I get that VPNs are important for privacy and security, but I still don’t really get what they do or how they work.
For instance, at my last job, they would keep an eye on everything anyone did on their Wi-Fi. There were cases where people visited adult sites (not why I left, just saying), and they would always find out who it was.
So if someone uses a VPN, does that make their online activity hidden from the boss? Or can they still see the activity, but not know who did it? Or am I way off in my thinking?
I have my reasons for wanting to know that aren’t just about avoiding work porn but thought this example might clarify things for me.
EDIT: It’s frustrating to be downvoted for trying to learn more when this forum is supposed to be for people wanting to know more. Guess I’ll look for answers elsewhere since it seems you have to know everything to be part of the conversations here.
A VPN won’t make you totally anonymous. You should use Tor for that.
But a VPN does help improve your security and privacy.
If you set up a VPN correctly and it has no leaks, your ISP (like your old boss in this case) won’t know what sites you visit. They can see you’re sending traffic to a VPN and the amount of data, but that’s it.
If you’re using a work computer or they have spyware on your personal computer, IT can find other ways to watch what you’re doing besides just network traffic. If that’s the case, a VPN won’t do you any good.
Bryce said: @Steele
How does one set up a VPN? I’ve never used one and want to learn.
First, some background. OpenVPN and WireGuard are both free protocols available for anyone to use. WireGuard is newer and faster, but OpenVPN is more tested and known. I personally like WireGuard. Most VPNs support OpenVPN, and more are adding WireGuard support, but that’s not universal yet. Each protocol has its own official client you can download at their websites. https://www.wireguard.com/install/ and https://openvpn.net/download-open-vpn/. You can choose to use these clients or the specific ones from your VPN provider.
First, pick a VPN provider. Check this comparison of various providers or rent a VPS and set up your own VPN server, but that’s more complicated, so I’ll stick with the first option.
Install the VPN client. Most VPNs come with their own client to manage the connection. You can also download OpenVPN or WireGuard clients directly, which are more versatile but also a bit complex. The client from your VPN provider might only work on certain systems like Windows.
Connect to the VPN. If you’re using your provider’s software, just log in and click the start button. Your public IP should change. To check, just search “what is my IP” before and after connecting to the VPN.
Bryce said: @Steele
How does one set up a VPN? I’ve never used one and want to learn.
Why do you want to use a VPN?
I want to watch and download movies and TV shows I enjoy without my ISP spying on me. I also heard that I could help other users of Tor who might need it more than I do. I don’t know if that’s true but it feels like an added benefit of using a VPN.
@Bryce
Got it. Yeah, a VPN will definitely be useful. The service I use has PC apps that can start automatically, reconnect if lost, and block internet access if the VPN is disconnected. Most services also have apps for Android. Plus, you can often use open-source apps like OpenVPN if you prefer.
Jai said: @Steele
Can someone explain how this keeps my ISP from seeing me when I use torrents? I mean, they can see how much data I’m using, right?
Think of this way. Imagine you want to send a letter from work but don’t want your boss to see who it’s for.
Usually, your boss would see that because you write the address on the envelope and they control the mailbox. The actual letter can be opened only by the person it’s meant for, but you’d still be in trouble if your boss sees you sending it, even if they don’t know what’s inside.
So instead of sending it directly, you get a middleman to forward your letter to the real address. Now, you put your letter inside another envelope addressed to the middleman. So if you send it this way, your boss won’t know who you’re writing to, just that you’re sending something to the middleman.
Don’t really understand what they do or how they work.
There are about three kinds of VPNs, but we are focusing on the kind that connects to the public internet.
You install the VPN client on your device. All the internet traffic from your device will go through that client. The client will encrypt your data and change your destination IP to the server’s IP. Then it goes out through your LAN, router, and ISP.
Once your traffic reaches the VPN server, it decrypts it, changes the source address to the VPN server’s address, and sends it to the final destination.
When the response comes back, the reverse happens.
So:
Your LAN, router, and ISP will just see that you’re sending encrypted traffic to the VPN server.
The VPN server can see your traffic, but if it’s HTTPS, all the server will see is that you (at IP address N) are sending data to sites at IP address X, Y, and Z.
The website sees your traffic but doesn’t see your home IP address. It sees the server’s IP instead. It can still decrypt HTTPS to do what you requested like loading a page or submitting data.
So if you used a VPN at work, the IT department could see that you were making encrypted traffic to a VPN server. They wouldn’t be able to see what sites you’re going to or what you’re doing there.
People see you enter and exit, but they can’t see you while you’re inside.
It’s a bit more complex than that. The watchers at the tunnel entrance will know where you come out and where you went in, but with a VPN, that isn’t the case.
That’s not true with a VPN. The previous commenter doesn’t have the right info. Without knowing where you’re going or where you came from, traffic can’t be routed. A good VPN encrypts all traffic and reveals the IP addresses only when it reaches a specific hop. The best move is to set up your VPN, run a traceroute, and make sure all traffic goes through trusted points. Set your VPN options to avoid other DNS leaks and ensure DNSSEC is active.