VPN stands for Virtual Private Network, and as the name suggests, it’s designed to give you privacy online, as well as a much greater level of security than you’d normally have.
How does a VPN work to achieve all this? That’s what we’ll look at here. And while on the face of it, the inner workings of a VPN may seem rather complex and difficult to fathom, we’ll break it all down into easily understandable chunks.
We’ll also anticipate the most common questions you may have about how a VPN works pertaining to specific scenarios like streaming otherwise blocked content, providing some suitably crisp and concise answers on a range of topics. Let’s forge on with the jargon-busting, then, starting with a quick overarching explainer...
Our #1 top rated VPN is ExpressVPN (opens in new tab)
Of the 200+ VPNs that we've tested, it's ExpressVPN (opens in new tab) that tops the lot - it's speedy, secure, simple to use and superb for streaming! And if you're still not sure whether VPNs are for you, you can try ExpressVPN 100% risk free by taking advantage of its 30-day money back guarantee.
How does a VPN work... in 30 seconds
When online, you’re constantly sending out data (making requests – say, for a web page) from your device, and receiving data back (in our example, the content of said web page).
This raw data can be seen by your Internet Service Provider (ISP), or perhaps other parties if they intercept it at some point during the journey.
A VPN app encrypts the data as it leaves your system, sending it to one of the VPN firm’s servers around the globe before it heads out onto the internet. Because the data is now encoded – scrambled – it’s unintelligible and can’t be exploited by ISPs or other snooping parties.
A second benefit is that the VPN server effectively becomes the origin of your internet traffic, meaning your location appears to be where that server (computer) is based – and not your actual location at home. So, you get not just security, but also anonymity with a VPN (and other location-based perks).
Servers, encrypted tunnels and protocols
Let’s look at the above briefly described process in more detail. A VPN provider will have a bunch of servers worldwide (in some cases, like the famed NordVPN, over 5,000 of them). In simple terms, these servers are computers located somewhere around the globe which are running the VPN company’s software, and when you’re using a VPN, you are also running the VPN provider’s app or client on your machine.
The client app lets you choose one of these many VPN servers, and then sends your data to that server down what is commonly referred to as an encrypted tunnel. This simply refers to the secure connection created between your device and the VPN server, or more specifically, the two pieces of software running on them – the client app and server software.
This tunnel or connection is secure because the VPN app encrypts your data before it leaves your machine, and it remains encrypted on the journey down the tunnel to the VPN server. When the server receives that data, the software on it can decrypt it, and the data can then be directed onwards to its destination on the internet.
As well as the security granted by encryption, the traffic appears to come from the VPN server, so it’s as if you were using this computer yourself. There are many possible benefits in this, for example, accessing streaming services not normally available in your home country – we’ll discuss this in more depth later. Regimes imposing censorship on citizens and blocking content, services or websites can also be got around with a VPN because your computer will no longer appear to be in your home nation, but elsewhere; therefore it won’t be censored.
Do note that a heavy-handed regime (or indeed your ISP) could be able to detect that your device is connected to a VPN, but won’t be able to snoop on any of the traffic heading out to the VPN server – to find out what you’re doing online – because the data is encrypted, and that encryption is so strong, it can’t (realistically) be broken.
If you’ve heard VPN protocols mentioned before, and wondered what these are, they are the forms of encryption employed by VPNs, which come in various guises. OpenVPN is one of the most common protocols used, providing security in spades, but there are several others, including the newer WireGuard protocol. And now the likes of ExpressVPN, NordVPN and Hotspot Shield are all bringing their own proprietary protocols to the table.
How does a VPN work - a simple analogy
OK! For those who might benefit from an analogy to illustrate and further clarify how a VPN works, here’s a quick one – but bear in mind that this is a very much simplified explanation of what we’ve just gone over, in an effort to try and make the basics as crystal-clear as possible.
Let’s imagine that you write some ‘data’ on a postcard and send it out to a recipient elsewhere in the world (a website) from your house (computer). Normally, a nosy postman (your ISP) could read that postcard. Or someone else entirely could even get a glance and read the postcard at some point during its journey; who knows.
A VPN provides a secret key to allow your postcard to be written in code (encrypted). Anyone can still read it, but it will be nonsense – an incomprehensible soup of letters. Also, with a VPN, rather than going directly to the intended recipient, the postcard first goes to a distribution hub (VPN server). Here, the VPN has the key to decipher the code, and translates the postcard (decrypts it) so it’s readable. The postcode is then sent on to the recipient (who can read it as normal, when they get it) using one of the VPN service’s delivery agents.
The postcard is also stamped with the origin of the VPN distribution hub, and not your house or hometown – so to all intents and purposes, it’s as if the hub sent the postcard.
As mentioned, this really does oversimplify the way things work, but hopefully gives you the general gist. It may also leave you wondering the following – that while your postman (ISP) may not be able to decipher the postcard, there’s nothing stopping the data being viewed by the VPN guys, is there? That’s true, and we’ll come on to that shortly…
How does a VPN work to keep me safer online?
As we’ve seen, foremost a VPN provides security when you’re online by encrypting the data you send, keeping it safe from prying eyes like your ISP. While your ISP can see that you’re connected to a VPN (probably – or at least that you’re connected to an encrypted server somewhere), all the data flowing through its systems will be encrypted, so the ISP won’t be able to make any sense of it.
Therefore, the ISP won’t be able to leverage your data to its own purposes (potentially selling info on users to advertisers, for example – or giving up details to authorities if requested).
Furthermore, when you go online in riskier scenarios – like using public Wi-Fi at an airport or café, for example – where your data is potentially more likely to be compromised by a malicious party, again, because the data is encrypted by the VPN, you’re much safer because that party won’t gain anything from its snooping.
As well as greater security, a VPN gives you anonymity, changing your IP address (more on this in a moment) to be different from what it actually is – in other words, replacing the address of your computer with the address of the VPN server, as we’ve already discussed.
This means your online activities can’t be traced back to your device, potentially keeping you safe from invasions of your privacy, or maybe even more direct threats like targeted DDoS attacks that disrupt your internet connection. Volleys of DDoS aimed at individuals (rather than services or businesses) may be very rare, but cheating gamers aren’t beyond using something like this to sabotage a rival.
Could a VPN somehow fail to ensure my safety?
While the right VPN can be a definite asset in terms of your online safety, then, there are ways in which a VPN provider can conceivably let you down – at least in some cases.
As we just discussed, while your ISP may no longer be able to see your internet traffic when using a VPN, the VPN provider can instead see what you’re up to online – or at least that’s possible.
Again, this is why it’s important to use one of the best VPNs and well-known providers which have been around a long time, and have built a reputation as being trustworthy. Another thing to look out for is VPN firms which don’t just make privacy promises and claims, but actually have their security and ‘no logs’ procedures independently audited and verified.
A good VPN should also ensure that it guards against DNS leaks – where data about your online activities leaks out of the VPN’s encrypted tunnel – and it should use a kill switch in its app. A kill switch steps in to save your privacy and stop data being sent out unprotected if the VPN connection drops (as with any bit of software, misfires can happen if you’re unlucky).
Any well-thought-of VPN will have all this, and we do the hard work for you, scrutinizing apps and privacy policies alike in our VPN reviews to ensure that these vital features are present (or to call them out if they’re not).
How does a VPN change my IP address?
Your public IP (Internet Protocol) is the address of your device on the internet, and is the digital equivalent of the postal address of your house (if you want to know more on the subject, we’ve got a full primer on IPs and how to find yours out here).
When you use a VPN, as we’ve already seen, your device connects to one of the VPN’s computers (servers) elsewhere on the internet. In effect, your device and that server become part of a private network of sorts – a ‘virtual’ network, hence the name Virtual Private Network. To all intents and purposes, the VPN server is then seen as the origin of the data (your data) coming from this private network.
So, your real IP, the digital address of your device, is effectively hidden, and the source of the data appears to be the VPN server, which has a different IP address. In effect, that different IP now appears to be your IP address.
To summarize, then, technically this isn’t a case of ‘changing’ your IP, so much as hiding your real IP away behind the IP address of the VPN server.
How does a VPN work for streaming?
As we’ve already established, when using a VPN, you connect to one of the VPN’s computers (servers), and you appear to be that computer (you are identified by its IP address, as just discussed). Now, if that server is in a different country to you, then you’re effectively masquerading as that other computer in its physical location. This means that you can view streaming content which would otherwise be inaccessible to you because of geo-blocking.
Here’s an example: BBC iPlayer is blocked for anyone trying to access its content outside the UK. So, imagine that you are in the US and want to watch iPlayer. You can fire up your compatible BBC iPlayer VPN app, and then join a VPN server in the UK; let’s say you pick the London server. You now appear to actually be that computer situated in London, and iPlayer will work just fine as a result – it will think you’re in London, even though you’re really in the US.
Or it should do anyway – there is a caveat in that content providers like the BBC or Netflix will try to detect if a VPN is being used. Basically, they don’t want people getting around their regional restrictions, so they attempt to pinpoint VPN connections – note that they can’t see any data, but just that a VPN is being used – and then block them. Because of this, there’s a chance you may be detected as a VPN user and therefore still blocked, but broadly speaking, the best streaming VPNs use more sophisticated software and methods of avoiding detection.
Content unblocking will always be something of a cat-and-mouse game between content providers and VPN firms, with tactics and results constantly changing, but the odds are with a good VPN provider, you’ll be able to access most of what you want, much of the time.
How does a VPN work for torrenting?
This is a thornier issue because some VPNs don’t work for torrenting – at all. Some VPNs don’t support torrent users, and others may only support such P2P (peer-to-peer) file-sharing on certain VPN servers (maybe only a few them).
This could be for bandwidth reasons (with torrents typically involving large files and being bandwidth-hungry), or legal reasons (torrents are, naturally, associated with illegal downloads of copyrighted materials, whether that’s films, games or whatever).
So, the initial consideration if you want a VPN for torrenting is to pick a provider which supports them; and we’ve rounded up the best torrenting VPNs here for your convenience.
As to how the process actually works when torrenting, it’s the same as a VPN normally functions, the key parts here being that your IP address will be hidden, so actions can’t be traced back to you, and your traffic is encrypted, meaning no one can see what you’re up to online or downloading.
That all said, using a VPN doesn't make downloading pirated films, music and files any more legal. And it's not something we condone at TechRadar at all.
Is using a VPN illegal?
VPN use is perfectly legal in the vast majority of countries, but there are exceptions. Some regimes have banned VPNs, China being the obvious example that springs to mind, but even in this case, it’s unclear how this might be enforced, particularly in the case of, say, a traveler using a VPN when visiting the country. There are no reports of any visitor ever being arrested for using a VPN in China.
Another example is Russia, which hasn’t banned VPNs outright, but has outlawed their use for accessing any content blocked by the authorities. So even in these more extreme cases and countries, VPN use isn’t necessarily fully written off.