I am sure you have heard various radio hosts hawking something called a VPN, or Virtual Private Network. Maybe you have heard about VPNs from a friend; in any case, VPNs have become a hot topic. They are certainly useful, but there are some misconceptions (some even propagated by VPN operators themselves) about what a VPN can and can’t do for you. Here’s an overview of how VPNs work and what they actually do for your privacy.
So what IS a VPN, anyway? Why would you want to use one? The simple explanation: it’s a way to protect data “in-flight” while it moves from your computer to some other computer (website or e-mail server, usually) and vice versa. They have the added benefit of obscuring your home IP address, which is one way websites track your activity; all of the traffic from your computer goes to the VPN operator’s routers, where they then exit the VPN and continue on to a website or e-mail service. It’s important to note that this last hop, from the VPN to the website, is NOT protected by the VPN’s encryption. Typically, you’ll also use the VPN operators Domain Name System (DNS) servers to find websites, which means your Internet Service Provider (ISP) can’t see what sites you’re visiting and how long you’re spending on them. So: if you want to mask your physical location, VPNs are great. The website you’re accessing thinks you are coming from Europe, or the Midwest, or somewhere thousands of miles away from where your ISP would typically connect to the Internet. Your ISP also won’t be able to tell where you’re going.
VPNs are not magical. They don’t make you “invisible” on the Internet, and they don’t do anything at all to prevent your information from being stored and potentially leaked by websites themselves; those websites can still use things like cookies (little text files stored on your computer that track certain information like website passwords, browsing history, and so forth) and other methods to uniquely identify your computer. Any information you provide to the website is still wide open for the website operator to see and use as they see fit. VPNs also do nothing to protect you from malicious websites or so-called “watering hole” attacks (“watering holes” are websites that are set up specifically to steal your information when you visit them, much like crocodiles lying in wait for zebras to come to an actual watering hole). And finally, VPNs only protect your data with encryption up to the point where your data has to leave their network to get to a public website; from that point on it’s exposed just like it would have been from your home ISP router.
So, while VPNs do serve a valuable purpose they are not fool-proof ways to become invisible or completely untrackable on the Internet. If masking your physical location and hiding your website activity from your ISP is important, a VPN will do that for you. If you’re looking for a way to completely secure your browsing end-to-end then a VPN is probably not going to do what you think it will do.