How does a VPN work?

An illustration of a mobile phone running a VPN
(Image credit: Future)

Virtual private networks (VPNs) are handy privacy tools designed to boost your digital security—but how do VPNs work? With digital freedoms constantly under attack, and instances of censorship popping up around the world, it's no surprise that more people are investing in VPNs than ever before.

In addition to encrypting your personal data, the best VPNs can secure public Wi-Fi hotspots, unblock international streaming content, and even help you snag the best deals when doing your online shopping. The big question is: how?

The technologies that VPNs use, like encryption and protocols, can seem overly complex unless you're already familiar with them. In this guide, I'll walk you through these key concepts, unravel the mystery of how VPNs do what they do, and recommend a few of my favorite services.

Written by
River Hart headshot
Written by
River Hart

River helps take care of cybersecurity content on TechRadar—ranging from breaking news pieces, reviews, and buying guides. 

The top 3 VPNs in 2024

1.NordVPN: the best VPN in 2024

1. NordVPN: the best VPN in 2024
NordVPN offers a super secure all-in-one VPN solution with built-in ad blocking and malware protection as standard. It's one of the fastest VPN I have tested, too,  offering lots of customization and fantastic features. You can see why it's my top pick. 

↪ Read more in my NordVPN deep dive

2. The best VPN for beginners: ExpressVPN

2. The best VPN for beginners: ExpressVPN
ExpressVPN is great for beginners as it streamlines its processes, allowing you to enable it's great connections and secure protection in just one click.

While it does have a higher price point than Nord and Surfshark, it offers some excellent extras, including a password manager, a year of unlimited cloud storage, alongside three months of extra protection for free on a 12-month subscription. 

Plus, with a 30-day money-back guarantee, you can give it a try risk-free.

3. The best budget-friendly VPN: Surfshark 

3. The best budget-friendly VPN: Surfshark 

Surfshark is an excellent low-cost yet high-value option with great unblocking capabilities and excellent security features all in one easy-to-use package.

You can stream your favourite content no matter where you are with Surfsharks offering of servers in over 100 countries. Not only this, Surfshark costs just $2.29 per month, and even lets you try it without risking a penny thanks to its 30-day money-back guarantee, too.

What do VPNs do?

As soon as you hit the net, you're constantly sending out data from your device and receiving data back. For example, you might send out a request to view a certain web page and receive the content of that web page in return, as a result.

This raw data can be seen by your internet service provider (ISP), and other invasive third parties if they happen to intercept it along its journey.

That’s where a VPN can help. Hundreds of VPNs exist, and though the quality of these services vary, they typically all work in a similar way. VPNs route your traffic through a secure end-to-end encrypted tunnel that connects your device to a VPN server.

The VPN encrypts your data as it leaves your system, sending it to one of the VPN’s servers around the globe before it heads out onto the internet. Because the data is now encoded—scrambled—it’s unintelligible and can’t be exploited by ISPs or other snoopers.

What are servers?

In simple terms, servers are computers located somewhere around the globe that are running the VPN company's software, and when you're using a VPN, you are also running the VPN provider’s app or client on your machine. Your VPN will let you take your pick of servers via an interactive map or ordered list. 

Your VPN will also cloak your original IP address and replace it, temporarily, with one of its own. This means that your ISP, your government, and opportunistic cybercriminals will be unable to intercept your data, follow your activity across the web, or pinpoint your location.

A second benefit is that the VPN server effectively becomes the origin of your internet traffic, meaning your location appears to be where that server (computer) is based—and not your actual location at home. So, you'll get improved security and anonymity with a VPN (and other location-based perks that I'll cover a little later—and it's good news if you're an avid Netflix fan).

What is VPN encryption?

A VPN's most important job is encrypting your personal data and web traffic. Connect to a VPN, and your financial details, logins, messages, browsing history, and other data are all sent through an encrypted tunnel in uncrackable code.

Let’s say you're trying to log into Facebook. The request would be sent to your VPN service, which then establishes a connection between the device you're using and a VPN server. Then, your VPN sends the login request to the VPN server via the encrypted tunnel I mentioned earlier.

When the VPN server receives the request, it sends it on to Facebook's servers while it’s still encrypted. Facebook’s server receives the request, grants it, and sends the data back to the VPN server. This is where the VPN server re-encrypts and dispatches the request to your VPN, where it's deciphered and, finally, forwarded on to your device.

Your data is encrypted and decrypted at every point in this process. It might all seem complex, but Surfshark says that it all "happens in moments".

It's worth remembering that a heavy-handed government regime (or a particularly nosey ISP) could detect that your device is connected to a VPN—but they won't be able to read any of the traffic heading out to the VPN server, and find out what you're up to online, because of the VPN's encryption. Plus, this encryption is so strong that it can't realistically be broken.

Somebody posting a postcard, with a picture of a tropical beach scene, into a red letterbox

(Image credit: Shutterstock)

What are VPN protocols?

In addition to encryption, protocols are another fundamental aspect of VPNs. VPN protocols are commands and processes that determine how your traffic travels from server to server via the encrypted tunnel.

NordVPN claims that "each protocol focuses on a specific combination of features". Countless protocols are available, today, but the most popular include: 

  • Secure Sockets Layer (SSL)
  • Transport Layer Security (TLS)
  • Point-to-Point Tunneling Protocol (PPTP)
  • IP Security (IPSec)
  • Internet Key Exchange (IKEv1 or IKEv2)
  • Layer 2 Tunneling Protocol (L2TP)
  • WireGuard
  • OpenVPN

However, the VPN landscape is constantly shifting, with protocols quickly growing outdated and new protocols rising up to take their place. NordVPN also believes that protocols are imperfect: "each may have potential vulnerabilities, documented or yet to be discovered, that may or may not compromise your security".

OpenVPN and WireGuard are, generally, the two protocols you’ll find most of today's top VPNs using, thanks to their speed and security. It's also possible to switch protocols via your VPN app—which is handy if there's a particular protocol you’d like to use. Just head into the settings menu of your chosen VPN to switch it up.

Keeping up with these protocols is important, since they play a huge part in the overall speed, security, and privacy of your VPN, and you'll want to avoid using outdated protocols that put your data at risk.

OpenVPN, WireGuard, and proprietary protocols (including ExpressVPN's LightWay and Hotspot Shield's Catapult Hydra) are the safest options. IKEv2 is a solid alternative for mobile VPNs. This isn’t to say that other protocols are totally obsolete, but I’d recommend sticking to trusted picks if you want a reliable blend of speed and security.

How do VPNs unblock streaming sites?

While plenty of people use VPNs to boost their digital privacy, an increasing amount of folks are turning to VPNs to unblock streaming content from around the world.

How? Well, like I mentioned earlier, when you use a VPN and connect to one of its computers (servers), you'll appear to be that computer and be identified by its IP address. If that server happens to be in a different country to you, the IP address will, too, and you'll fool the sites you visit into thinking you’re in the location of your choosing. As a result, you'll be able to check out content that’d otherwise be locked behind annoying geo-restrictions.

Want to learn more?

We've unveiled the most reliable streaming companions in our guide to best Netflix VPNs

Here's an example. BBC iPlayer is inaccessible to anyone living outside the UK. So, imagine that you're in the US and want to check out some British content. You can fire up your BBC iPlayer VPN, join a server in the UK and, just like that, you'll appear to be located somewhere in the British Isles. You'll have your pick of BBC iPlayer shows, and the site itself will think you’re in the UK even though you're still in the US.

Or, it should. There's always a chance that content providers, like the BBC or Netflix, will detect VPN usage. They don't want people getting around their regional restrictions, after all, and will try to pinpoint and block VPN connections to put a stop to any geo-block hopping. These providers can't see your data—just that a VPN is being used.

For this reason, you might be identified as a VPN user and blocked, but the best streaming VPNs use pretty sophisticated software and methods of avoiding detection.

Content unblocking will always be a cat-and-mouse game between providers and VPNs, with tactics and results constantly changing. 

A man uses a VPN on a laptop in an office, and a small plant is beside the laptop on the desk.

(Image credit: Shutterstock)

How VPNs work - in a nutshell

VPNs route your traffic through a secure server, and not your ISP's servers, and encrypt it. This means that third-party snoopers (like cybercriminals, your ISP, and your government) can't read your traffic even if they happen to intercept it.

VPNs also use a variety of protocols to transfer your data. Currently, OpenVPN and WireGuard are today's most secure, speedy, and well-regarded options.

In addition to securing your data (including financial information, logins, and browsing history), a VPN can also unblock global streaming content thanks to its server network. With servers placed around the world, users can pick a location overseas, be assigned a new IP address based in that same place, fool sites into thinking they’re physically there, and bypass geo-restrictions that'd otherwise prevent them from accessing region-specific shows, movies, and sites.

FAQs

How do VPNs keep me safer online?

A VPN improves your online security by encrypting your data—ensuring nobody can snoop on it. While your ISP will (potentially) be able to see that you're using a VPN, or that you've connected to an encrypted server, they won’t be able to crack the encryption provided by the VPN, or make sense of your sensitive data.

This is good news, as it means your ISP won’t be able to sell this information on to advertisers or surrender it to authorities upon request.

A VPN comes in handy when relying on public Wi-Fi hotspots, too. These hotspots (usually offered by cafes, airports, and hotels) tend to lack adequate security measures, making them attractive to opportunistic hackers hungry for your data. VPN encryption ensures that your information remains secure, however, and totally unreadable.

VPNs can also boost your overall anonymity. By changing your IP address, they prevent your online activities from being traced back to your device, protecting you against snoopers and more direct threats like targeted DDoS attacks.

Are VPNs illegal?

In most cases, no. VPN use is legal in most countries—but there are exceptions to the rule, which you can learn more about in our VPN legality guide.

VPNs have been banned under strict regimes (like China and Russia), but it’s unclear how these bans might actually be enforced.

The important thing to remember is that while VPNs might be legal, what you do with it can still break the law. 

What can't a VPN hide?

VPNs encrypt your data and cloak your original IP address—but there are a handful of things that they can't hide. One of these is your device type. Through the use of browser fingerprinting, the sites you visit can collect data (like operating system and browser type) that'll inform them about what device you’re using.

Some VPN services can monitor your online activity, too, by keeping records of what you do and where you go when accessing the web. This is pretty invasive, and you’ll want to pick a secure VPN that adheres to a no-logs policy to ensure that your provider isn’t sitting on sensitive information about your browsing sessions.

How do sites know I'm using a VPN?

A VPN assigns you a new IP address when you connect to one of its servers—but these servers are shared amongst the VPN's user base. So, you might be given the same IP address as someone else. The fact that these IP addresses are shared across so many people has prompted some sites to figure out that they belong to VPNs and, ultimately, block them.

This doesn't always happen. A lot of sites won't mind the fact that you're using a VPNafter all, it'd be a ridiculously expensive and time-consuming endeavor to block, ban, or take action against everyone using a VPN.

Disclaimer

We test and review VPN services in the context of legal recreational uses. For example: 1. Accessing a service from another country (subject to the terms and conditions of that service). 2. Protecting your online security and strengthening your online privacy when abroad. We do not support or condone the illegal or malicious use of VPN services. Consuming pirated content that is paid-for is neither endorsed nor approved by Future Publishing.

River Hart
Tech Software Editor

River is a Tech Software Editor and VPN expert at TechRadar. They’re on-hand to keep VPN and cybersecurity content up-to-date and accurate. When they’re not helping readers find the best VPNs around (and the best deals), River can be found in close proximity to their PS5 or being pushed about the countryside by the lovely Welsh weather.