A VPN doesn’t make you invisible; it just reroutes your internet traffic through a different server, changing your apparent IP address and encrypting the data between your device and the VPN server.
Let’s see this in action. Imagine you’re trying to access a website, say example.com, without a VPN. Your request goes:
Your Device -> Your ISP -> example.com
Your ISP sees you’re going to example.com, and example.com sees your ISP’s IP address.
Now, with a VPN:
Your Device -> (Encrypted) -> VPN Server -> example.com
Your ISP sees you’re connecting to a VPN server (an IP address they recognize as a VPN provider), but they don’t see you’re going to example.com. The website example.com sees the VPN server’s IP address, not yours.
The core problem a VPN solves is network eavesdropping and IP address tracking. When you’re on public Wi-Fi, for instance, anyone on the same network can potentially sniff your unencrypted traffic. A VPN encrypts this, making it gibberish to local snoops. It also masks your real IP, which websites and services use to identify and track you.
Internally, a VPN client on your device establishes a secure, encrypted "tunnel" to a VPN server. All your internet traffic is then routed through this tunnel. The VPN server decrypts your traffic and sends it to its final destination on the internet. The response from the website comes back to the VPN server, which encrypts it and sends it back through the tunnel to your device, where it’s decrypted.
The exact levers you control are typically:
- Server Location: You choose which country (or sometimes even city) the VPN server is located in. This determines the IP address that websites see.
- Protocol: Different VPN protocols (like OpenVPN, WireGuard, IKEv2) offer varying balances of speed and security. WireGuard is generally the fastest and most modern.
- Kill Switch: This feature automatically cuts your internet connection if the VPN tunnel drops unexpectedly, preventing your real IP from being exposed.
- Split Tunneling: Allows you to choose which applications or websites use the VPN and which connect directly to the internet.
What’s actually private? The content of your traffic and your destination from the perspective of your ISP and local network observers. They see you’re talking to a VPN server, but not what you’re saying or where you’re ultimately going.
However, the VPN provider itself can see your traffic if they choose to log it. This is why choosing a reputable VPN with a strict no-logs policy is paramount. Your ISP also sees you’re using a VPN, they just don’t see the encrypted data within that tunnel. Websites still see the IP address of the VPN server, not your real IP.
The most surprising true thing about VPNs is that they can sometimes slow down your internet speed significantly, not just because of encryption overhead, but because your traffic is taking a longer, multi-hop route: Your Device -> ISP -> VPN Server -> Website. The further the VPN server is geographically, and the more congested it is, the worse the performance hit.
The next concept to explore is DNS leaks, and how they can still reveal your browsing habits even when using a VPN.