I understand that VPNs are important for privacy and security but still don’t really understand what they do or how they work.
As an example: at my last job they would monitor all activity of anybody that used their wifi. There were instances where people visited adult sites (to be clear, this isn’t why I no longer work there XD), they would always find out and know who it was.
So if one were to use a VPN then would that make their activity unmonitorable? Or would the activity still be seen, but they wouldn’t be able to identity who it was? Or am I thinking about this entirely wrong?
I have my own reasons for understanding that aren’t looking at porn at work but I thought the example might help me understand what it does.
EDIT: Gotta love subs where you get downvoted for wanting to know more about something when it’s literally “for those who want to know more” about it. I guess I’ll look elsewhere since you have to already know everything to participate here.
A VPN will not make you anonymous. Use Tor for that.
It does help with security and privacy.
If you setup a VPN properly with no leaks, then your ISP (your previous employer’s IT department in this case) will not be able to tell which websites you visit. They would be able to see that you are sending some traffic to a VPN and the amount of data but that is it.
If this is on a work computer or they have installed software on your personal computer, then IT may have other ways of monitoring you, other than your network traffic. If this is the case, a VPN would not help.
don’t really understand what they do or how they work.
There are about 3 types of “VPN”, but here we’re talking about “to public internet” VPN.
You install the VPN client software on your device. All network traffic generated by your device will go through the client. The client will encrypt it and change the destination IP address to the address of a VPN server. Sends traffic out to LAN, router, ISP.
Traffic gets to VPN server. It decrypts the traffic, changes source address to that of VPN server, restores destination address to original destination. Sends traffic to destination web site.
Reverse happens on the way back.
So:
Your LAN / router / ISP just see encrypted traffic from your device to VPN server.
VPN server sees your traffic, but if that is HTTPS, all the VPN server sees is “guy at IP address N is doing traffic to sites at IP addresses X, Y, Z”.
Destination web site sees your traffic, but doesn’t see your home IP address, it sees the source as the VPN server’s IP address. Web site knows how to decrypt the HTTPS and do the operation you ask for (page fetch, post, whatever).
So, if you used a VPN at work, the IT dept could see that you (your IP address) was doing encrypted traffic to a VPN server. They couldn’t see traffic details such as what sites you’re accessing or what you’re doing on those sites.
The simple answer, is to not use work related internet connections for anything other than work. I don’t have anything personal connected to my work connection.
You can see VPN as an encrypted tunnel between your device (VPN client) and a VPN server. In your work example: Without VPN, the network admin can see the domains where your HTTP requests go, so they can roughly see what sites you visit (they still usually cannot see the contents of that communications because most internet traffic these days goes over HTTPS, which encrypts the actual data being transmitted). If you used a (correctly configured) VPN, the admin would only be able to see your connection to the VPN server and the rest would be encrypted data.
This only applies if the only surveillance is analyzing network traffic, of course (so for example with personal devices where they cannot install any other tracking software).
EDIT: Gotta love subs where you get downvoted for wanting to know more about something when it’s literally “for those who want to know more” about it. I guess I’ll look elsewhere since you have to already know everything to participate here
Sorry you feel that way, it’s unfortunately far too common.
The first answers you got were actually pretty good, especially the one from billdietrich1, even if you didn’t totally understand it. I’m a retired network analyst and I’ll try to simplify it a bit more for you.
A VPN’s job is to set up a ‘data tunnel’ between 2 endpoints. I always explained it in terms of a garden hose inside a big pipe, the garden hose being your vpn connection and the big pipe being of course, the internet. As you can imagine, nothing mixes between the two. However, at some point (the vpn endpoint server) your garden hose is just connected to the big pipe for the rest of the trip and there it does mix, however the data itself can still be encrypted (this is what SSL or https connections do). So you can see that it would appear as if the source was the point where the two mix (the vpn endpoint server) because that is, for lack of a better term, the ‘onramp’ to the internet where your data comes out its private tunnel and onto the information highway. But if your data is still encrypted, it is unreadable by anyone intercepting it. These two technologies work together to hide your location and keep your data safe, and if you have the option of choosing different endpoint servers you can appear to be in another location or country.
Employers often take it one step further by giving you a vpn router or client software that connects directly to a companion vpn router at their end. So in the case of this private vpn, the tunnel (garden hose) goes all the way from you to your employer’s premises. Even though it may traverse the internet along the way, it is a totally private connection that doesn’t rely on a third party vpn service provider.
Other than security and location masking, another (negative) characteristic of vpn’s is that all this processing takes computing power and time. So your connection speed will suffer. That’s why a lot of people use their vpn only on demand when they need the extra privacy or location cloaking. Their data is already protected in most cases by SSL because almost all websites these days are prefaced with ‘https’ - the S denoting a securely encrypted SSL connection. When you use SSL your location is easily known, but what is coming from it or going to it is encrypted and unreadable by outsiders.
EDIT: Gotta love subs where you get downvoted for wanting to know more about something when it’s literally “for those who want to know more” about it. I guess I’ll look elsewhere since you have to already know everything to participate here.
Do you always throw a fit when you don’t get immediate validation on social media?
Tor, unless you go to Harvard and on your university campus network using tor to do something illegal like a false bomb threat. But let’s not be too specific…
It’s a little more complicated. The people watching you go in the tunnel will know where you’re exiting or where you came from, with a VPN this isn’t true.
Using corporate resources for personal use is a gray area. It depends on corporate policies, if they exist to cover this, as well as the actual activities.
For example, somebody torrenting copyrighted material like movies over a vpn using company pc is usually a termination offense, walk you right out the door, and possibly contact law enforcement as well.
However, just buying flowers for mom on mother’s day is probably fine.
What makes you think they threw a fit and that it was about not getting immediate validation? Nowhere did they say that. It’s too bad that you are so unhappy with your life.
Some background information. OpenVPN and wireguard are open protocols that anyone can use. Wireguard is newer and faster but OpenVPN is more thoroughly tested and well known. Personally, I prefer wireguard. Most VPNs support OpenVPN, and support is growing for wireguard but it is not near universal like OpenVPN. Both protocols have their own officials clients that you can download off of their websites. https://www.wireguard.com/install/ and https://openvpn.net/download-open-vpn/. You may or may want to use these clients or a VPN provider’s specific client. More on that in a bit.
First, find a VPN provider. See here for a comparison of various providers. Or you can rent a VPS and selfhost your own VPN server. But that is more complicated, so I will be sticking with the first option.
Then install the VPN client. Most VPNs have their own client that provide and maintain. Or you can download the OpenVPN or wireguard clients and use them directly. Again this is more complicated but they support a wider range of hardware and operating systems. The provided client may only work on Windows for example.
Connect to the VPN. With the VPN provider’s specific VPN this should only need to login to the client and then click the start button. Your public IP should change. The easiest way to check this is simply googling “what is my IP” before and after you connect to the VPN.