ELI5 How does a VPN protect your data on a public network from hackers, if the data still has to go through the modem?
Imagine you’re sitting in a magical cafe and want to browse a website. You call him up, and the website sits down at your table.
You: Hey, Website! I want to see this image, could you describe it to me?
Website: Sure! It’s a kitten lying on its back with all paws outstretched. Its fur is spotted ginger tabby, and it’s lying on a green sofa.
You: Cool! Thanks, Website!
When someone wants to snoop on your data, they are essentially putting a mic on your table. It’s weak and doesn’t have a lot of range, but they can hear everything the Website tells you.
Now you’re using a VPN connection. Instead of Website, it’s the VPN Server sitting with you at the table over a nice cup of mint tea. Website is sitting at the next table near you.
The VPN Server speaks both English and Klingon. You now also speak Klingon because it’s a magical cafe.
You [in Klingon]: Hey, VPN Server! I want to see this image, could you describe it to me?
VPN Server, turning away [in English]: Hey, Website! This handsome fellow over there wants to see this picture, I need you to describe it.
Website [in English]: Sure, it looks like this: (…)
VPN Server, turning back to you [in Klingon]: It’s a kitten lying on its back with all paws outstretched. Its fur is spotted ginger tabby, and it’s lying on a green sofa.
You [in Klingon]: Cool! Thanks, VPN Server!
Now, the mic that someone put on your table can’t hear the conversation between VPN Server and Website, it’s too weak. And what they hear from your table is useless because it’s in a different language they first need to figure out.
“Tunneling” is when you switch to a different language and speak only to VPN Server, and they ask everyone your questions on your behalf. The different language is the encryption that VPN Server uses to be discrete.
Most popular sites you use, like Google, Facebook, Reddit, and Amazon, are already encrypted. If you’re using a public network, like at a coffeeshop, others can snoop and realize you’re using Reddit right now (because they can see you’re connecting to www.reddit.com), but they don’t know what you’re doing on Reddit (because the actual data is encrypted), and they can’t modify the data in any way.
However, some sites like CNN, eBay, IMDB, and Forbes don’t offer HTTPS encryption at all. Someone hacking your coffeeshop network can not only see exactly what web pages you’re looking at, they could even intercept the traffic and insert their own content, or their own ads.
With a VPN, you’re “tunneling” all of your connections, securely, to some other location, and making your Internet requests from there. Everyone on your public network only sees that you have a connection to that VPN host, and has no idea what you’re doing otherwise. They can’t see what sites you’re visiting, and even if you visit insecure sites they can’t see what you’re doing there or modify the content.
Communication from your computer to a VPN is encrypted.
Any website where you use the https protocol will also be encrypted, but many websites do not use https. Those websites where the protocol is http are just communicating with your web browser using plain text, which is readable by anyone who catches the packets.
Communicating with a VPN happens through an encrypted connection. So even if you’re using unsecured websites, the part of the communication that happens from your computer to the modem is encrypted.
Of course out there on the Internet, the communication between your VPN and that unsecured website will still be un-encrypted, but at least someone sitting in the same wifi network as you will not be able to catch that traffic.
This took me on a magical adventure. Thank you.
that is a fantastic analogy, I will be using that in the future. Thanks!