© 2021 CyberNews - Latest tech news,
product reviews, and analyses.

If you purchase via links on our site, we may receive affiliate commissions.

What is a VPN and how does it work?

31

What is VPN

If you’re a frequent guest on the Internet, you might have heard the abbreviation “VPN.” It stands for Virtual Private Network. In everyday use, the term usually defines a service that lets you bypass censorship, access blocked content, or simply increase online privacy.

These services offer VPN apps that create an encrypted “tunnel,” sending your data through a remote VPN server and onto the destination server (e.g., Amazon’s server if you’re visiting amazon.com).

But what exactly is a VPN and how does it work? That’s a topic we’re going to address here. Hopefully, after this short read, you’ll be familiar with how a VPN works and how it can be useful in your day-to-day activities.

How does a VPN work?

Let’s imagine you want to visit the Amazon website. You type the URL (https://amazon.com) into the address bar of your browser and press Enter. The Amazon homepage loads and you can do your Christmas shopping. Here’s what that looks like in a somewhat more technical sense:  

  1. Your browser contacts a Domain Name Server (DNS) assigned by your ISP, asking it to translate the website domain into an IP address.
  2. Knowing the Amazon server’s IP address, your device can now send a request and retrieve the website.
  3. Your ISP routes your request to the Amazon server and returns a response.
scheme how a regular connection works 

Albeit a gross simplification, this is essentially how any connection works if you’re not using a VPN. In this example, your connection will be encrypted, because Amazon uses TLS/SSL (HTTPS). However, if you visit an insecure website that doesn’t have TLS, your data would not be encrypted.

Encryption aside, this type of session is not very private because:

  • By sending a DNS request to your ISP, you are telling your ISP that you want to visit Amazon.com
  • Further communication through your ISP tells them what you’re looking up on Amazon
  • Amazon also knows your IP address and can therefore determine your location as well as, potentially, your identity
VPN diagram

VPNs are essentially a combination of network infrastructure such as VPN servers, and VPN software. Simply put, you need a remote server and a VPN tunneling protocol (or VPN client app) to establish the connection. So if you want to visit Amazon using a VPN, here’s how that would work:  

  1. Firstly, you would connect to a VPN server in a country of your choosing, e.g., the UK
  2. The VPN app uses a tunneling protocol to create an encrypted connection to the VPN server
  3. You type amazon.com into the address bar and click Enter. Yet this time, the DNS query is resolved by the VPN, denying your ISP knowledge of what you’re doing 
  4. The VPN establishes a connection between their server and the Amazon.com server
  5. Traffic goes from you to the VPN server, then to Amazon’s server, and back

Why are VPNs good for privacy?

Connecting to the internet via a remote VPN server does several things:

  • It hides your IP address (and thus your location and identity) from the website or online service you’re using. In our above example, Amazon would see the VPN server IP address rather than your own
  • Additionally, it prevents your ISP and, by extension, your government from knowing what you’re doing online – your ISP can see you’re connecting to the VPN server IP, but nothing beyond that point
  • It encrypts your data, protecting your privacy and security if someone intercepts it. This is particularly relevant if you’re using public wifi and visiting insecure websites, which don’t encrypt the connection via TLS/SSL

Your browsing history can get you in a lot of trouble in certain situations. For example, imagine you’re in China and visiting a political forum where users are expressing anti-government views. Or perhaps you’re visiting a porn site as a citizen of Saudi Arabia.

Without a VPN, your ISP knows everything you’re doing on the internet. In countries with strict internet controls, ISP data is often freely available to government agencies.

VPNs’ ability to redirect and encrypt traffic has made them a favorite tool for anyone seeking online security, anonymity, or simply trying to unblock censor and restricted content.

What is VPN encryption?

The popularity of TLS/SSL (HTTPS) on the web means that most of your browsing is encrypted. Sadly, many other online activities, such as torrenting, remain in plaintext. And even when it comes to browsing, not all websites have implemented TLS, which leaves dangerous security gaps. That’s where VPN comes in.

Encryption secures a VPN tunnel – the one that goes from your device to the VPN service provider’s server. It means that the connection between your device and the VPN provider’s server is behind a lock.

VPN encrypts all of your internet traffic, including your browser, torrent, messaging app traffic, or whatever else you may be doing on the internet. Therefore, your connection will be encrypted, even if you’re visiting an insecure website.

Although encryption slows your connection down a little, it does not interfere with your ability to connect to the Internet. It just makes it impossible for someone to reveal network exchanges.

Most top VPN services rely on the Advanced Encryption Standard (AES) cipher to seal the data that goes through – the same type of encryption that financial and government institutions use.

How does VPN encryption work?

Encryption is persistent when you establish a connection to a VPN server. Your data between your device and the VPN server is encrypted. It’s deciphered only at the endpoints: when the data reaches your device and leaves a VPN server.

Symmetric encryption diagram

VPNs use three types of cryptography: symmetric encryption, asymmetric encryption, and hashing. Here’s how VPN encryption works:

  1. When you connect to a VPN server, the connection performs a “handshake” between a VPN client and a VPN server. During this step, hashing is used to authenticate that the user is interacting with a real VPN server, and asymmetric encryption is used to exchange symmetric encryption keys.A few popular examples of asymmetric (or public key) protocols used at this stage are RSA or Diffie-Hellman.
  2. Once the handshake is successful, symmetric encryption is used to encrypt all data passing between the user and the VPN server. The most common symmetric encryption cipher used by VPNs is AES (specifically, AES-256).

Since AES is the most popular data encryption cipher used by VPNs, let’s take a look at this cipher in more detail. 

What is AES-256?

AES-256 stands for Advanced Encryption Standard using 256-bit integers to process data. It is a symmetric key encryption algorithm for encryption and decryption. Generally, it’s considered the gold standard of modern encryption. VPNs use it to create a safe tunnel for your private data exchanges.

how AES works diagram

You might see weaker AES standards like AES-128. This simply implies that the cryptographic key is shorter and easier (although still virtually impossible) to “brute force.” As a rule of thumb, the longer the encryption key, the more potential combinations, which would take longer to crack. It’s the same principle as using a longer password means it’s harder to guess.

On the flip side, a longer encryption key means slower connections because the encryption and decryption take longer.

In the wild, you will most often find three variations of AES: AES-128, AES-192, and AES-256. Additionally, you may encounter different modes of operation, such as AES-256-GCM or AES-256-CBC, but that’s a story for another time.

Not all tunneling protocols support this kind of encryption. For example, PPTP uses the much weaker MPPE cipher, whereas the new WireGuard protocol primarily uses ChaCha20.

What does a VPN server do?

VPN servers are at the heart of any VPN service – they forward your internet traffic to the destination server and return the response to you

explanation what a vpn server does

The top providers have hundreds or even thousands of servers scattered across the globe. This is important not only to ensure good performance but also because choosing the VPN server’s country amounts to choosing your virtual location. The websites you connect to will assume you’re based in the VPN server’s country.

If you’re not connecting through a VPN server, the owner of any website you visit will know your IP address. You may want to avoid this due to 2 basic reasons:

  • Privacy
  • Access. You will get different versions of websites based on your location. In some cases, this might mean worse prices for the same goods; in others, it may mean different content or no access at all.

Depending on the provider may collect data about you, such as your IP address, session time, the websites you’re visiting, etc. This is something to avoid, which is why it’s crucial to choose a VPN service with a no-logging policy. Some providers even go so far as to use diskless, RAM-only servers, which are technologically incapable of storing lots of data. 

Depending on the provider may collect data about you, such as your IP address, session time, the websites you’re visiting, etc. This is something to avoid, which is why it’s crucial to choose a VPN service with a no-logging policy. Some providers even go so far as to use diskless, RAM-only servers, which are technologically incapable of storing lots of data.

VPN protocols

The primary function of a VPN protocol or tunneling protocol is to establish a safe tunnel between your device and the VPN server. When a VPN connects to a VPN server, it creates a tunnel to send data. The protocol used to create this connection determines how your data is sent through the network.

There are quite a lot of options there. Some protocols are more secure, some are faster, some are better on mobile devices or older PCs, some are better at bypassing stringent firewalls, and some are just outdated.

Here are the most common that you could find in most VPN clients.

Common VPN protocols

Most VPN protocols were not developed by VPN service providers, who merely implemented the technology in their apps.

IKEv2 – stands for Internet Key Exchange version 2. It mainly handles request and response confirmations. Usually, for authentication IPSec is used in conjunction (IKEv2/IPSec).

This is very efficient on an unreliable connection. IKEv2 effectively reestablishes after a connection loss. It’s also one of the fastest, most used tunneling protocols on mobile devices because it can easily switch between wireless to cellular and back.

OpenVPN – by far the most common tunneling protocol on desktop apps. This is an open-source protocol based on OpenSSL. It comes in two types: TCP and UDP.

  • UDP is the User Datagram Protocol. It is much faster because it doesn’t allow the recipient to resend data requests. This means less verification of data integrity, which allows for more rapid exchanges, hence better speeds.
  • TCP is the Transmission Control Protocol. It allows multiple data verifications, so the processing time may be slower, limiting your internet speed. Use UDP on the networks you can trust, while TCP will be better on public Wi-Fi hotspots.

L2TP/IPSec – On its own, L2TP doesn’t provide any encryption. Its job is request and response confirmations. Encryption enters the arena with IPSec, which is often used in conjunction.

There are many discussions about whether this protocol is secure because it was co-developed with the NSA. The Edward Snowden leaks seemed to imply that the NSA may have backdoors to access L2TP/IPSec traffic.

WireGuard – the next-gen of tunneling protocols. It uses fewer lines of code, making it easier to audit, and squeezes the most out of your device’s processing power. It’s ideal for mobile devices and slower computers, has up-do-date encryption built-in, and offers reliable connections.

WireGuard gives the best performance of any current VPN tunneling protocol.

SSTP – Secure Socket Tunneling Protocol. Created by Microsoft, this protocol is not exclusive to Windows and provides a high level of encryption.

While SSTP is very capable, there are concerns that Microsoft may have backdoors to access SSTP traffic.

PPTP – Point to Point Tunneling Protocol. Developed in the late ’90s and the first to become widely available.

This protocol relies on outdated encryption, which has become vulnerable to brute force attacks as computing power grew. As such, few VPN service providers currently offer this protocol.

Proprietary VPN protocols

Some VPN service providers have developed their own tunneling protocols. These are exclusive protocols that you’ll find only in the suites of specific VPN service providers.

Catapult Hydra – developed for the Hotspot Shield VPN service. The company claims that this protocol allows the service to achieve much better connection speeds than using standard tunneling protocols. Whether due to Catapult Hydra or other reasons, Hotspot Shield has always been among the fastest VPNs.

NordLynx – only available on NordVPN. NordLynx is a modified version of WireGuard, solving potential security issues while keeping the performance intact.

Lightway – only available on ExpressVPN. It uses an open-source implementation of Transport Layer Security (TLS), wolfSSL. Its goal is to be as lightweight as possible, aiming for ease of maintenance and high performance.

How does a VPN client work?

A VPN client (or VPN app) is the software on your device that communicates with a VPN server, establishing the connection and encrypting data.

Your VPN app is where you control your VPN experience: which server to connect to, which tunneling protocol to use, which features to activate, etc. Most great VPN service providers have apps for Windows, macOS, Android, iOS, Linux, Amazon Fire TV, and more.

With that said, you can use a VPN without a custom VPN app. All major platforms offer VPN functionality in some form – you can set up a VPN connection through your networking settings on Windows, for example.

You can also set it up on your wifi router following instructions on your VPN provider’s website. As a matter of fact, this is the only way you’ll be able to use a VPN with devices that don’t support VPN, such as gaming consoles or some smart TVs.

What does a VPN do?

Now you know what a VPN is and how it works, but what is it good for, specifically? Well, as it turns out, VPNs can improve your online experience in a number of ways. Here’s how.

Hide your online activities

crossed eye 

If you live in an oppressive regime, the government could use your internet history against you. If you’re connecting directly, your ISP knows every domain you visit. Using a VPN helps you avoid such surveillance – all your ISP will see is you connecting to the VPN. In some cases, they won’t even know that much.

Even if you’re living in a democracy, there are reasons why you may want to hide your online activities. A prime example is torrenting – downloading copyrighted materials can lead to legal problems, which is why many torrenters use VPNs to hide their IP address.

You may have also heard that your private data is the hottest product nowadays. When you have a lot of data on someone, you can make accurate prediction models. For example, it makes much more sense for businesses that sell smart dog collars to target the people who have dogs. This leads to ISPs selling browsing data – not a fun prospect for privacy.

Defeat government censorship

defeat censorship

You may have noticed that sometimes your ISP blocks particular sites or online services. This practice is especially prevalent in countries with strict Internet censorship. Waiting for a revolution that will overthrow the regime can take a while. With a VPN, you’re connecting through another country that doesn’t have such blocks in place. It means that you can freely use the Internet wherever you are.

Countries like China have advanced measures like traffic analyzers to determine whether you’re using a VPN. Still, many VPN service providers have traffic scrambling tools in place to solve the issue.

Make the most of your subscriptions

defeat geo blocking

You might have heard that Netflix libraries aren’t all made equal. You pay more for your Netflix subscription in Switzerland but get a smaller library of movies and TV series than users in the US. It doesn’t sound right.

To solve this, many people use a VPN because it lets you watch Netflix from anywhere, as if you’re located somewhere else – just choose a VPN server in that country. This enables you to remove limits from the content libraries of the services you have subscribed for.

Since many entertainment platforms are moving to subscription-based models with third-party copyright holders licensing content based on region, expect more of this in the future.

Gives more flexibility with online purchases

icon showing online purchases

One of the most known lifehacks is that it’s best to buy plane tickets and buy hotel reservations in Incognito Mode. Albeit VPN doesn’t do the same thing, it will prevent you from falling prey to price discrimination – the practice of charging a different price for the same goods or services depending on your location.

Many retailers are guilty of price discrimination, and there’s a good chance that your next purchase will be cheaper if you’re using a VPN. Plus, if you’re abroad and want to order something for when you get back home, the VPN might be the only way to access the local webpage version.

Bypass ISP bandwidth throttling

icon showing speed

Bandwidth throttling is a deliberate way for ISPs to slow down your connection. ISPs in various countries have been guilty of this, especially for P2P traffic – torrenting large files at high speed can be heavy on the internet infrastructure, and throttling is their way of solving it.

Using a VPN, you can hide the nature of your traffic, making it harder to pinpoint you and impose download speed limits. This is one of those rare situations where a VPN can actually increase your connection speed.

Provide safety from hackers

safety from hackers icon

VPN may not be the first tool that comes to mind when you think about security. Yet in some situations, using a VPN can save you from hackers.

This is particularly true if you’re using unsecured public wifi – something we all resort to in cafes or airports. In these settings, a crafty hacker could set themselves up between you and the router, intercepting your traffic in what is known as a man-in-the-middle attack. A VPN stops such a situation in its tracks simply because any intercepted traffic would be encrypted and useless.

Your IP address could also be useful to hackers for various ends. For one thing, it can reveal your location, which could take someone a long way towards doxxing or DDoSing you. And it would also let a hacker start scanning your router’s open ports to check whether there are exploitable vulnerabilities.

The key takeaway is this: you don’t want your IP ending up in the wrong hands. Yet, when seeding torrent files or joining a Discord message board, your IP is literally out in the open. A VPN gives you a throwaway IP address for when you’re connected, saving you from all such situations.

VPN vulnerabilities

There are no perfect cybersecurity products, and using a VPN is associated with some risks:

  1. Some VPN services are still using old and outdated protocols with known vulnerabilities. That is why most leading providers have phased out the Point-to-Point Tunneling Protocol (PPTP).
  2. Insecure VPN services could let a hacker impersonate a VPN server, intercepting your data.
  3. If you’re using a VPN and their server goes down, most likely, you’re still browsing the web but now with your real IP address showing. Top VPNs offer kill switch features to disable your internet connection when the VPN drops.
  4. When a VPN service is free, more often than not, it means that it’s selling your data. Think about it: the maintenance of server fleets cost money. Hence, when the service is free, the money has to come from somewhere. In many cases, the VPN is collecting your data and selling it off to third parties.
  5. Free mobile VPNs are particularly problematic. For example, there have been reports about most top VPNs on Google Play being owned by Chinese companies. Considering what we know about China, that could mean all kinds of sensitive information is going straight to the Chinese government.
  6. Even some good VPNs have been caught logging user data and giving it over to the authorities when asked. That’s why a no-logs VPN is what you want.

And as always, a lot can go wrong if you skip critical patches. Maintenance and good cyber-hygiene are paramount, whether you’re using a VPN or something else.

Can you be tracked with a VPN?

Don’t think that VPN single-handedly solves all your privacy problems. If you’re logged in to your Google account or you’re logging into various services with your Facebook login, VPN can’t help you. Google and Facebook will know exactly which sites you’ve visited.

Additionally, the modern internet is rife with browser-based tracking technologies – cookies fingerprinting scripts, and other nefarious stuff. These can still threaten your anonymity even if your VPN is on.

To limit the risk, you should stay away from social media accounts when using a VPN. Also, you should use addons that block intrusive tracking scripts. uBlock Origin, Ghostery, and NoScript are just a few such tools.

Checklist for choosing a secure VPN provider

VPN services are not made equal. Some of them have more features, better security measures. Others have completed third-party audits that add credibility to their transparency claims. When choosing a VPN service, you’re making a conscious decision to trust a company with your data. The least you could do is invest time in some research.

Here are a few things to look out for:

#1 Reputation

Even if you’re just looking for a VPN to unblock Netflix, the service’s reputation is essential. Your privacy is important and you should never trade it.

Unfortunately, it can be challenging to know what VPN services are up to behind closed doors. Yet if a VPN provider has been caught red-handed giving away user data or bending the truth about their services – that’s a good way to know which VPN not to choose.

#2 Jurisdiction

Where a VPN operates from matters. Some countries require VPNs to collect user data whereas others have harsh copyright laws. As a user of such a VPN, you run the risk of letting your data get into the wrong hands.

The Edward Snowden leaks shed light on the scope of surveillance around the globe. If you think that living outside of the US makes you safe against the NSA and you’ll have nothing to worry about, think again. The surveillance alliance known colloquially as the 14-Eyes shares intelligence data on each other’s citizens. And they’re not even the worst of the bunch.

#3 Anonymous payment options

You are as anonymous as your method of payment. Paying with a credit card leaves records not only on your banking statement but in the company’s accounting logs. It never hurts to check if your chosen service supports payments via cryptocurrency, prepaid cards, or other options. As a rule of thumb, the less personal information you provide, the better the service is for your privacy.

#4 Technical specifications

Encryption, reliable tunneling protocols, leak protection, a kill switch – all of these are necessary for a secure VPN. The provider can be very transparent, but if they don’t have the tech to provide privacy and security, you’re going to have a bad time.

Which VPN should I choose?

As there are hundreds of VPN services to choose from, picking the best one might seem like a daunting task. Luckily, there are a few ways to distinguish the good from the bad. Here’s what you need to look for in a quality VPN:

  • Tunneling protocols. Not all VPN protocols were created equal. Some, like PPTP, are downright outdated. So, when choosing your VPN, look for fast and secure protocols like OpenVPN, IKEv2, and WireGuard.
  • Server list. It comes without saying that you should pick a VPN that offers servers in the country you want to connect to. However, a broader coverage is always better in general, as the servers won’t be as crowded. You should also look for servers near you for a faster connection.
  • Logging policy. Always read the logging policy of the VPN you’re about to download. Look for a service that doesn’t keep any personal logs. Also, it’s better when the logging policy is audited by an independent third-party.
  • Streaming and torrenting. Not all VPN services are able to unblock various streaming platforms like Netflix. Similarly, not all VPNs support torrenting. Keep this in mind when looking for your perfect VPN - usually, reading a couple of reviews will give you the gist of whether the VPN will suit your needs.
  • Apps and devices. Whether you use Windows, macOS, iOS, Android, or Linux, it’s a good idea to check whether a VPN offers a good application for your operating system. Some VPNs also support routers, smart TVs, and gaming consoles.

If you find it too difficult to pick a VPN yourself, you can check out our list of the best VPNs or simply download one of our top choices like NordVPN, Surfshark, or ExpressVPN.

Alternatives to VPN

There are other tools out there that offer similar solutions. Which VPN alternatives work for you depends on what functionality you need. If you need to quickly unblock some site, it might not make much sense to pay for a top-notch VPN server. Even when a VPN is an appropriate solution, you might have identical results using other options.

You can find workarounds to various problems by using VPN alternatives. Here are some of them and what they’re good for.

Tor browser

black Tor browser logo

The Tor browser is an open-source browser and a network that offers anonymity by directing your traffic through a network of volunteer nodes. The traffic is encrypted, so no one along its journey can view it. To reach the desired website, your connection jumps through several of these nodes (also called relays or simply “servers”), making tracking your activities difficult.

In some senses, Tor is a free alternative to VPN networks, but it has downsides. Firstly, these nodes your traffic goes through are often just servers hosted on volunteer users’ PCs. That, plus the fact your connection goes through at least 3 nodes chosen randomly, means the speed can never compare to a top-tier VPN.

Additionally, Tor has potential security issues. An experiment in 2007 showed how compromised exit nodes could be used to intercept traffic. Having enough of these nodes on the network may even lead to deanonymization. Tor is continuously monitoring all their compromised relays and blacklisting them, but they can’t realistically keep them all at bay. That’s one of the built-in risks.

Proxy services

proxy services icon

A proxy allows you to do the same thing as a VPN – appear as though you’re connecting from a different location. Proxy services work by connecting you to the internet through an intermediate server. They’re great if you want to access some website at school, for example.

The critical difference is that most types of proxies don’t use encryption, meaning they’re not as secure. Additionally, unlike VPNs, proxies work at the app level – you can set a SOCKS proxy up on your browser or torrent client, but they won’t protect any apps you use that don’t have a proxy set up.

Some VPNs include proxy services as part of the package.

Read more: Proxy vs. VPN

VPN browsers

icons for vpn browser 

These tools integrate VPN functionalities within a browser so that you could surf the web without being tracked. For example, the Aloha browser even uses VPN tunneling protocols like IKEv2 and IPSec.

The downside is that a VPN browser only protects your browser traffic. Everything else that leaves your computer can be seen and traced back to you.

VPN glossary

The VPN-related dictionary can be hard to understand for the uninitiated. Here are some of the terms you may encounter when looking for a VPN or using one.

Dedicated IP (static IP)

Each time you connect to a VPN server, you will get a different IP address. These IPs are shared among many users and they are known as dynamic IP addresses.

There are benefits to having a shared IP address. For one thing, this makes it a lot harder to link you to your online activities. However you need your IP address to stay the same whenever you connect for some things to work.

explanation how dedicated ip works

To solve the issue, some VPN service providers offer dedicated IP addresses for an additional fee.

DNS leak protection

A DNS leak is a situation that occurs when your traffic goes through a VPN server, but your ISP’s DNS still resolves your DNS queries. This is primarily due to issues with the Windows operating system.

Some VPNs have features built into their apps to prevent this from happening.

Kill switch

If you get disconnected from a VPN server, your device will try to reconnect via your regular connection. That means the website you’re visiting now knows your real IP, while your ISP knows what website you’re on.

The kill switch is a feature that solves this type of leak by “killing” your internet if the VPN drops.

Military-grade encryption

This phrase usually describes AES-256, the industry standard data encryption cipher.

Multi-hop (double VPN)

scheme explaining multi hop 

The multi-hop or double VPN feature lets you connect through 2 or more VPN servers instead of 1. It significantly increases security at the cost of performance.

No log policy

A “no log”, “no logs”, or “no logging” policy is the VPN provider’s promise not to store any data associated with your online activities.

In reality, it’s often a “some logs” or “no activity logs” policy, as VPNs may keep track of timestamps of when you connect to a VPN server and other anonymous data.

In recent years, top VPN services have been asking third-party companies to audit their no log policies. Short of legal incidents that prove VPNs’ claims, these audits are the closest users have to proof.

Simultaneous connections

A VPN subscription usually lets you use the service on several devices at once. This lets you install the VPN on all your smart devices or share a subscription among friends and family.

The number of simultaneous connections can range from zero to unlimited.

Split tunneling

You may want to use a VPN for some online activities, while at the same time not using it for others. For example, suppose you use online banking. In that case, your VPN connection may trigger security measures put in place to protect users against suspicious logins.

vpn split tunneling explained 

For cases like these, VPNs offer the split tunneling feature. On your VPN app, you can specify which websites or apps can bypass the encrypted tunnel and connect directly. That way, you can stay protected with a VPN when it counts, but route your Steam game downloads through your ISP to make them faster.

For cases like these, VPNs offer the split tunneling feature. On your VPN app, you can specify which websites or apps can bypass the encrypted tunnel and connect directly. That way, you can stay protected with a VPN when it counts, but route your Steam game downloads through your ISP to make them faster.

Shadowsocks

Aside from the regular tunneling protocols, you may also find something called Shadowsocks. It stands in a league of its own – as an open-source encryption protocol project for proxies.

First developed to defeat the Great Firewall of China, it disguises your traffic to seem like a regular HTTPS exchange. This makes it harder to detect (and block) than looking for OpenVPN usage signs.

Stealth mode (obfuscated servers)

This feature has many names and different implementations, but the idea is similar to Shadowsocks. Stealth mode is used to scramble regular VPN traffic, making it difficult to detect even by advanced methods like Deep Packet Inspection (DPI).

Tor over VPN (onion over VPN)

Several VPNs offer an integration with the Tor network for maximum security. This puts so many layers between you and the destination server that finding out what you’re doing is practically impossible. However, your connection speed will suffer significantly.

FAQ

Comments
Sebastian
Sebastian
prefix 3 months ago
this is a great explanation about what is vpn and how it works. I really liked the illlustrations. These are really complex things you’ve showed but I found it easy to read. Good job! Keep it up! :))
Ken
Ken
prefix 5 months ago
Hello. Sorry if this place is not suitable for this topic, but how to check to see if my vpn is working on my phone? I have Redmi and there is a built-in VPN and simply one button : turn on/off. And when I turn it on – nothing happens.
Tadas Švenčionis
Tadas Švenčionis
prefix 5 months ago
Hi Ken,

Probably the easiest way to check is to look up your IP address (just Google “what is my IP?”) with your VPN off and compare it to when the VPN is (or should be) on. If you’re seeing the same IP address, the VPN is not working.

To my knowledge (and take this with a grain of salt as I don’t have a Xiaomi phone) there is no VPN “app” with a related VPN network on the MIUI, which means to make it work you likely first need a server to connect to. Unless you’ve set that up manually, it shouldn’t work.
Garry
Garry
prefix 5 months ago
I’ve learned a lot about VPNs recently and considered getting one for myself. I’ve come across one term and have wondered what it is and how it applies to me and my router. What is VPN passthrough linksys?
Tadas Švenčionis
Tadas Švenčionis
prefix 5 months ago
Hi Garry,

Without getting too technical, VPN passthrough is a router feature that lets you use older VPN protocols (particularly PPTP and IPSec). Linksys is just a router brand.

Unless you want to use these older protocols (and there really are few reasons you would), VPN passthrough is irrelevant to you.
Bill Hopkins
Bill Hopkins
prefix 6 months ago
Can internet provider see VPN? For example in China, where government is against VPNs , how they detect that you are using a VPN? Probably internet providers can see that you are accessing with a VPN. I have no other explanations.
Tadas Švenčionis
Tadas Švenčionis
prefix 6 months ago
Hi Bill,

There are a few ways. Firstly, you’re connecting to the VPN via your ISP, so they may know the IP address you’re connecting to is a VPN server’s IP address. Failing that, there’s also traffic analysis, which can tell what protocol you’re using to connect, e.g. OpenVPN.
Axel
Axel
prefix 6 months ago
Why won’t my VPN work at school? Is it possible that my school router has some special settings that block any other IP and let’s only school IP to access internet? My VPN works perfectly at home, and even when using mobile data, but when i try it on schools wifi – it doesn’t connect.
Tadas Švenčionis
Tadas Švenčionis
prefix 6 months ago
Hi Axel,

Yes, it’s possible there’s some firewall blocking your VPN connection. Try a few different servers or try a different tunneling protocol (particularly if your VPN service has some sort of “stealth” or “obfuscation” protocol/mode).
Samuel
Samuel
prefix 6 months ago
i’ve only started learning cybersecurity and it seems more difficult than i thought.  is incognito mode a vpn feature?  i look in settings but can’t find it! please tell me where to find it, as i want to browse internet in a safe and private mode
Tadas Švenčionis
Tadas Švenčionis
prefix 6 months ago
Hi Samuel,

Incognito mode is a browser feature, rather than a VPN feature. Typically, it prevents some browser-based tracking technologies (such as cookies). Using that in conjunction with a VPN (which prevents IP-based tracking) is how you can achieve safe and private browsing.
Ardon 55
Ardon 55
prefix 6 months ago
Hello! I have a question – how to trace VPN IP address ? I often connect to public wifi and browse controversial websites. I wonder can the government or hackers trace that I’m using a VPN and what VPN exactly by detecting the IP. 
Tadas Švenčionis
Tadas Švenčionis
prefix 5 months ago
Hi,
Yes, the government can theoretically find out if you’re using a VPN and even what VPN you’re using (although there are ways around it). However, finding out what you’re doing once you’re connected to the VPN is a different matter entirely. To find out, someone would have to contact the VPN service provider and ask for data on you. The catch is that many VPNs don’t keep data relating to your online activities (or any data at all) – these are known as “no log” VPN services. If that’s what you’re aiming for, NordVPN, ExpressVPN, Surfshark, Mullvad will all do the job.
Hannah
Hannah
prefix 6 months ago
in my country a couple of news source websites are blocked now. that’s very sad, since they were non biased and very interesting to read. does vpn bypass blocked websites ? in this case i would buy a vpn, as it feels that a couple of websites might be affected too, and there won’t be anything left to read.
Tadas Švenčionis
Tadas Švenčionis
prefix 5 months ago
Hi Hannah,

Yes, you can use a VPN to unblock websites. Before you get a subscription, however, I suggest you check your country’s attitude toward VPNs. In some countries, caution is advised when using them (and also, some VPN services will work better than others if the country is blocking VPN traffic).
miles
miles
prefix 6 months ago
what vpn protocol should i use to watch Netflix? i’m using pia vpn. i have a quite slow internet and sometimes watching movies online the buffering screen appears. but sometimes vpns help to increase speed with a proper protocol, so i need to know which one is the proper one.
Tadas Švenčionis
Tadas Švenčionis
prefix 5 months ago
Hi miles,

WireGuard is typically the fastest tunneling protocol choice and PIA does have it available.
Liam
Liam
prefix 6 months ago
Before buying VPN I want to know experts opinion : will a vpn slow my internet speed? You connect to a server that is far from you, so it’s logical that the speed will decrease. However, many providers claim, that it’s quite the opposite. You can even increase your speed and reduce ping in online games. Is it true?
Tadas Švenčionis
Tadas Švenčionis
prefix 5 months ago
Hi Liam,

Yes, a VPN will most likely slow your internet speed down. In some (quite rare) cases, a VPN can increase speeds or produce a better ping in games due to routing nuances or ISP speed throttling. If bad ping or bad speeds are issues you’re trying to solve with a VPN, trying certainly won’t hurt, but pings and speeds are more often bad due to problems VPNs can’t solve.
Dietrich Hass
Dietrich Hass
prefix 8 months ago
Picture a scenario – you and your college buddies are heading to a cofe shop to get some work done because they have free wifi there, however you still wanna keep the traffic hidden. That’s where a vpn comes in. Sadly, only one has a vpn account. Is it possible and how to share vpn connection over wifi on windows 10?
Tadas Švenčionis
Tadas Švenčionis
prefix 8 months ago
Short answer – yes, it’s possible and not very difficult. We’ll probably cover the topic in more detail at some point. For now, check the support page of your VPN provider and you’ll most likely find the relevant instructions.
Philip55
Philip55
prefix 8 months ago
So I’ve been scouring the net for more info about vpns and I came across a particular group of people that hold some interesting beliefs. They say that no commercial vpns can be trusted and that you’re better off hosting one yourself. The logic seems sound, but I’m not entirely convinced. Perhaps you guys could elaborate on this topic? And maybe even write an article about how to set up your own home vpn server?
Tadas Švenčionis
Tadas Švenčionis
prefix 8 months ago
As a matter of fact, we have covered setting up your own VPN server here.

The answer to which is better is probably “it depends.” I would say setting up on your own can be a very good idea if you know what you’re doing. You’ll still have to trust whoever’s hosting your server though, and I’d also say some commercial VPN services have done a great deal to prove they’re not collecting your data.
CheeFraser
CheeFraser
prefix 8 months ago
Thanks to the lockdown I had more time to play video games and stream on Twitch. And it’s looking pretty promising too. However, I am aware that having a larger audience puts me in greater risk of being targeted by trolls or other types of haters. In this situation what do you think is the best vpn for ddos protection?
Tadas Švenčionis
Tadas Švenčionis
prefix 8 months ago
Avoiding DDoS is all about hiding your IP address, which means any half decent VPN that doesn’t leak your IP will do the job. With that said, you’re probably going to need a VPN that offers good connection speeds, so your best bet is something like ExpressVPN or NordVPN.
Christine Morin
Christine Morin
prefix 9 months ago
Could you elaborate on what are the benefits of having a vpn? Everyone keeps prattling on about how it protects your data on unsecure public wifi and hackers will steal your credit cards or something like that. People are barely going out now to use public wifi. So what’s the point really? Put a strong password on your home routers and you’re good on the security front. Isn’t that right?
Tadas Švenčionis
Tadas Švenčionis
prefix 8 months ago
Hi Christine,

In terms of security, the benefit mostly centers around hiding your activities from your ISP and hiding your IP address from the websites you visit. That can be relevant when torrenting, for example. But many people also use VPNs for entertainment – getting more online content than is available in any particular country is a popular use case.
Wiggluthi298
Wiggluthi298
prefix 9 months ago
Do you know what’s best vpn for torrenting and streaming? Wanna kill two birds with one stone. I normally don’t mind paying for streaming services, but it’s really frustrating how the market is fragmented. Do they really expect me to pay a premium subscription for a couple of good shows and a load of low quality stuff? No thanks.
Tadas Švenčionis
Tadas Švenčionis
prefix 8 months ago
For streaming, I’d be inclined to suggest some of the big mainstream choices, like ExpressVPN, NordVPN, or Surfshark. These have good connection speeds and are capable unblockers. For torrenting, any secure VPN that supports torrent traffic and has good speeds will do. Any of the above choices is fine, but you could also go for something like Mullvad, PIA, etc.
Plentype37
Plentype37
prefix 9 months ago
Hey there. Will a vpn slow my internet speed and if so by how much? Things have been getting worse regarding the pandemic and I’ve decided to work more from home, but my boss is telling me that I need to get a vpn in that case. I say no problem but then what about my internet speed? I need something that would not hinder my productivity too much.
Tadas Švenčionis
Tadas Švenčionis
prefix 8 months ago
Yes, a VPN will invariably slow your internet speed. By how much depends on the provider, the server you choose to connect through, etc. The drop-off can range from less than 10% (with good providers and/or nearby server locations) to more than 95% (with bad providers and/or remote server locations).
Leave a Reply

Your email address will not be published. Required fields are marked