VPN (Virtual Private Network)

A VPN (Virtual Private Network) creates an encrypted tunnel between your device and a remote server. All internet traffic passes through this tunnel, so your ISP sees only an encrypted connection to the VPN server — not the sites you visit. Websites see the VPN server's IP address, not yours.

How a VPN works technically

When you connect to a VPN, your device negotiates an encrypted session with the VPN server using a key exchange protocol. From that point, every packet your device sends is encapsulated inside an encrypted wrapper and forwarded to the VPN server. The server decrypts the packet, sends it to the destination on your behalf, receives the response, re-encrypts it, and sends it back to you. To any observer between your device and the VPN server — including your ISP — the traffic looks like a stream of encrypted data to a single IP address.

VPN protocols compared

• WireGuard — modern, fast, minimal code base (~4,000 lines vs OpenVPN's ~100,000); uses ChaCha20 encryption; lowest overhead of any current protocol; preferred for most use cases
• OpenVPN — mature, widely audited, highly configurable; runs over UDP (faster) or TCP (more reliable through restrictive firewalls); higher CPU overhead than WireGuard
• IKEv2/IPsec — fast reconnection after network changes (ideal for mobile); built into iOS and macOS natively; good balance of speed and security
• L2TP/IPsec — older; considered weaker than the above; avoid for privacy-sensitive use; primarily seen in legacy corporate setups

Use cases

Privacy from your ISP: Without a VPN, your ISP can log every domain you visit (even with HTTPS, DNS queries are visible). A VPN prevents this, shifting trust to the VPN provider instead.

Public Wi-Fi security: On open Wi-Fi (hotels, airports, coffee shops), a VPN encrypts your traffic before it leaves your device, preventing passive eavesdropping.

Corporate remote access: Enterprise VPNs tunnel employees into the company's private network, allowing access to internal systems as if physically on-site.

Geo-restriction bypass: Some streaming services and websites are restricted by IP geography. A VPN server in another country presents that country's IP to the destination, bypassing the restriction — though streaming services actively block known VPN IP ranges.

What a VPN does NOT protect

• Tracking by cookies, browser fingerprinting, and accounts you are logged into — websites identify you regardless of IP
• Malware already on your device — a VPN is a network tunnel, not an antivirus
• DNS leaks if the VPN client is misconfigured — always verify with a DNS leak test after connecting
• Your activity from the VPN provider itself — you are shifting trust, not eliminating it

Speed impact

Encryption overhead and the extra routing hop both cost throughput and latency. WireGuard on a nearby server typically reduces download speed by 5–15% and adds 5–15 ms latency. Connecting to a server on the other side of the world can add 100–200 ms and halve throughput due to longer TCP round-trip times. For best performance, choose a VPN server geographically close to either you or your destination.

Split tunneling and kill switch

Split tunneling lets you route only specific apps or destinations through the VPN while the rest of your traffic goes directly to the internet. Useful for maintaining local network access (printers, NAS) while protecting sensitive apps.

A kill switch blocks all internet traffic if the VPN connection drops unexpectedly, preventing your real IP from being exposed during a reconnection. Most reputable VPN clients include this feature; enable it if privacy is your primary concern.

Choosing a VPN

Key criteria: jurisdiction (avoid five/nine/fourteen-eyes countries if ISP-level surveillance is your concern), independently audited no-logs policy (audit reports should be publicly available), open-source client code, and WireGuard support. Mullvad, ProtonVPN, and IVPN are consistently recommended by privacy researchers. Free VPNs monetise by logging and selling the data they claim not to collect — the product is your browsing history, not the software.

Frequently Asked Questions

Does a VPN make my internet faster?

Rarely. A VPN can improve speed in specific cases where your ISP routes you poorly to a destination — the VPN may take a better path. In most cases it adds 5–20% overhead. It never adds capacity that does not exist.

Do I need a VPN at home?

Depends on your threat model. On your home network, your main concern is ISP tracking and data retention. DNS over HTTPS addresses the most common ISP tracking (DNS queries) without the latency overhead of a full VPN. A VPN provides broader protection if that matters to you.