffic to the VPN server, and the VPN server forwards that traffic over to the place you’re downloading from. That site never knows you’re the one requesting the data, because all it sees is a request from the VPN server. Likewise, your ISP never knows you’re downloading movies, because they don’t see you requesting data from the movie site–they only see you talking to the VPN server.

The ELI5 version is that a VPN, or Virtual Private Network, conceals the origin point of your internet traffic (your computer) from whatever you’re accessing and the destination (whatever you’re accessing) from your internet service provider (or boss, or roommate, or dude sitting in the corner of the coffee shop monitoring traffic on the unsecured network). This serves two main purposes.

First, what it was made for originally, it allows you to access the internal assets of a network - usually a business network for the purposes of working remotely.

Second, it can make you appear to be accessing an online resource from elsewhere, which is useful for streaming services and the like.

A VPN is a mail forwarding service for your internet traffic or a really really long Ethernet cable to a network jack somewhere else.

VPNs are mostly used in 2 ways:

1. To protect and hide your internet traffic or look like you are somewhere else. The VPN makes a “tunnel” between where you are and the VPN server. All of your internet traffic goes through that tunnel and only reaches the internet at the VPN server. If anyone were to snoop on your connection locally, they could only see that you’re connected to the VPN. Snoop from the services you’re using, and it will appear you’re at the VPN server and not wherever you actually are.

2. To connect to another network. This is mostly used by companies to allow their employees to access networks without needing to be in the building. For this, the tunnel ends inside the company’s network, allowing you to access business resources you otherwise couldn’t from the internet.

You know in time of war how they encrypted everything before sending anything? That’s pretty much that.

The only additional difference would be that:

• you send the message through the regular post (read it as internet)

• you send it to a known mule this guy will decrypt it and send it unencrypted (since whoever you are trying to reach can’t decode it).

Why using a VPN?

• You don’t trust anyone near you or they block some kind of traffic (eg. The network you are using (eg. Café, airport, …), you don’t trust your ISP). The content and destination is encrypted until the mule decrypt it.

• additionally, it hides the real source (you). As per, the content & destination is only clear on the mule side, but the mule is ultimately the one sending it as himself

On top of that, nowadays sites can determine your location from your IP alone, blocking you sometimes. So, since your mule is the one known by the website, it uses its location and not yours.

What is a VPN:
Just a computer, really

How does it work?
Normal internet communication: A — B
With vpn: A — V — B

In addition to this, the data in the leg V — A is also encrypted, so only A can read the data.

There are two important places to think about

1. Where you really are.
2. Where you can pretend you are

A VPN is a computer that takes your connection from your real location, and then as a middleman, pretends where you are.

Germany is apparently quite heavy about people who torrent so if you live there, you need to find a free or paid for VPN.

That VPN takes your request to download a file, and then rebroadcasts it, pretending the request comes from a different place. The file downloads through the VPN and it redirects it to your real computer.

You have no direct connection with the target computer, it’s the VPN that does that.
Your connection to the VPN is encrypted so no-one in Germany? knows what your data between you and the computer is all about.

The only people who know who you are and what you’re doing is the VPN company, and most claim to keep no records. They rely on keeping you hidden as their reason for existing so a VPN as middleman protects your ass.

There are other tricks too. Some companies like Netflix cannot provide films to certain parts of the world - maybe a film is still in the movie theaters there. A VPN can show you’re in a different part if the world, where you can watch it on Netflix, so the VPN tells Netflix you’re somewhere else and grants access.

A VPN is basically for Voyeurs, Perverts and Nonces. Hide your dodgy websites from normal people.

I thought people doing illegal stuff on the internet use a vpn, sounds like the vpv provider could still track them. What am I missing?(please eli5)

I’ve just bought a VPN, should I leave it running continuously for data protection?

Thank you this is really helpful!

That’s correct, they could. They just have a financial interest in not doing so–the instant they provide logs on one person, everyone else gets scared and stops paying them.

What you’re missing is that a VPN can be any server anywhere in the world. People who are looking to do illegal activities know this and exploit the loopholes. For example, a person looking to commit copyright infringement may buy a VPN in a country who has different copyright laws than theirs, with the hope that the country where the VPN is located won’t take copyright claims from their home country seriously and won’t comply with an investigation.

Someone who is looking to commit more serious crimes may look for countries that have a very lackadaisical attitude toward online criminal activity, don’t require their VPNs to keep logs, and/or are actively hostile to their own government and are unlikely to cooperate with them for any reason. So your country’s government may suspect that you have committed a crime and send a request to the VPN to provide them with the evidence, only to have that VPN ignore the request. When they complain to the VPN’s government and ask them to force the VPN company to comply, that country’s government laughs at the request and refuses to help, foiling your country’s investigation.

Of course, internet logs are not the only way governments can find evidence of a crime. And certainly for more serious crimes, it is likely only a matter of time before an investigation turns up some evidence that can be used to charge a crime: after all, if law enforcement is suspicious enough, they can always get a warrant to raid your house and seize your computer to find the evidence directly. But for lower level and civil offenses, a VPN can put up just enough barriers to make a full investigation not seem worth it to whomever is doing the investigating, especially if the investigation is being done by a private company (such as a media company) without any legal clout outside their own country.

Obviously, the safest solution is to not commit any crimes at all online.

You just shifted your “trust” from your isp to a vpn company.

“Data Protection” is a relative term. Who do you trust more - your internet provider or the company you purchased the VPN from?

It depends on what part of data ypu want it to be private. All data you send and receive from a https request is encrypted, but you ISP know where is the dara is going and what sites tou are connecting to. The sites likely know where tou came from.