When you connect to the Internet from home you are probably using a service from your local telecommunications provider. You will have a modem/router of some sort and probably Wi-Fi. Your desktop is linked up to the router via Ethernet and your laptop and smartphone over Wi-Fi. There are of course many variations on this setup, however the principle ideas are the same. Even if you are connecting to the Internet using a data plan from your carrier, the concepts are very similar. The part of the network which is in your house, before the modem, is a your local network. Beyond your modem is the Internet.
Whenever you do something Internet related, like opening a web page, the data travels from your computer over the local setup out to the phone company. From there it heads out into the wild west that is the Internet and it eventually arrives at the relevant web server. The web server sends back the web page (as HTML etc) which flies back over the Internet, it arrives at your telco and eventually makes its way back to your modem and back into your computer. Since you are loading a web page this process is repeated dozens of times as the images are downloaded etc.
For all this data to buzz about on the Internet each block of data (known as a packet) needs to have some addressing information: where is it going and where did it come from. There are several different layers of addresses depending where the data packet is on its journey, however at the highest level there is an address known as an IP address.
You have probably seen them. IP addresses are made up of four numbers less than 256 with a dot between them, say 10.2.18.67 or 18.104.22.168. The IP address is used to route the data back and forth from your computer to the web server. Now the thing about IP addresses are that they are 1) visible to every piece of equipment that deals with your network traffic, 2) assigned in blocks.
What this means is that your modem, your phone company, the routers which send the data across the Internet and the web server all need to know your IP address. But because IP addresses are assigned in blocks it also means that the information about your phone company and which blocks it owns are in a big database somewhere. There are some other things going on as well, but the upshot is that whenever you connect to a web server, the web server knows your IP address and it can also work out your location. The web server will probably also log your IP address, normally for traffic analysis, and probably only temporarily as the log will be deleted or archived after a month. However your IP address is being logged.
Gary Explains series:
Most of the time this isn’t a problem. The fact that someone connected to Facebook isn’t going to cause any problems for anyone. But what if I wanted to read a webpage about something a bit more sensitive, about a disease or an emotional problem, or about a subject that is taboo in the country or culture where I live? Now all of a sudden the idea of a bit of privacy is more important.
Then there is the issue of public Wi-Fi hotspots. So I am sitting in my local coffee shop and I have connected to the free Wi-Fi. However many of these free Wi-Fi hotspots are completely open without any encryption. You have no guarantee about the equipment provided by the coffee shop or about any snooping they could be doing. But worse, it is actually very easy for another person connected to the same Wi-Fi to capture all the packets that are being sent over this open, encrypted connection. Pulling out password and capturing a list of websites and services that you are using is very easy. Plus there is the problem of fake rogue Wi-Fi hotspots, setup just to steal your info. Hey, look, the coffee shop now has free Wi-Fi, it didn’t last week, they must have upgraded… great! Or is it some hacker just setting up a honey pot to capture you unawares?
So, you should never, never, never do anything like access online banking or PayPal when connected to public Wi-Fi… Never!
There is also another problem. Some content is blocked in certain countries, either for political reasons or for business reasons. A benign example might be if I am traveling on a business trip outside of my normal country of residence and I want to watch TV from my home country. Most of the time this won’t be possible as the catch-up service (like the BBC iPlayer) will tell me that the content isn’t available outside of the UK. This is also true of services like Hulu, Netflix, and Amazon Video.
So basically the IP address used is that of the point where your data enters the Internet, normally the address assigned to your modem via your service provider. What a VPN does is it allows your data to go over an encrypted connection from your house (or smartphone) to another point on the Internet, probably in another country, and then make its way onto the public Internet. Like a rabbit diving down a hole which leads to another exit somewhere else.
The upshot of this encrypted connection is that your data has the IP address that is assigned to the other end of the tunnel, not your home. That means that when you connect to a web server the IP address seen by the server is that of the VPN endpoint, not your home IP address. So now if you access a sensitive site then your IP address and location are not exposed. Also if you are travelling you can connect to a VPN endpoint in your home country and access content as if you were at home.
There is also another surprising benefit. Some online services charge different amounts depending on your location. Personally I have bought stuff cheaper by connecting via a VPN to convince the online service than I am in the USA and not in Europe. This also applies to airfares. Express VPN did a study which shows that there are big pricing differences when buying tickets online depending on your location.
How does it work?
The first thing you need to do to use a VPN is find a VPN provider. Personally I would recommend Express VPN, however there are lots of choices out there. Once you have signed up you will get access to some login information including your credentials (username/password) and a list of servers. The servers will be dotted around the world and you need to pick which servers to use, according to your needs.
Depending on the service provider you will either need to setup the VPN manually or use a program/app. Express VPN has an Android app which automates the whole process, but you can also set it up manually. Your VPN service provider will have step-by-step instructions, but basically on Android you tap on More… under the Wireless & Networks section of the Settings, the tap VPN and then add a new VPN. Enter the server details along with your username and password and you are all set. VPNs aren’t limited to just Android, you can use them from Windows, OS X, Linux, Chrome OS and so on.
When using public Wi-Fi hotspots all your data is sent unencrypted to the router which means that anyone in the area can capture your data.
Once you have a VPN configured you need to connect to it. You can do that on the same VPN page in the Settings (or use your providers dedicated app if it has one). What happens now is that your smartphone will make an encrypted connection to the VPN server in whichever country you picked. Now all your Internet traffic (including DNS lookups) will go down this encrypted tunnel before it hits the public Internet. When it exits the tunnel and travels on further it will be baring the IP address of the VPN server and not your IP address. When data comes back it heads first to the server and then the server sends it back to you along that encrypted tunnel.
If you are wondering, yes, the data still needs to go over your Wi-Fi to your router/modem and then to your phone company. But now all that data is encrypted and it isn’t decrypted until it hits the VPN server. This way your local telco can’t see what you are accessing, neither can any government or state institution.
Also if you are using a free, open public Wi-Fi hotspot, when using a VPN all your data (including what is being sent over the Wi-Fi to the coffee shop’s Wi-Fi router) is now encrypted. Anyone with a laptop trying to capture passwords and web site information will only capture encrypted data!
Any negative aspects?
VPNs are a great solution to the privacy issues I have outlined, however VPNs aren’t a perfect solution, there are a few negative aspects. First of all speed. Since you are intentionally sending your data half-way around the world before it even gets a chance to head off toward the right server then VPN connection speeds will be slower than your normal, non-VPN connection. Also your VPN provider will only have a certain amount of resources. If the VPN server is overloaded, because there are too many clients and not enough servers, then connections speeds will drop. The same is true for server bandwidth.
Secondly, VPN connections can drop unexpectedly (for a whole variety of reasons) and if you didn’t notice that the VPN is no longer active you might keep using the Internet thinking your privacy is safe, but it isn’t.
Thirdly, the use of VPNs is outlawed in some countries, precisely because they offer anonymity, privacy, and encryption.
Lastly, some online services have a system to detect the use of VPNs and if they think someone is connecting via a VPN they can block access. For example, Netflix has made a lot of noise about blocking VPN users.
So, in short. Whenever you use the Internet your IP address is known and probably logged. The IP can also reveal information about your location. If issued with a warrant of some kind then your Internet service provider can match your IP address directly to you. Also when using public Wi-Fi hotspots all your data is sent unencrypted to the router which means that anyone in the area can capture your data and steal things like passwords and the websites you visited while connected. Plus there is the issue of services which block content depending your current location.
VPNs provide a way to encrypt the first part of your Internet connection, while at the same time masking your IP address and location. The result is an increase in privacy and protection, plus the ability to unblock geofenced content. VPNs aren’t needed all the time, however there are moments when they are essential.