Do VPNs actually work?

Your computer connects to the VPN server, and then all your traffic goes through that to whatever your destination is. Sometimes, the information between you and the VPN server is encrypted, sometimes it’s not.

Do you really need one? If you want to appear like you’re coming from another country, sure. They’re great for that. Encryption? Honestly, most web traffic these days is already encrypted and a VPN just encrypts the encryption. It’s kind of overkill, honestly. Tracking your IP address? VPN might be good if you’re doing something illegal, but for general webbrowsing, it’s only needed if you’re
super paranoid.

The entire reason VPN’s were ever invented in the first place was for business users. They could be at home or on the road, connect to their company’s VPN, and then their computer would have access to all the internal resources that computers physically in the building would have.

If you are using a VPN to add a little bit of security to your stack and/or be able to log in to streaming sites and such from a different location…They’re ok I guess.

If you’re using a VPN for any kind of privacy concerns or to “hide what you’re doing from your ISP”, absolutely not.

In general, VPNs are hardly relevant anymore and I lose a significant amount of respect/trust in any YouTuber who are pushing them.

Yes. I use NordVPN and never have any issues. It just masks your host IP so you can’t be tracked as easily. It isn’t fool proof, but feds need a warrant to get your info from them, so it is a nice layer of protection while on line. It also hides your activity from local sources. As an anecdote, my coworker was once downloading a movie on his phone on public Wi-Fi in a cafe in California when I guy came over to him and told him he could see his activity and recommended he use a VPN or could risk a copyright strike on his data use. Not super necessary, but if you want to pirate anything it’s a pretty good idea.

The typical VPN YouTubers advertise is basically snake oil for anything apart from geolocation changing. Yes they technically do change your IP but that really doesn’t matter due to all the other ways you are tracked. Do they technically encrypt your traffic on public WiFi? Sure. But if you are using https websites, the traffic is already encrypted. And also if the government wants to track you they would likely get your information if the vpn has servers in your country. If someone wanted to really hide on the internet they could use TOR (the onion router) which is free.

Do VPNs actually work?

Yes. I mean, they do what they purport to do. They’re not magic, but they function in the way you would expect.

How the hell can it actually mask your IP?

It routes your network traffic through a relay server so that the other things you interact with just see the IP address of the relay server.

Wouldn’t they need to know your IP to send anything to your computer?

The VPN itself does, yes. The idea is that the VPN itself doesn’t do any of the bad stuff with your IP address that you’re afraid of other things doing. It doesn’t track your activity or report you to the censorists or whatever. Everything else you interact with just sees the IP address of the relay server run by the VPN company.

It’s legal, but that doesn’t mean things done using the VPN might not themselves be illegal.

Wouldn’t the provider need to log your IP so they know who their customers are?

What’s stopping law enforcement or the government demanding a list of IPs?

Thanks for the write up

It’s very relevant that most Internet traffic is encrypted these days, e.g. with TLS (https://). This means that nobody at the coffee shop, the coffee wifi administrator, nor your ISP can see the content of what you’re sending or receiving, as long as the app or site uses end to end encryption.

Some of these entities may be able to see what IP addresses you’re connected to, which domain names you access, or the size (rather than content) of the data you send and receive, even on an end to end encrypted connection. A VPN shifts that risk from the ISP to the VPN company.

Great summary, thanks!

I’m not going to ask you any personal details so you don’t oust yourself but I’m curious about your situation.

You believe the VPNs are secure enough from your countries prying eyes?

Anonymize maybe. Not de- prefix. That would make it known.

There is nothing illegal in this practice.

True in most countries, but certainly not all of them.

Most VPNs (or at least the good ones), don’t keep logs. That’s why a lot of people doing illegal stuff use VPNs, because even if LE tries to do anything, the VPN just shrugs and goes sorry, we don’t know.

Can you actually trust them though? It sounds like you’re putting a lot of trust in an organization you’re paying $10 a month to.

Most VPNs (or at least the

good

ones), don’t keep logs. That’s why a lot of people doing illegal stuff use VPNs, because even if LE tries to do anything, the VPN just shrugs and goes

sorry, we don’t know.

And this is where I am with OP. This is clearly not true. Any company that actually worked like this would be sued out of existence within a week.

They would go straight in to a court with the frankly enormous list of things being pirated and claim that the VPN was the end user and were liable. The VPN would shrugs and go “sorry we don’t know” and then laws around strict liability would kick in in pretty much every civilised country.

You are claiming the equivalent of handing out your car keys to your friends and then pretending you didn’t know who drove it into a pedestrian.

Most VPNs (or at least the good ones), don’t keep logs.

Most VPNs keep logs. By far the dominant use of VPNs are for corporate logins for remote workers and various device relay networks.

Ahh so in essence it’s like building a wall to a castle. Your enemy could buy cannons or catapults but maybe it’s not worth their time or money to do so. But if you have no wall at all they’re not afraid to march an army in.

Building a wall doesn’t stop them from singing your castle it just makes it take a lot more effort. Effort depending on the potential gain they may not be willing to take.

They know your IP if you’re connected but they don’t write it down anywhere. It’s like if you wrote something down on a piece of paper and then burned it later.

Nothing except trusting your VPN provider.

Your VPN provider is more trustworthy than public free Wi-Fi, but it is not necessarily more trustworthy than your home isp.

I have heard of several examples where “no log” VPNs found their logs and handed them to the government when asked.

Wouldn’t the provider need to log your IP so they know who their customers are?

A provider gives you your IP address when you connect to it’s service, the provider knows who you are based on your login credentials. The vpn provider knows your billing information, creates an account for you with login and password. When you connect they know exactly who you are and what IP address you are using, the real question is if the log this information and for how long they maintain the logs. Logging means the information is recorded in a file on their computers. Logging can be useful for troubleshooting and can be subpoenaed. It also takes storage space and so must be pruned (deleted) so as not to fill up existing storage or necessitate the addition of more storage to their system.

What’s stopping law enforcement or the government demanding a list of IPs?

Time, process, and possibly international agreements between nation states.

Time - Logs if they ever exist are going to be pruned, normally no one cares what happened on a network 5 years ago. Most of the time logs are used for troubleshooting a problem which is more of a current activity. Entities providing some sort of service to the public have more incentive to maintain logs for longer VPN’s actually are incentivized to keep minimal logs if any to protect their customers privacy. You can’t turn over logs you don’t have.

Process - Courts aren’t know for being fast, and law enforcement needs a warrant to get information (logs or otherwise). A victim will generally provide law enforcement with the info without a warrant, but a third party VPN or even an ISP has some responsibility to safe guard customers and thus are not legally bound to give the information just for the asking. The longer it takes to get the warrant, the more likely the provider has already deleted the requested information.

International Cybercrime Cooperation - Bad guys don’t connect to a VPN set an exit to a particular server and proceed to attack their target. It’s possible outside of a VPN to route your internet traffic through an open proxy even multiple proxies. Encrypting your communications end to end keeps service providers from seeing the content of what you are doing as it passes through their network, sending your traffic through 12 countries before it reaches the target means law enforcement has to go to 12 different international entities to get the tracing information, and which nation states aren’t likely to cooperate is a known thing. Forcing law enforcement to back trace your connection to a target through multiple non cooperative nation states can force a dead end or create a time factor ensuring that somewhere along the way the trail goes cold as one entity in the middle has no logs or refuses to divulge them.

VPN providers don’t need to log a clients IP addresses to know tho their customers are.

Customer accounts are typically bound to email addresses and not IP addresses. “No logs” simply means that the provider will not keep a record a record of what you do or what devices you use on their network.

I have a simplified explanation of a no-logs model below.

No-logs VPN providers typically have a system that allows active customers to generate “anonymous digital keys” on client devices. Client devices are machines that VPN users connect to a vpn network (i.e phones, PCs etc). These anonymous digital keys usually work in the background through a vpn app installed on a client device.

Anonymous digital keys allow a user the temporary access a “client node” on a vpn network. The client node is a computer that acts as a middle-man between your device and the rest of the VPN network.The client node does have access to your IP address. Ill explain how it protects your data below.

*When you send a request to the VPN; (i.e entering a website url into a browser while your vpn is active); your vpn app uses the anonymous digital key to encrypt (scramble) your request.

Your request is then carried through your Internet Service Provider (ISP) to the client node. If the encryption is good enough the ISP will not be able to decode the scrambled data. If the VPN service is not blocked by your ISP; the scrambled data will be carried to the client node. This is where the no logs magic happens.

The client node will receive the encrypted data and use its own key to unscramble your request and create an “event”. An event is a program that controls how information will flow in a network over a given period of time. The event temporarily stores information like a users device type, IP address, location etc.

This event will send requests to other nodes in the vpn network about what information a user wants to receive and send without exposing the users information to other nodes.

At this point the other nodes work hard to fetch, scramble and send the information the user wants back to the client node. The client node then relays the scrambled data back to a user’s device.

When the information reaches your device, the anonymous digital key that was generated earlier can unscramble and transform the back into a usable format.

When you disconnect from the client node, the event is terminated and the event data (i.e all your requests and your IP address) is deleted. Some no-logs VPN providers set up their client nodes to continuously delete some some data while the user is still connected. This practice allows their hardware keep enough memory accomodate more simultaneous users and improve user privacy.