The Virtual Private Network

The VPN consists of software V on your private machine (lap top, smart phone, …) which uses Internet to displace Internet. While V is running, Internet bound data sent by other programs on your machine is routed thru V which includes the destination with the data, encrypts that, and sends it off on the real Internet to some VPN provider that you have chosen. That provider decrypts the packet, and forwards the original data to the originally specified recipient, over Internet. Replies from the recipient are returned to the provider which is the only address the recipient knows to reply to. The recipient has kept track of this flow, encrypts the results and sends it to V in your machine, which decrypts the data and delivers it to the app expecting a reply.

VPNs were originally designed to serve institutions with firewalls. The ‘provider’ above was a computer within the firewall and the program V ran on a machine used by an employee when he was outside that firewall. The employee thus had internal access but limited by the firewall.

If some eavesdropper examines the traffic from your machine he sees encrypted traffic to and from the VPN provider. He sees packet sizes and timing. If he has global reach he may correlate this traffic with the traffic between the provider and the recipient. This is harder than it seems especially if the provider inserts some random delay before forwarding.

The VPN provider will be of special interest to various intelligence agencies. I believe it is technically feasible to provide this service securely, but it is a challenge.

EPIC recommends some VPN providers.