How a VPN Works 2022-11-25 (此文章只提供英文版本 / This Article only provide English Version) VPN means virtual private network but how does it work? What does this virtual word mean? So to answer all of these curiosities you first have to understand how our network or internet works. IP Address Let's take a look at what happens typically the moment you request content from your phone or computer. Every connected device in your home, usually devices that need to be connected to the internet, this including your smartphones, tablet, smart TV, and smart refrigerator. Every one of these devices has its own unique address on your local network. It's a special number or unique string of characters called IP (Internet protocol address) that identifies each device using the Internet. Packet When you ask for content, that request is sent over to your wi-fi router as a little packet of data with identifying information about which device made the request, and what content it requests, together with the address of the requested content so the data arrives where it’s supposed to. Your wi-fi router hides the local device IPs under its own address but remembers which device sent the request. It's wrapped packet along to your modem which then connects to the internet via your ISP (internet service provider). ISP The packet goes from the modem to the nearest ISP or internet service provider connection point. Here your ISP updates the packet again, this time it gives an IP address on their network and it's an address of a general area where internet service is in your neighborhood. This address by the way is visible to the whole internet DNS The content your device is looking for is a file on a server located somewhere in the world. That specific server has an IP address as well. It has to be found to retrieve the content back to you. It's the ISP's job to handle this for you. But companies that serve the content can have thousands of servers around the world. This is where DNS or Dynamic name servers take the website domain (example.com) you use and link it to the possible IP addresses to find the closest server to you. What The DNS does is called DNS lookup which links the domain (example.com) to actually server IP addresses. ISP logs So your ISP then will record this domain (example.com) and its IP address and keeps this record in detailed logs along with all the requests you've made before. So what your ISP can't see? Once your request arrives on the server and if that server using HTTPS as you can see in your address bar, the packet exchanged between you and that server is encrypted. Meaning no one in between can read it. You and the site have exchanged secret keys so the data can be decrypted as you send packets back and forth. With this method, you're the only one who can read the data. VPN Now the function of a VPN or virtual private network is to secure the data during this back-and-forth process. Once you've signed up for a VPN and installed their app on your device. The process is a bit different from the very beginning. Let's see how a VPN secures your data. In order to secure each data packet VPN wraps it in an outer packet and then is encrypted via an encapsulation. Your Data is already encrypted when it got through your wi-fi router > modem > ISP. But the next connection point is your VPN's server network. From here on the VPN handles the rest of the DNS lookup process. Your VPN server doesn't keep logs of the local IP address they assigned to you. It's hidden from the server you connect to. Instead, that website or app just sees some random IP address from one of your VPN servers. Your VPN service doesn't keep logs on what sites you connect to or what you do there. The entire path from your device to your destination is encrypted and your activity is not recorded. This is the core element of the VPN tunnel, keeping the data safe during the transfer. VPN use cases Public wi-fi Public hotspots in airports, hotels, or coffee shops can be unsafe when traveling. We should know public wifi is inherently unsecured. Someone can set up a convenient wi-fi connection and pretends it belongs to the airport with the intent to secretly intercept all data going through it. The sites that you visit might have HTTPS encryption to keep some of your data safe, but there's no way for sure how much info they could get. Privacy Your ISP or internet service provider can see encrypted data passing through its server to some IP address and might know it's a VPN server. With a VPN your ISP can see: - When you connect to the VPN server (timestamps) - How much data flows through that connection Without a VPN your ISP can see: - Your Packet metadata (source and destination) - IP address - GPS location - Connection duration Even with HTTPS connections, metadata can be collected and used against you. Someone may use this access to track our online activities. IPS may sell your metadata or any other data they can collect about you to other third parties. Bypassing blocks Some websites you request are location-restricted, meaning the server doesn't allow connections from outside a specific geographic location. VPN providers have servers all over the world and let you choose where you would like to appear to be to bypass these location restrictions. VPN Limitation It's a question of who you trust more to handle your data and secure your privacy. A poor-quality VPN is not much better than your ISP. If a VPN is keeping data or logs and activity that information could be obtained. VPN legality and blocking In some countries, VPN services are illegal to operate. They will try to block all sorts of VPN addresses. VPN services that have a lot of available servers that are updated regularly might be able to bypass this roadblock. Some VPN services offer servers to confuse the authorities that remove identifying info from packets so the data is less likely to be identified as VPN traffic but it cost the speed performance. Privacy vs anonymity When you are using a VPN they might not be able to know where you are but they do actually know who you are. A site might do what is called browser fingerprinting which read the detail about your device like when it's making the request: - Browser and OS version you use - fonts installed - device type - Active plugins - Time zone - Language - Screen resolution and various other active settings They use the information that browsers provide to identify unique users and track their online behavior. Deep packet inspection This happens when a network might be subject to be inspected in detail. Deep packet inspection is when automated software investigates packets coming from your device for specific information even with encryption. Some speculation says they still see what the required data look like. Operational security To combat these limitations, you may try to manage the inevitable risk by keeping public and private activities separate. Some VPN service providers have split tunneling features which means you can choose what traffic goes over the VPN and what does not. Conclusion VPN is a super great tool with just a few dollars a month you can watch your favorite sports or tv shows anywhere, use public wi-fi at the airport, and stop giving your data away to your dishonest ISP. However, a VPN is not enough and not the only solution if you're going to use it to get hardcore identity sterilization against a hostile party. Writer: Shakir Roslan Source: Shakiroslann (This article is authorized by Shakir Roslan to repost)