What Is a VPN (Virtual Private Network)?

A VPN is a lie you tell to the network—and the network believes you.

You're sitting in a coffee shop in Seattle, but as far as the Internet knows, you're in the London office, on the corporate network, with access to everything. Or you're at home, but Netflix thinks you're in Japan. Or you're on airport WiFi, but the sketchy guy running that network can't see a single thing you're doing.

That's what a Virtual Private Network does. It creates an illusion of physical presence somewhere else, using nothing but encryption and a server willing to play along.

The Name Says Everything

Virtual: It's not real infrastructure. No one ran a cable from your laptop to the corporate office. The "network" exists only as software and encryption.

Private: The communication is encrypted and hidden from everyone except the endpoints. Your ISP, the coffee shop, the backbone providers routing your packets—none of them can read what you're sending.

Network: You become part of a network you're not physically connected to. You get an IP address on that network. You can access resources on that network. For all practical purposes, you're there.

The whole thing is an elaborate fiction, maintained by cryptography strong enough that no one can prove it's fiction.

What Problem Does This Solve?

Without a VPN, your Internet traffic is uncomfortably visible.

Your ISP sees every domain you visit. They know you went to WebMD at 2 AM, then to a pharmacy website, then to your bank. They can't see what you typed (thanks to HTTPS), but they see where you went and when.

Public WiFi is worse. The network operator sees your traffic. Other people on the network might be able to intercept it. That "Free Airport WiFi" could be run by anyone.

And for companies, the problem is different: employees need to access internal systems, but those systems shouldn't be exposed to the Internet. The file server with all the contracts, the database with customer information, the internal applications—none of that should have a public IP address.

A VPN solves all of these by creating an encrypted tunnel. Your traffic enters the tunnel on your device, encrypted. It exits the tunnel at the VPN server, decrypted. Everything in between sees only encrypted noise traveling to a single destination.

How the Tunnel Works

When you connect to a VPN, your device and the VPN server perform a cryptographic handshake. They agree on encryption keys. They verify each other's identity. They establish a secure channel.

Once the tunnel exists, your device routes traffic through it. You want to visit a website? That request gets encrypted and sent to the VPN server. The server decrypts it, fetches the page, encrypts the response, and sends it back through the tunnel.

From the website's perspective, the request came from the VPN server. Your real IP address never appears. Your location appears to be wherever the VPN server is.

From your ISP's perspective, you're just sending encrypted traffic to a single IP address. They can't see what's inside. They can't see where it ultimately goes.

The encryption is serious. Modern VPNs use AES-256, the same encryption standard used by governments for classified information. Breaking it would require more computational power than exists on Earth, running for longer than the universe has existed.

Two Flavors of VPN

Remote Access VPNs connect individual users to a network. This is what you use when working from home. You authenticate, the tunnel opens, and suddenly your laptop acts like it's plugged into the office network. Internal file servers appear. Internal applications work. The corporate network extends to wherever you happen to be sitting.

Site-to-Site VPNs connect entire networks to each other. A company with offices in New York and Tokyo might use a site-to-site VPN to merge them into one network. Computers in New York can reach servers in Tokyo as easily as reaching something down the hall. The VPN handles it transparently—users don't even know a tunnel is involved.

The Trust Paradox

Here's what consumer VPN marketing won't tell you clearly: when you use a VPN for privacy, you're not eliminating surveillance. You're choosing your surveillant.

Without a VPN, your ISP sees your traffic patterns. With a VPN, your VPN provider sees your traffic patterns instead. You've shifted trust from one company to another.

Is that an improvement? Maybe. Your ISP might sell browsing data to advertisers. Your ISP is subject to local laws and can be compelled to hand over records. Your VPN provider might be in a different jurisdiction with different rules.

But your VPN provider could also be logging everything despite claiming otherwise. Several "no-logs" VPN providers have been caught keeping logs. Others have handed data to law enforcement, revealing that they had data to hand over.

VPNs provide privacy from local observers. They don't provide anonymity. The VPN provider always knows who you are and can see unencrypted traffic. If anonymity is the goal, that requires different tools—like Tor—designed specifically for that purpose.

The Geographic Shell Game

Because your traffic appears to come from the VPN server's location, VPNs let you appear to be somewhere you're not.

Connect to a VPN server in the UK, and British websites think you're British. Connect to one in Japan, and Japanese services see a Japanese IP address.

This has legitimate uses. Testing how your website appears to international users. Accessing your home country's services while traveling abroad. Reaching region-specific content you're legally entitled to.

It also gets used to circumvent geographic restrictions on streaming services, which is a constant cat-and-mouse game. Netflix knows VPN server IP addresses and blocks them. VPN providers spin up new servers. Netflix blocks those too. Whether this violates terms of service is between you and the streaming service.

What VPNs Don't Do

A VPN protects traffic in transit. That's it. It doesn't:

Protect against malware. If you download a virus, the VPN carried that virus to you through an encrypted tunnel. Congratulations, your infection was private.

Stop phishing. You can still click a malicious link. The VPN will faithfully deliver you to the phishing site.

Fix bad security practices. Weak passwords, unpatched software, clicking suspicious attachments—the VPN doesn't help with any of that.

Make you anonymous. Your VPN provider knows who you are. Websites can still track you through cookies, browser fingerprinting, and account logins.

VPNs are a tool for network privacy and secure remote access. They're not a magic security solution, despite what the advertising implies.

The Performance Tax

VPNs add overhead. Your traffic now takes a detour through the VPN server. Encryption and decryption take processing time. The tunnel itself adds packet overhead.

How much this matters depends on:

• Server distance: A VPN server across the world adds latency. A server in your city barely does.
• Server load: Overloaded servers create bottlenecks.
• Protocol efficiency: Modern protocols like WireGuard minimize overhead. Older protocols carry more baggage.
• Your baseline speed: If you have gigabit fiber, you might notice the reduction. On average broadband, probably not.

Well-configured VPNs with nearby servers typically add single-digit milliseconds of latency. Poorly chosen servers can add hundreds.

When You Actually Need a VPN

Working remotely: Accessing internal company resources requires it. There's no other secure way to reach systems that shouldn't be on the public Internet.

Public WiFi: Any network you don't control is potentially hostile. VPNs make that irrelevant by encrypting everything.

ISP privacy: If you'd rather your Internet provider not have a complete log of every site you visit, a VPN breaks that visibility.

Network restrictions: Some networks block certain services. A VPN routes around those restrictions (though this may violate policies).

For everyday browsing at home on a network you trust? The benefit is marginal. HTTPS already encrypts the content of your communications. A VPN hides the metadata—which sites you visit—but whether that matters depends on your threat model.

The Illusion That Works

A VPN is, fundamentally, a trick. You're not really on the corporate network. You're not really in another country. The packets are still traveling over the same Internet infrastructure, through the same routers, across the same cables.

But the trick works. The encryption is unbreakable. The IP address substitution is complete. The tunnel really does hide your traffic from observers.

It's a virtual private network. Virtual—because it exists only in software. Private—because no one else can see inside. Network—because you genuinely become part of one.

The lie is seamless enough that it becomes true.