A Virtual Private Network (VPN) is fast becoming the preferred method of secure connectivity between sites, for example, Head Office and a Branch Office. In essence a VPN, sometimes called a tunnel, is a private network running over the Internet. It keeps your web activity secure and private while operating over the Internet. It provides Online Security if properly configured, and can limit access to authorised users only.
It operates in two basic modes. The first is a mechanism to allow mobile students and workers to access their work or study systems from anywhere, providing Online Security even when using public WiFi networks and the Internet.
The second is to use a VPN to hide your personal Internet usage from prying eyes, and to evade geographical restrictions on accessing material, and potentially government censorship. Another use is to allow anonymous peer-to-peer downloads using torrent technologies to avoid being visited by the copyright police. Finally, there is the privacy advocate who, as a matter of principle, wants everything they do on the Internet as private as possible.
If we look at the various aspects of VPNs and Online Security in turn.
First, changing your geographical location. A VPN operates by both ends of your tunnel connecting to a VPN server. That server can be a public or private server, and need not be in the same country or even continent as you. For example, an Australian user could connect to a US VPN server, and from there to Netflix. As far as Netflix is concerned, the user is in the US and allows access to the US version of Netflix, an access which would normally be blocked. There are efforts to stop this use of VPNs, and it might not always be possible.
That approach could also allow you to evade Government blocks on viewing some websites, although that could be a lot trickier to do. All they need to do is to block connections to known VPN servers.
In summary, you will have no problems using a VPN to avoid passive surveillance of your Internet use. Bear in mind though it will not prevent advertisers collecting information about you. That information is gathered from a website, and is unaffected by whether you use a VPN or not. Note also that a VPN will not provide much protection against the activities of an active and perhaps hostile government.
For study or business users, the technique is slightly different since you will be connecting, not to a VPN server, but to your college or business server.
Simply put, what happens is that your device, either a PC or mobile smart device asks to connect to your remote server. The remote server asks your device for some authentication credentials, and if ok, sets up a tunnelled connection. The credentials are provided by a bit of software on your device (the VPN client), either automatically or on request. They are often a user-id/password pair.
The data transmitted between your device and the server is encrypted, sometimes twice and is therefore hopefully immune from spying.
A quick word or two about how a tunnel works and encryption.
The basic technique used in tunnelling is to hide the real data inside another bundle of data, called a packet. The outer packet carries routing information to allow the packet to travel through the tunnel to its endpoint. When it reaches the end of the tunnel, the inner packet holding the real data is extracted from the outer packet, and its routing information is used to deliver it to the final, real destination.
The inner packet data is usually encrypted, and the outer packet only has open headers to allow routing to take place. Data travelling over the public networks cannot be read without the proper decryption keys, which ensures that data can’t be read or changed as it travels.
In terms of security and authentication, there are two main considerations, particularly when using a web-based VPN. As noted above there is a two-step process. The first is establishment of the VPN tunnel itself. This is generally automatic, and is a negotiation between the client and the server. The next step is authentication of the user, often through a user-id/password combination. In more secure environments, other authentication techniques might be used, for example, exchanging key pairs, a challenge/response process, or even authentication using a smartcard, dongle or a biometric device.
In general, the usual rule applies to VPN applications, free means more insecure than paid, and work out what you want before you buy. Some applications are better at providing access to VPN servers in a large range of countries, some are better at preventing tracking and logging, some better at encryption.
Use the Internet, with or without a VPN, to look at the range of options available.