How does a VPN work?

How does a VPN work?
(Image credit: Shutterstock)

More and more people are using virtual private networks (VPNs) to improve their online security and privacy – which isn't surprising when you consider how many opportunistic cybercriminals are out there. VPNs encrypt your personal data, secure the Wi-Fi networks you use, and even protect against hackers.

That's not all, though – the best VPNs also allow you to unblock geo-restricted online content, stop bandwidth and data throttling, find the cheapest deals on the internet, and so much more. However, you might still be wondering how a VPN does all of this – and you're not alone.

VPNs use a lot of crucial tech, like encryption and protocols, that you might not be familiar with (unless you’re an undercover tech expert). Here, I'll explore how VPNs work and suggest a few of my personal favorites.

Written by
River Hart Tech Software Editor
Written by
River Hart

River helps take care of cybersecurity content on Tom's Guide – ranging from breaking news pieces, reviews, and buying guides.

Top 3 VPNs in 2024

1. My #1 VPN overall: NordVPN

1. My #1 VPN overall: NordVPN

NordVPN is super secure, fast and unblocks just about every streaming service you can think of. All this, plus all its added extras makes it the best VPN overall.

You can choose to just sign up to the VPN, or upgrade your subscription to give you an internet security suite, with secure cloud storage, a password manager and even cyber insurance. You'll also get a 30-day money-back guarantee on all plans, and if you subscribe now you'll even get a free Uber Eats voucher – tasty.

2. The best VPN for beginners: ExpressVPN

2. The best VPN for beginners: ExpressVPN
ExpressVPN is great for those new to VPNs, with apps that are easy to use. It can also unblock any streaming platforms you can think of, and has great connection sppeds.

Though it's not the cheapest VPN available, you can try ExpressVPN for yourself with a 30-day money-back guarantee, and bag an extra 3 months free, and a year of free backup software from Backblaze, when you sign up for a 12-month plan.

Save 49% on ExpressVPN's 12-month plan

3. Our top pick for a cheap VPN: Surfshark

3. Our top pick for a cheap VPN: Surfshark
Surfshark gives you excellent privacy and super fast connection speeds for a very friendly price, making it a great choice for you if you're more budget-conscious.

Not only this, but it offers servers in 100 countries, allowing you to access your favourite content no matter where you are. Plus, it's currently costs just $2.29 per month, with 2 months free.

What does a VPN do?

There are a lot of VPNs available on the market, but they all work in pretty much the same way. As I mentioned earlier, VPNs are software-based tools that provide an end-to-end encrypted tunnel between your device and a VPN server. This routes your traffic away from your internet service provider's (ISP) servers and through its own.

In this tunnel, any web traffic sent to and from your computer is encrypted, all the time. A VPN will also hide your internet protocol (IP) address. This means that cybercriminals, government agencies, your ISP, and other nosy third parties won’t be able to intercept your personal data, track what you're doing online, or determine your location.

It's also worth noting that VPNs know how to have fun, too. Most services have a global network of servers – connect to one, and you can spoof your location to bypass geo-restrictions and unblock online content that would normally only be available in a specific country. I'll cover this topic in more detail a little later – but, basically, VPNs are a streamer's best friend.

What is VPN encryption?

One of the most important functions of VPNs is their ability to encrypt personal data and web traffic. Using encryption technologies, VPNs ensure that credit card numbers, passwords, messages, transaction history, browsing data, and other sensitive information travels through an encrypted tunnel in undecipherable code.

How does this work in practical terms? Well, if you log into your email account, the request will be communicated to the VPN service. After establishing a connection between your device and the VPN server, the VPN then sends your login request to the VPN server through an encrypted tunnel.

Once your request lands on the VPN server, it sends the data to your email provider's server, still encrypted. The email grants the request and returns the data back to the VPN server. At this point, the VPN server also re-encrypts the data and sends it to the VPN service, where the data is deciphered and passed on, finally, to your device. It's sort of like a digital relay race – and your data is the baton.

This might seem like a long and complicated ordeal, especially as your data is encrypted and decrypted at every step of the process, but Surfshark points out that every step "happens in a second" – and sometimes "in a fraction of a second" if you have a fast internet connection. Plus, the majority of VPNs use one of the most robust encryption methods available: AES-256. 

How does a VPN work?

What are VPN protocols?

Another important piece of the VPN puzzle are the protocols. Essentially, they're commands and processes that decide how web traffic travels from one server to another within an encrypted tunnel. 

There are lots of VPN protocols out there, but the most common are: 

  • Secure Sockets Layer (SSL)
  • Transport Layer Security (TLS)
  • Point-to-Point Tunneling Protocol (PPTP)
  • IP Security (IPSec)
  • Internet Key Exchange (IKEv1 or IKEv2)
  • Layer 2 Tunneling Protocol (L2TP)
  • WireGuard
  • OpenVPN

VPN services are constantly evolving, though, and protocols become outdated as quickly as new ones enter the picture. NordVPN believes every protocol is imperfect, explaining that "each may have potential vulnerabilities, documented or yet to be discovered, that may or may not compromise your security".

Unpacking protocols

NordVPN says every protocol provides a "different solution to the problem of secure, private, and somewhat anonymous internet communication". 

Most of today's top VPN providers use OpenVPN and WireGuard as their protocols of choice seeing as they’re highly secure and generally pretty fast. VPNs allow users to switch protocols too – so, if you prefer one over the other, it's not a problem. All you'll need to do is head into the settings menu of your VPN app and make your choice.

Being aware of these different protocols is important because they often determine the overall speed, security, and privacy of your VPN service. Using an outdated VPN protocol could put your data at risk.

Basically, OpenVPN, WireGuard, and proprietary protocols like ExpressVPN's LightWay and Hotspot Shield's Catapult Hydra are widely regarded as safe, with IKEv2 also being useful for mobile VPN apps. Other protocols have their uses, sure, but if you're using a modern VPN (and you want the best balance of speed and security), you'll want to stick with these tried and tested options.

How do VPNs unblock streaming sites?

VPNs can do way more than just encrypt your data, however. You'll also be able to access all sorts of streaming platforms, and their region-locked libraries, without being hampered by pesky geo-restrictions. 

Want to learn more?

Check out our guide to the best Netflix VPNs to see which provider is your best streaming buddy. 

The how is pretty straightforward. Most premium VPNs have thousands of servers dotted across the globe. Take your pick of these servers, connect to one, and you'll be given a new IP address based in that same location. This is what fools sites into thinking you're there, too, and means you’ll be able to access country-specific services.

For example, if you're in the UK and want to check out what’s on US Netflix, you'll need to connect to a VPN server in the US. Then, reload Netflix, and the site will see that you're connecting from a US IP address and think you're in the States, too. You'll be served up all the best American Netflix content on a platter – simple. 

How VPNs work – in a nutshell

A VPN redirects your traffic away from your ISP's servers, sending it through its own servers, instead. At the same time, the VPN encrypts the traffic, ensuring that nobody can read it even if it's intercepted.

VPNs use several protocols to transfer your data, with OpenVPN and WireGuard considered today's gold standards.

While VPNs primarily protect your sensitive data, plenty of people use them to unblock streaming content from around the world, too. This is possible thanks to global networks of servers, owned by a particular VPN provider. You can join a server overseas, be assigned an IP address in the same location, and trick sites into thinking you're physically, there, too.

Tom's Guide VPN rankings

There are a lot of VPNs on the market – and putting them all to the test would take more time than anyone realistically has. Luckily, that's exactly what we do here at Tom's Guide. Me and the rest of the team have ranked the industry's top providers (and some honorable mentions) in the table below.

Swipe to scroll horizontally
ProviderHeader Cell - Column 1 Summary
1. NordVPN⭐⭐⭐⭐½An all-in-one security solution that can't be beaten when it comes to sheer speed and ease of use.
2. ExpressVPN⭐⭐⭐⭐½Handy automations and one-click connect make ExpressVPN a great pick for beginners.
3. Surfshark⭐⭐⭐⭐½The best budget-friendly VPN available today, jam-packed with features and able to unblock most streaming sites.
4. Private Internet Access⭐⭐⭐⭐½Ideal for Linux users, thanks to a dedicated GUI, and a no-logs policy that has been proven in court twice.
5. Proton VPN⭐⭐⭐⭐A staunch champion of digital privacy, Proton VPN offers battle-tested security tools and a reliable free plan.
6. CyberGhost⭐⭐⭐⭐A speedy service with sleek apps for all devices, and a solid all-rounder that won't disappoint.
7. Windscribe⭐⭐⭐⭐If you're looking for a free plan, Windscribe delivers with tough encryption and a lightweight Chrome extension.
8. IPVanish⭐⭐⭐⭐IPVanish can't quite keep up with my top picks, but still packs a punch when it comes to safeguarding your day-to-day browsing.
9. Mullvad⭐⭐⭐⭐Although it's not a great pick for streaming, Mullvad is a privacy-oriented VPN and a cornerstone of the industry.
10.⭐⭐⭐⭐With plenty of settings to customize, stylish apps, and fair prices, is a VPN you'll want to keep an eye on.


How do VPNs keep me safer online?

So, a VPN boosts your security when you're online by encrypting the data you send, keeping it safe from prying eyes. Your ISP can see that you're connected to a VPN (or, at least, that you’re connected to an encrypted server somewhere), but the data traveling through its systems will be encrypted, so the ISP won't be able to make any sense of it.

As a result, your ISP won't be able to leverage your data for its own ends – like selling it on to advertisers or giving up details to authorities if requested.

VPNs can also keep you safe when using unsecure public Wi-Fi hotspots – the kind you find in hotels, cafes, and airports. These hotspots are handy, sure, but they lack security measures, making them hotbeds of cybercriminal activity. With a VPN, though, your data will remain encrypted and unreadable to nefarious hackers.

Are VPNs illegal?

The short answer is: no. VPNs are perfectly legal in the vast majority of countries – but there are a few exceptions. Some regimes have banned VPNs, with China being the obvious example that springs to mind, but even in this case, it's unclear how this might be enforced, particularly in the case of, say, a traveler using a VPN when visiting the country. There are no reports of any visitor ever being arrested for using a VPN in China.

The main takeaway here is that any activities that are illegal when you’re not using a VPN are still illegal when you are

What can’t a VPN hide?

A VPN can keep your internet traffic safe from snoopers, but there are a few things that it can’t disguise entirely – like the device you're using. Sites can use browser fingerprinting to collect data about your operating system and browser type to pinpoint your device type.

What's more, your VPN provider itself can, potentially, check out what you do online. Some services log your activity – which, obviously, is less than ideal. To avoid this, you'll need to choose a secure VPN that sticks to a no-logs policy – which prevents it from holding on to information about your browsing.

How do sites know I’m using a VPN?

The IP addresses that a VPN gives you, when you connect to one of its servers, are shared amongst its user base. That means that you could, in theory, be assigned the same IP address as someone else. The shared nature of these addresses means that some sites have wised up to the fact that they belong to VPNs – and then, unfortunately, they block them.

This isn't always the case, though, seeing as most sites won't care too much if you’re using a VPN. Besides, blocking, banning, or otherwise acting against everyone with a VPN would be a massively expensive and time-consuming process.

Edited by
Headshot of Tom's Guide VPN Editor Mo Harber-Lamond
Edited by
Mo Harber-Lamond

I've been in charge of Tom's Guide's VPN articles since 2020, and in that time I've helped test and review over 100 VPN providers for both Tom's Guide and TechRadar. I strongly believe that privacy, price, and ease of use all go hand in hand to make the very best VPN. 

I've covered cybersecurity and tech in TechRadar, T3, and What Hi-Fi?, and you'll also find my work in titles from Watkins Publishing, and even the halls of the Metropolitan Museum of Art.


We test and review VPN services in the context of legal recreational uses. For example:

1. Accessing a service from another country (subject to the terms and conditions of that service).

2. Protecting your online security and strengthening your online privacy when abroad.

We do not support or condone the illegal or malicious use of VPN services. Consuming pirated content that is paid-for is neither endorsed nor approved by Future Publishing.

River Hart
Tech Software Editor

River is a Tech Software Editor and VPN expert at Tom’s Guide—helping take care of VPN and cybersecurity content, publish breaking news stories, and ensure all of our VPN testing is as accurate as possible. When they’re not following the ins and outs of the VPN world, River can be found plugged into their PS5 or trekking through the Welsh countryside in a very practical, but unfortunately unfashionable, waterproof jacket.