How a VPN Works

i'm jake o'neil

creator of animagraphs

and this is how a vpn or virtual private

network works

this video is made possible by nordvpn

who graciously agreed to my request for

full control over the research and

visuals

to start

let's look at what normally happens the

moment you request content from your

device your device and every connected

device in your home

has its own unique address on your local

network it's a special number called an

ip or internet protocol address

when you ask for content on your device

that request is sent to your wi-fi

router as a little packet of data with

identifying info about which device made

the request what content they're asking

for and more

your wi-fi router hides local device ips

under its own address

but remembers which device sent the

request

it sends this freshly wrapped packet

along to your modem which is your

connection to the outside world

the packet goes from the modem to your

isp or internet service provider's

closest connection point

your isp updates the packet again giving

it an ip address on their network this

address is visible to the whole internet

and it locates you to a general area of

internet service where you live

sometimes within a block or two

the content you're looking for is a file

or files on a specific server somewhere

in the world that server has an ip

address too and it's your isp's job to

find it

and route your requested content back to

you but companies don't just have one

server they can have thousands of

servers all over the world duplicating

and balancing content to all of them at

once dynamic name servers take the easy

website or app names we use

and link them to tons of possible server

i p addresses to find the closest one to

you this is called dns lookup

your isp sees and records this whole

process keeping detailed logs of

requests you make

ips they assigned to you

and what sites you connect to

so what can't your isp normally see

once your request arrives at the right

server and if that server is using https

as indicated by the little padlock in

your address bar packets exchanged

between you and that server are

encrypted

meaning scrambled so no one in between

can read it

you and the site have exchanged secret

keys and can decrypt or unscramble this

data as you send packets back and forth

enter the vpn or virtual private network

you've signed up for a vpn and set up

their software on your device let's see

how that changes things for you

there are infinite ways to configure and

use a vpn but let's go with the setup in

which you've asked your vpn to handle

all your data the vpn software encrypts

your data before it leaves your device

it's already scrambled when it hits your

wi-fi router your isp still carries this

scrambled data from your home to its

servers but the next connection point is

your vpn's server network from here on

out the vpn handles the rest of the dns

lookup process much like before but with

some crucial differences

your vpn does not keep logs on which

local ip address they assigned to you

it's hidden from the server you

eventually connect to instead that

website or app just sees some random ip

address from one of your vpn servers

your vpn does not keep logs on what

sites you connect to or what you do

there the entire path from your device

to your destination is encrypted and

your activity isn't recorded

useful scenarios

let's look at how using a vpn might be

really useful for you

secure connection

all your data is encrypted before it

leaves your device wi-fi connection

points can be unsafe for example when

traveling or at a coffee shop

a honeypot attack is when someone sets

up a convenient wi-fi connection with

the intent to secretly intercept all

data going through it sure the https

encryption on specific sites might keep

some of your data safe even so but

there's no way to know for sure how much

info someone could get about you this

way

privacy

your internet service provider can see

scrambled data going to some ip address

and might know it's a vpn server your

isp can see the times you connect to

your vpn and how much overall data flows

through that connection they don't know

anything else about your activity

isps have a terrible track record for

privacy

even with https connections the general

routing info on packets called metadata

can be collected and used against you

for example to send dmca notices about

transferring data from servers with

suspected copyrighted content

isps have been known to throttle

connection speeds based on your activity

or they may sell your metadata or any

other data they can collect about you to

marketers a vpn can help prevent these

unwanted intrusions

bypassing blocks

some countries have aggressive firewalls

to block or sensor content not just

accessing websites but also sending

sensitive files from your device to

somewhere else vpn encrypted data may

help bypass these blocks

some content is location restricted

meaning the server doesn't allow

connections outside a specific

geographic location large vpn providers

have servers all over the world and let

you choose where you'd like to appear to

be from to bypass these location

restrictions

limitations

now let's look at what a vpn might not

be able to do for you

logs

first and foremost if a vpn is keeping

logs of your data and activity that

information can be forcefully obtained a

shoddy vpn service isn't much better

than your isp

it's a question of who you trust more to

handle your info

vpn legality and blocking in some

countries even using a vpn at all is

illegal and they may go to great lengths

to block entire ranges of vpn ip

addresses

going with the vpn that has lots of

available servers that are updated

regularly

might help stay ahead of things here

some vpns offer obfuscated servers that

further remove identifying info from

packets so the data is less likely to be

identified as vpn traffic but at a

possible cost in performance

privacy versus anonymity

a useful generalization is that vpns are

good at privacy but may not give you

anonymity if you log into your accounts

while using a vpn they might not know

where you are but they do know who you

are even if you're not logged in a site

might do what's called browser

fingerprinting which is accessing unique

details about your device like fonts

installed browser or os version device

type etc and use those unique traits to

link a device to your identity

deep packet inspection

some networks might be subject to deep

packet inspection where automated

software searches packets for specific

info even with encryption there's

speculation that deep packet inspection

can still see what data seems to look

like this is comparable to a wrapped

gift with a telltale shape

opsec

to combat these limitations you might

adopt new behaviors to keep public and

private activities separate some vpns

allow split tunneling which means you

can choose what traffic goes over the

vpn and what does not

conclusion

on the whole if a few bucks a month lets

you access your favorite british tv

shows more confidently use the free

wi-fi at that cd hostel download the

office or stop giving your valuable data

away to unscrupulous isps and marketers

for free a vpn is a great choice on the

other hand if you're going the

international spy route and need

hardcore identity sterilization to

combat a hostile nation state a vpn is

probably not your only solution