To help us provide you with free impartial advice, we may earn a commission if you buy through links on our site. Learn more

How does a VPN work?

Ever wondered how these handy cyber tools work? Read on to find out

A virtual private network (VPN) is a handy tool that can cover your tracks while online and allow you to get around some sites’ regional restrictions. While you may already know what a VPN is, in this article we’ll go over how they work.

Simply put, a VPN reroutes your internet connection via a remote server operated by the VPN provider. This makes it seem like you’re browsing from somewhere other than your actual location. And since all communications between you and the server are encrypted, your ISP can’t see what you’re doing. The result is a connection that conceals your real location and protects your personal information.

The benefits of this may be obvious but there are strengths and weaknesses to a VPN setup that you should be aware of. Let’s take a closer look at how VPNs work and see when they’re the right tool and when you need to use something else.

VPN basics

To understand what a VPN does, let’s think first about how internet connections normally work. In order to read an article such as this one, your computer sends a request to a server belonging to your internet service provider (ISP). That server in turn relays the request to the Expert Reviews server, which sends back the data for this page.

When using a VPN, an extra step is introduced. Your computer asks the ISP to connect to the VPN server, which then in turn forwards your request to the site you want. The Expert Reviews server sees the request as originating from the server’s IP address, rather than your own.

This has two effects. First, it makes you appear as if you’re located somewhere else in the world, which is great if you’re trying to get past geographical restrictions. For example, using a VPN can allow you to access your bank from abroad, or to check out Netflix’s different regional libraries.

Browsing via a secure VPN server also makes it a lot harder for sites and companies to track you online. Many methods used to keep an eye on you use your IP address as an identifier, so when you connect from a different one it throws them off. That said, there are other means by which they can still track you, which we’ll talk about further down.

Encryption and protocols

Rerouting your connection is only part of what a VPN does. The VPN software on your computer uses strong encryption to garble your outbound data packets, which the remote VPN server can then ungarble and pass forward to their destination. The encryption prevents your ISP, sitting in the middle of the transaction, from seeing that eventual destination is. This type of connection is sometimes called a VPN tunnel because, as with a tunnel through a mountain, anybody watching your connection can see you going into it, but they can’t see where you come out or what you do while inside.

As for what type of encryption is used, you’ll often see VPN sites advertise that they use something along the lines of “military-grade encryption”. This is just a fancy way of saying that they use the same encryption type that most militaries do, called AES-256. It’s extremely strong, but there are plenty of alternatives, like AES-128 or Blowfish, that work just as well for our purposes.

This encryption is what puts the “private” into “virtual private network”. Plenty of internet systems can route traffic around, but the encryption enables a VPN to do things other programs can’t, such as getting past censorship blocks such as those set up by China, or evading detection by more persistent trackers.

VPN protocols

More important than the encryption on offer is the question of which protocols your VPN uses. The details can get technically complicated, but simply put, a protocol is a set of rules that governs how devices talk to each other. In the case of VPNs, the protocol determines which encryption methods are to be used, as well as a few other things that have an impact on performance.

We generally recommend OpenVPN, as it delivers strong security and decent speeds. However, there are some alternatives worth considering, notably one called Wireguard. Some of the best VPNs use custom protocols, like NordVPN’s NordLynx or ExpressVPN’s Lightway.

What a VPN can’t do

A VPN can magically transport you to wherever you need to be, while also securing your connection – but there are some important downsides to using a VPN that the providers won’t always tell you about.

One of the biggest issues is that a VPN slows down your internet connection – quite badly in some cases. The further away your chosen server is, the greater the slowdown is likely to be. The best VPNs like ExpressVPN and NordVPN might only slow things down by around 10% when connected to a server in the USA, but the effect can still be noticeable, especially on a slower internet connection.

And while VPNs can block some tracking methods, plenty of ways remain for sites to see what you’re doing online. For example, browser cookies can still be used to see what you’re up to, VPN or not, as can a technique called browser fingerprinting, which profiles your browser configuration mand surfing habits to create a unique profile of you. Incognito mode (also called private browsing) is a better defence than a VPN against measures like these.

Despite these limitations, VPNs help a lot more than they hurt, for both privacy protection and location spoofing. If that sounds good to you, check out our full reviews of all the major VPN packages, including our top picks NordVPN and ExpressVPN. Good luck, and stay safe out there!

Read more