How a VPN connection works compared to a regular Internet connection

If you do not use a VPN and type in the browser address of the site, in a simplified form the following happens:

• 1. The browser (which in this case is the client) forms a query to the DNS-server to get the ip-address of the web-server where the site you are interested in is located. DNS-server (DNS literally - Domain Name System) is something like an address book, which contains clear and familiar to us domain names of sites, and their ip-addresses, consisting only of numbers.
• 2. Having received the ip-address of the web server, the browser tries to establish a connection with it. This is most often done using TCP (Transmission Control Protocol), which is responsible for making sure that the requested data is guaranteed to be received by the client. At this point, your browser receives confirmation that a connection has been established and further communication with the server is possible.
• 3. The browser sends a special HTTP request asking the server to provide data for displaying the page.
• 4. After the server processes the incoming HTTP request and sends a response with the requested content, the browser can display the web page on your computer screen.

The connection scheme looks simple and reliable, but there is a significant downside: it does not preserve privacy and is therefore potentially insecure. An ISP or service provider can track all of your online activity in real time; by analyzing this data, it can then sell it in anonymized form to advertising agencies. Government agencies can obtain this information upon request or by court order, depending on local laws. But the worst part is that your data can be intercepted by cybercriminals, after which they can gain access to your passwords, bank card numbers and other sensitive information. In this case, the damage, including material damage, can be quite significant.

Now let`s take a look at how a similar request to the site will look like if you use a VPN:

• 1. Launching a VPN client (it can be an installed application or browser extension), you connect to the VPN server, after which the VPN client creates an encrypted tunnel to the VPN server through which data will be sent.
• 2. When you type the domain name of the website in your browser, your request is encrypted and sent through the secure tunnel to the VPN server.
• 3. VPN-server decrypts the received data, substitutes your original ip-address for its own, and forwards the decrypted request from its ip-address to the web-server where the site you are interested in is located.
• 4. Then the same actions are performed as in the case of Internet connection without VPN: address to the DNS-server, establish a connection to the web-server and send an HTTP-request. These steps are described in the previous section.
• 5. After receiving the response from the web server, the VPN server encrypts it and forwards it to you through a secure tunnel.
• 6. The VPN-client on your device decrypts the response, after which the browser visually displays the data received from the web-server (renders and displays the page on the screen).

As you can see, the connection scheme has become much more complex. Thanks to this, vulnerabilities related to the lack of privacy have been eliminated:

• No one, including your ISP, knows what data you are exchanging with the web server. This data is encrypted, and without encryption keys in place, it is unreadable information garbage.
• Neither your ISP nor the web server has the ability to determine your real ip address, so you can avoid a targeted attack on your real ip address. In addition, you can use services that are not available in the country where you are located.