What Is a VPN? How It Works

One Sentence Summary

An Analogy

Imagine mailing a letter from a public library. Normally, you hand it to a mail carrier and anyone could peek at it along the way. With a VPN, you lock the letter in a safe, have the mail carrier take the safe to a secret address in another city, and someone there opens the safe and mails the letter for you. The recipient only sees that the letter came from the secret address, not your real location.

How a VPN Actually Works

When you turn on a VPN and connect to a server, your device and the VPN server establish an encrypted connection — a "VPN tunnel." From that point on, every bit of internet traffic — browser requests, app data, downloads — travels through this encrypted tunnel to the VPN server first, then the server forwards it to the destination website.

What this means in practice:

1. Your ISP can't see what you do: They only see you connected to a VPN server, not which sites you visit.
2. Websites see the VPN server's IP, not yours: Your real location stays hidden.
3. Hackers on public WiFi can't intercept your data: All they see is encrypted gibberish.

Key VPN Concepts

Encryption

A VPN scrambles all your data into unreadable ciphertext. Only your device and the VPN server know how to decode it. Modern VPNs use AES-256 encryption — the same standard used by militaries and banks. Brute-forcing AES-256 with all the world's supercomputers combined would take billions of years.

VPN Protocols

The protocol determines how the encrypted tunnel is built and directly affects speed and security:

• WireGuard: The newest, fastest, leanest protocol. Current industry standard.
• OpenVPN: Battle-tested veteran. Reliable, open-source, and widely trusted.
• IKEv2: Excellent for mobile — seamlessly switches between WiFi and cellular.
• Lightway (ExpressVPN proprietary): Built for speed, ultra-lightweight and efficient.
• NordLynx (NordVPN's WireGuard variant): WireGuard optimized for speed and privacy.

No-Logs Policy

This is the most critical factor when choosing a VPN. A no-logs policy means the VPN company does not record who you are, when you connected, what websites you visited, or what files you downloaded. If a VPN keeps logs, your privacy isn't safe. The most trustworthy no-logs policies are verified by independent third-party audits.

Kill Switch

If your VPN connection unexpectedly drops, a kill switch instantly cuts your internet access, preventing your real IP from leaking even for a split second. Essential for anyone who needs absolute privacy.

What a VPN Can Do

1. Protect your privacy: Stop ISPs, governments, and advertisers from tracking your online behavior.
2. Unblock geo-restricted content: Access region-locked Netflix, Disney+, BBC iPlayer, and more.
3. Secure public WiFi: Encrypt your connection at coffee shops, airports, and hotels.
4. Prevent ISP throttling: Your ISP can't slow down specific traffic types if they can't see what you're doing.
5. Remote work: Securely connect to your company's internal network.
6. Find better deals online: Switch IPs to different countries to compare prices on flights, hotels, and software.

What a VPN Can't Do

1. Can't make you fully anonymous: A VPN hides your IP, but logged-in accounts (Google, Facebook) still identify you.
2. Can't stop viruses: VPNs encrypt connections but don't block malware. You still need antivirus software.
3. Can't bypass all censorship: Countries like China use deep packet inspection that may still detect and block VPN traffic.

Free VPN vs Paid VPN

Free VPNs sound appealing, but remember: running servers costs money. Free VPNs have to make money somehow. Most do it by collecting your browsing data and selling it to advertisers — which is exactly what you're trying to prevent by using a VPN.

Paid VPNs run on subscription revenue and don't need to sell your data. Plus, their speeds, server selection, and support quality are incomparably better. The one exception is Proton VPN's free plan — it's subsidized by paying users and doesn't sell data.