About
Get NymVPN
Privacy

What is a VPN (Virtual Private Network)?

A guide to the popular privacy tool with centralized and decentralized forms

Author: Nym
17 mins read
NymWorld-1.svg

Virtual Private Networks (VPNs) have taken off, with an estimated one-fifth of the world’s population having used one – 1.2B users is a huge market! Since privacy is the literal center of a VPN, the big question is: what sort of privacy are billions of people actually getting from VPNs?

All VPNs perform the common function of being a proxy or intermediary for your internet traffic: they essentially mask your identity so that you can have some privacy in what you do online. However, the level of actual privacy you have depends highly on the architecture of the VPN service and its privacy features.

In order to explain how VPNs work, Nym’s guide will focus on the big difference between centralized and decentralized VPN (dVPN) services. The key takeaway is that true privacy and anonymity online cannot be secured through centralized VPNs. What is needed is a novel form of decentralized and anonymous routing for our traffic. But to see why, let’s start from the beginning.

What does a VPN do?

When it comes to protecting your privacy online, a VPN provides two core functions for routing: a proxy or relay connection (which obscures the origin of your traffic) and tunneled encryption (which safeguards the content of your data in transit).

Keep in mind that a VPN is not the same thing as a proxy server: a VPN provides system-wide coverage, whereas proxies are app-specific and -configured. Moreover, VPNs are not the only way in which your online traffic might be encrypted, though VPN encryption is an important security layer.

Masks your IP address

The cornerstone of VPN protection is obscuring your Internet Protocol (IP) address. Your IP is a unique identifier for your device which allows your Internet Service Provider (ISP) to connect you with other IPs on the web, such as a website’s server. In addition to this 32- or 128-bit number, your IP address also makes certain information about you publicly visible whenever you connect with something online, notably your ISP and approximate location. It doesn’t reveal “Joe Schmo at 43 W. Main Street at 3:30PM,” but it is the number that will be associated with everything you do online, almost like a digital fingerprint left on whatever you digitally touch.

When you access the web with a VPN activated, all of your traffic will first pass through the VPN’s own server(s) before connecting with your intended destination. Since every server has its own IP address, your personal IP attached to the data of your traffic will be replaced with the VPN’s IP. This will make it appear that the VPN server is the origin of the request and not your personal device. This is VPN anonymity in a nutshell: the VPN “proxies” or “stands in” for what you do online.

Encrypts your data

Before your traffic ever leaves your device, VPN protection in fact begins with data encryption. This is done through what’s called a VPN tunnel established between your device and the VPN server. Only these two ends have the necessary keys to decrypt it. If any third-party attempts to intercept your traffic in between your device and the VPN server, the data will be indecipherable.

Keep in mind that most web connections are now encrypted by default through HTTPS encryption protocols, so VPN encryption just adds an additional layer of security for the content of what you do or communicate. However, protecting the metadata of your traffic is a more difficult task since a lot of unprotected information still “leaks” from encrypted connections (e.g., when, where, and with whom you connect). Metadata can reveal a lot of personal information if compiled and analyzed, including whole browsing histories.

Protects your anonymity

VPNs can also provide additional privacy and security protections: multiple and decentralized server networks, country selection, kill switches, DNS leak protection, and advanced techniques for blocking traffic analysis. But before diving into these details below, there’s something you might be wondering.

Why do you even need a VPN?

What’s the use of a VPN in the first place, and who needs one? The short answer: if you’re concerned about your privacy online, then a quality VPN is the best tool available to protect it.

There is a false assumption that only people with something to hide need to go to additional lengths to make their activities private and anonymous. In reality, everyone needs to protect their privacy online because everyone’s privacy is being systematically exploited.

Threats to online privacy

Being private on the internet is extremely difficult (and not for the reason that we say that the web is “public”). Certain information online is intended to be accessible by everyone (the info provided by a website or web service, or a blog posted for an open audience). We probably expect that the information we do and do not share publicly should be decided by us. This assumption, unfortunately, is naive.

There are many different agents and algorithms tracking whatever we do online. The amount of data collected is being exponentially increased with the help of AI systems. Sometimes this tracking is clandestine, and other times it is something we “consent” to by accepting virtually unreadable terms & conditions to access a service. In both cases, users remain largely oblivious to what is being tracked and by whom.

Data trackers

But who is tracking us exactly? In terms of the scales of global tracking, these trackers include:

  • Big tech companies. Companies like Google, Meta, and Apple are the largest compilers of user data. This data is being used for marketing, product development, but also commercial exchanges with third-parties.

  • ISPs. Everything we do online passes first through ISPs that give us access to the public web. ISPs regularly keep metadata records and even sell them to third parties.

  • Government intelligence agencies. Government surveillance programs have unprecedented access to digital records, though their interest in what we do may likely be more limited (e.g., to identify national security threats). However, the potential for using this data illegitimately is extreme, and in some countries this has real and dire consequences for human rights.

  • Data brokers. These are companies that commercially traffic mass data records of internet users collected from service providers, ISPs, and other tracking means.

  • Advertisers. Mass data records are bought and analyzed by ad agencies to predict consumer trends and to target advertising to users on an individual and collective scale.

  • Web services. Every website you visit collects data about what you do through their site, whether for operational purposes, to improve user experience, or for commercial goals like selling user data to brokers.

  • Cyber criminals. Your data is a window into your personal world, so it can be useful to malicious agents looking to exploit you.

This is a long list, and it is neither exhaustive nor fully representative of all the motives for data tracking efforts. The key takeaway is that it doesn’t matter what you do online: whether you’re simply shopping or browsing on a whim, sending private messages, or checking in with a medical clinic for an appointment, every piece of data is being tracked somewhere.

How can a VPN help?

Shielding your identity online through a VPN can be a means of fighting against these invasive practices. But to make untraceable what AI-algorithms are programmed to keep track of, we need to choose the right kind of privacy tool. Ultimately, there are many types of VPNs with different potentials for protecting our privacy online. So let’s see how they work.

Read more on how a VPN protects you and your privacy.

General types of VPNs

There are two general types of VPN architectures: traditional (or centralized) VPNs and decentralized VPNs (dVPNs). These types are based on how many physical servers are used to route your data, who controls them, and how data is handled in transit.

Centralized VPNs

The majority of VPNs on the market use c__entralized server infrastructures__. This means two things: (1) your traffic is typically relayed through only one VPN server before accessing the web, and (2) the many possible servers to choose from are owned (or rented) and operated by a single VPN service provider. This is crucial when it comes to how private you are at the end of the day.

When using a mainstream and centralized VPN service, you’re allowing one company to handle all the traffic coming from your device so that they mask your identity behind their own IP address. So anything you do online through the VPN will be potentially recorded (or logged) by the VPN server. When these complete traffic records are located in one physical location (on a single VPN server), the risks are clear.

Assuming we turned to a VPN to protect our privacy and anonymity online, any centralized logging of our traffic on one server ultimately defeats the purpose. All it takes is one data breach, or one government request for mass records of users, to render our privacy null and void. The metadata records of everything we’ve done, however mundane, can thus be retrieved and made available.

But do these mainstream VPNs keep logs or records of user traffic? Ultimately, we never know for sure. Privacy-marketing VPNs often pledge “no logs” or “zero logs” policies to assure users that they do not, or they clarify that they only keep “operational logs,” which is to say, essential information (like IP addresses) to maintain network connections. Others offer no such policies (hint: bad sign). And many state explicitly in their Terms & Conditions that they share user data with ambiguous terms like “marketing partners and affiliates” – in other words, anyone with whom they’ve made a data sharing contract.

Whatever the specific policies offered by VPN services, these are only necessary because of their centralized server architectures: they potentially have all our metadata in one place, so we must trust that they protect our privacy. Fortunately, this is not the only VPN option for users.

Decentralized VPNs

Decentralized VPN technology has developed in response to the risks posed by traditionally centralized VPN services: data breaches, cooperation with overreaching government requests for user records en masse, and AI advancements in traffic analysis. A dVPN should make it structurally impossible for all your traffic data to ever be legible in one physical space, and a good one should significantly complicate tracking efforts across the network.

Decentralization requires a minimum of 2 independent servers to route your traffic. To do so, for example, the multiple servers cannot be owned and run by the same individual or company; they must be independent, and ideally geographically dispersed. True decentralization comes from the lack of any central point of failure or exploit so that if one server is breached, only a partial picture of your traffic will be revealed. Breaching multiple servers to compile a full traffic record becomes exponentially difficult as the number of servers increases.

How does a VPN work?

VPN services rely on very different physical infrastructures, and this makes a huge difference for user privacy. So let’s look at what happens to your traffic as it passes through these different models.

Traditional VPN routing

With a traditional VPN service, your traffic should first be encrypted on your device before being tunneled to the sole VPN server. Once there, the IP address associated with your traffic will be replaced with the VPN’s own public IP, and the traffic decrypted to reveal where to send your request. When your traffic arrives at its final destination, it will appear to originate from the VPN server.

But who sees your identity exactly? On this one-hop model, the VPN is the sole intermediary for your traffic, so they will see both your IP address and who or what you’re connecting with. The recipient, however, will only see the IP address of the VPN. This provides a simple form of anonymity for you in relation to a recipient on the public web.

dVPN routing

With a dVPN, your traffic will be routed through a minimum of two independent servers. So while the first dVPN server will see your IP address, they will not be able to see who you’re ultimately connecting with. Likewise, while the second and final dVPN server can see who you’re connecting with, they will not have access to your true IP address, only the IP of the previous server on the network. The VPN service provider should not have access to any data on these servers, nor should it be able to coordinate between them.

With a dVPN, the full record of your traffic is never logable in one spot: privacy is not a promise, but a design feature.

Read this article to discover more about: decentralized VPNs.

Advanced VPN privacy features

In addition to proxy and encrypted routing, VPNs can also provide additional privacy and security features. Keep in mind that VPN providers on the market vary significantly in terms of these provisions, so look for them in shopping for the best VPN for privacy.

  • Kill switch. A kill switch is a unique feature that severs your internet connection immediately if your connection with the VPN server drops, even for a moment. Imagine that you’re in the process of downloading or sending a sensitive piece of information, and there is an imperceptible glitch that interrupts your VPN connection. In this short span of time, your traffic will no longer be protected by the VPN. A kill switch blocks exposure until the VPN connection is reinitiated.

  • Split tunneling. Split tunneling is an advanced configuration for certain VPNs that allows users to decide what traffic uses the VPN and what bypasses it. For example, imagine you need advanced privacy and security for a work email client, but don’t want the potential latency issues while using a gaming interface. You can customize your VPN to protect all traffic from a browser or email app while excluding the less-sensitive gaming activity.

  • DNS leak protection. A Domain Name Server (DNS) is what translates a connection from a human-centric address www.nymvpn.com to a computer-centric or numerical IP address. This service is usually provided by your ISP. A DNS leak occurs when a traffic request goes to a DNS server of your ISP rather than through the VPN encrypted tunnel. If this occurs, the ISP can see and log your connection details. VPNs can protect against this configuration error by essentially running their own DNS servers.

  • Multi-server routing. As we’ve seen, the large majority of VPN services are single-server routing architectures. This leads to all kinds of risks. Some VPN services offer advanced plans for multi-server routing, or what are sometimes called double VPN modes. However, these servers are still controlled by a single entity and so are fundamentally less private for users. A dVPN is multi-server by default, and without increased financial costs for the user.

  • Country selection. Many VPNs allow you to choose the country of the last (or only) hop your traffic makes. This means that you can select the country which you want your traffic to appear it’s coming from. This is not necessarily a privacy, and many people use a VPN simply to access content available exclusively in another country (video streaming, etc.). But it can also be a means of bypassing unjust censorship controls in one’s country of origin. The efficacy of VPNs for resisting censorship, however, is dependent on many factors, including whether a country has blacklisted a VPN or not.

What VPNs don’t do

Quality VPNs can clearly do a lot when it comes to increasing our privacy and anonymity online, but these capabilities highly depend on the VPN service provider and the architecture of its network. Additionally, there are things that VPNs simply cannot do, as well as vulnerabilities specific to each.

What no VPN can do

  • Protect your device 100%. VPNs can do a lot to protect your data in transit against hacking attempts, and they can even be very effective in preventing known malicious advertising or phishing scams from connecting with your device. However, they cannot protect your device from being compromised in the first place. If malware or spyware is already on your device, any VPN encryption and proxying cannot guarantee your privacy and security.

  • Provide end-to-end encryption on their own. Your traffic will be end-to-end encrypted only if your initial connection is encrypted (e.g., through an HTTPS connection). VPN tunneled encryption only encrypts your data en route between your device and the VPN server. Once on the server, that layer of encryption is removed, revealing where to send your data on the public web. Without HTTPS or SSL/TLS encryption first established, your data will be in the clear, fully legible, and exploitable between the VPN server and the destination.

What Traditional VPNs don’t do

  • Make traffic logging impossible. Centralized VPNs can promise that they won’t keep logs of our traffic, but because their servers have access to the full route of what we do online, this ultimately requires our trust in them.

  • Guarantee against data breaches. No security system is absolutely foolproof, and data servers are certainly no exception. VPN servers are a common and successful target for cyberattacks because they potentially contain the information of millions of users in one spot. So any data that a VPN service provider does keep records of can be potentially exposed.

  • Ensure against government surveillance. Governments and law enforcement agencies have been known to demand traffic and subscription records of VPN users. If a VPN service is located within the legal justification of a government surveillance request, such as the 14-eyes network of countries, then they can be legally compelled to disclose any records. Of course, this cooperation could come to nothing if no relevant records are kept. But if they are, then many people’s personal information can be placed in the hands of authorities in what could be nothing more than mass fishing attempts.

What dVPNs don’t do

  • Provide the fastest service. The privacy provided by a dVPN comes from the multiple, independent servers that make your traffic more anonymous. But for every stop and decryption process your data has to go through in the network, the slower the connection is going to be. dVPNs like NymVPN can now provide improved speeds thanks to encrypted communication protocols like WireGuard, but speeds will never compare to a high-performing single-server VPN infrastructure, let alone a direct connection with the web.

Summary

VPNs have come to be associated with online privacy and anonymity. Unfortunately, times have changed for the worse. With advancements in data tracking technology and mass surveillance programs, the traditional VPNs that dominate the market are inadequate to protect our privacy in any meaningful way. Data centralization is the reason behind this failure.

Decentralized VPN technology provides a new way to defend ourselves. However, are dVPNs on the market up to this task? In most day-to-day cases, probably. But when it comes to the risks of sensitive financial transactions and delicate communications, we can never be too safe, so choosing the best VPN for your needs requires careful attention.

It is for this reason that NymVPN has developed its novel mixnet VPN mode, which anonymizes your traffic through 5-servers, to provide unparalleled protection for your most sensitive traffic. For all other use cases, such as ordinary browsing, users can easily opt for a much faster and still secure dVPN mode powered by WireGuard. NymVPN is not only the most private VPN resource, but also allows you to take your privacy into your own hands, choosing when you need maximal protection and when you need speed.

Share

Table of Contents

Keep Reading...

VPN-1.svg
NymVPN

Nym is more than a VPN

The first app that protects you from AI surveillance thanks to a noise-generating mixnet

7 mins read
Privacy-1.svg
Privacy

Decentralized VPNs vs traditional VPNs: all the differences

Decentralized VPNs aim to solve the trust problems in traditional VPNs. Learn about all the differences between dVPNs and regular VPNs.

10 mins read
Privacy-1.svg
Privacy

Do VPNs protect you from hackers? Experts answer

VPNs can be powerful tools in protecting us from hackers, but not all cyber attacks. dVPNs are even more effective.

10 mins read
VPN-2.svg
Privacy

Decentralized VPNs (dVPNs): What are they?

What decentralized VPNs are and how they are different from traditional ones.

9 mins read
VPN-screen.svg

INTRODUCING NYMVPN

Advanced privacy built for the age of AI

TRY FREE FOR 30 DAYS
Artboard 1.svg