How does a VPN work?

VPNs are able to provide all these services thanks to crucial pieces of tech, like protocols and encryption. However, unless you're a tech expert, chances are you haven't heard of them before. In this article, I'll explore in more detail how VPNs work.

How VPNs work – in a nutshell

When you connect to a VPN, that VPN creates an encrypted tunnel. All your internet traffic is then routed through this encrypted tunnel.

As a result, your internet traffic is hidden from anyone that might be trying to snoop on it – for example your internet service provider (ISP), hackers, or even the government.

In between your device and you destination, your internet traffic heads through a server owned by the VPN.

Because of this, your IP address is also changed to one owned by the VPN. This why, if you connect to a VPN server in a different country, you'll virtually appear to be in that country.

This can be super handy for accessing content that is restricted either in or to a specific region, for example restricted social media sites or the regional catalogs of different streaming platforms.

In short, a VPN encrypts your traffic – making it impossible for anyone else to understand – and changes your IP address – which hides your real location.

What does a VPN do?

There are a lot of VPNs available on the market, but they all work in basically the same way.

As I mentioned earlier, VPNs create an end-to-end encrypted tunnel between your device and a VPN server. This routes your traffic away from your ISP's servers and through the VPN's instead.

So, any web traffic that is sent through this tunnel whether from or to your device is protected by this encryption. Your IP address is also masked by this tunnel, and you're assigned an IP address from the VPN server you connect to, instead.

This means that cybercriminals, government agencies, your ISP, and other nosy third parties won’t be able to intercept your personal data, track what you're doing online, or determine your location.

As a result of this, when you connect to a VPN server in a different country, your IP address will make it appear that you are physically within that country. Some sites (for example, streaming platforms) have worked out which IP addresses belong to VPN services, however, and will block these IP addresses to prevent access via VPNs.

However, with the help of one of the best streaming VPNs, you'll still be able to access streaming sites. This means you can watch content from across the globe, or still watch content from your home turf when you're abroad.

What is VPN encryption?

One of the most important functions of VPNs is their ability to encrypt personal data and web traffic. Using encryption technologies, VPNs ensure that credit card numbers, passwords, messages, transaction history, browsing data, and other sensitive information travels through an encrypted tunnel in undecipherable code.

How does this work in practical terms? Well, if you log into your email account, the request will be communicated to the VPN service. After establishing a connection between your device and the VPN server, the VPN then sends your login request to the VPN server through an encrypted tunnel.

Once your request lands on the VPN server, it sends the data to your email provider's server, still encrypted. The email grants the request and returns the data back to the VPN server. At this point, the VPN server also re-encrypts the data and sends it to the VPN service, where the data is deciphered and passed on, finally, to your device. It's sort of like a digital relay race – and your data is the baton.

This might seem like a long and complicated ordeal, especially as your data is encrypted and decrypted at every step of the process, but Surfshark points out that every step "happens in a second" – and sometimes "in a fraction of a second" if you have a fast internet connection. Plus, the majority of VPNs, including the most secure VPNs, use AES-256 encryption, one of the most robust encryption methods available.

What are VPN protocols?

Another important piece of the VPN puzzle are the protocols. Essentially, they're commands and processes that decide how web traffic travels from one server to another within an encrypted tunnel.

There are lots of VPN protocols out there, but the most common are:

• Secure Sockets Layer (SSL)
• Transport Layer Security (TLS)
• Point-to-Point Tunneling Protocol (PPTP)
• IP Security (IPSec)
• Internet Key Exchange (IKEv1 or IKEv2)
• Layer 2 Tunneling Protocol (L2TP)
• WireGuard
• OpenVPN

VPN services are constantly evolving, though, and protocols become outdated as quickly as new ones enter the picture.

NordVPN believes every protocol is imperfect, explaining that "each may have potential vulnerabilities, documented or yet to be discovered, that may or may not compromise your security".

Most of today's top VPN providers use OpenVPN and WireGuard as their protocols of choice as they’re highly secure and generally pretty fast.

VPNs allow users to switch protocols, too – so, if you prefer one over the other, it's not a problem. All you'll need to do is head into the settings menu of your VPN app and make your choice.

Being aware of these different protocols is important because they often determine the overall speed, security, and privacy of your VPN service. Using an outdated VPN protocol could put your data at risk.

Basically, OpenVPN, WireGuard, and proprietary protocols like ExpressVPN's LightWay and LightWay Turbo, Hotspot Shield's Catapult Hydra, and NordVPN's NordWhisper are widely regarded as safe, with IKEv2 also being used by the best mobile VPN apps.

Other protocols have their uses, sure, but if you're using a modern VPN (and you want the best balance of speed and security), you'll want to stick with these tried and tested options.

How do VPNs unblock streaming sites?

VPNs can do way more than just encrypt your data, however. With the help of one of the best Netflix VPNs, you'll also be able to access all sorts of streaming libraries and their region-locked libraries, without being hampered by pesky geo-restrictions.

The how is pretty straightforward. Most premium VPNs have thousands of servers dotted across the globe. Take your pick of these servers, connect to one, and you'll be given a new IP address based in that same location. This is what fools sites into thinking you're there, too, and means you’ll be able to access country-specific services.

For example, if you're in the UK and want to check out what’s on US Netflix, you'll need to connect to a VPN server in the US. Then, reload Netflix, and the site will see that you're connecting from a US IP address and think you're in the States, too. You'll be served up all the best American Netflix content on a platter – simple.

How do VPNs keep me safer online?

So, a VPN boosts your security when you're online by encrypting the data you send, keeping it safe from prying eyes. Your ISP can see that you're connected to a VPN (or, at least, that you’re connected to an encrypted server somewhere), but the data traveling through its systems will be encrypted, so the ISP won't be able to make any sense of it.

As a result, your ISP won't be able to leverage your data for its own ends – like selling it on to advertisers or giving up details to authorities if requested.

VPNs can also keep you safe when using unsecure public Wi-Fi hotspots – the kind you find in hotels, cafes, and airports. These hotspots are handy, sure, but they lack security measures, making them hotbeds of cybercriminal activity. With a VPN, though, your data will remain encrypted and unreadable to anyone trying to get their hands on it.

Are VPNs illegal?

The short answer is: no. VPNs are perfectly legal in the vast majority of countries – but there are a few exceptions.

Some countries have banned VPNs, with China being the obvious example, although it's unclear how this might be enforced. For example, there are no reports of any visitor being arrested for using a VPN in China, even though they are illegal there.

Another thing to keep in mind is the fact that any activities that are illegal when you’re not using a VPN are still illegal when you are.

What can’t a VPN hide?

A VPN can keep your internet traffic safe from snoopers, but there are a few things that it can’t disguise entirely – like the device you're using. Sites can use browser fingerprinting to collect data about your operating system and browser type to pinpoint your device type.

What's more, your VPN provider itself can, potentially, see what you're up to when you use the service. Some services log your activity – which, obviously, is less than ideal. To avoid this, you'll need to choose a secure VPN that with an audited no-logs policy which prevents it from holding on to information about your browsing.

How do sites know I’m using a VPN?

The IP addresses that a VPN gives you, when you connect to one of its servers, are shared amongst its user base. That means that you could, in theory, be assigned the same IP address as someone else.

The shared nature of these addresses means that some sites have recognized that users with these IP addresses are using a VPN. By blocking the IP address, they functionally block VPN use.

However, many VPNs are also aware of this and so have come up with their own ways of getting around these blocks, like rotating IP addresses.

We test and review VPN services in the context of legal recreational uses. For example:1. Accessing a service from another country (subject to the terms and conditions of that service).2. Protecting your online security and strengthening your online privacy when abroad.We do not support or condone the illegal or malicious use of VPN services. Consuming pirated content that is paid-for is neither endorsed nor approved by Future Publishing.