A VPN can help ensure your privacy online. A VPN can mask your identity by hiding your IP address, and protect your data through encryption. By hiding your data and activity from third parties, a VPN is a powerful tool that’s readily available to anyone. Let’s take a closer look at how VPNs work to protect your data and identity.
How do VPNs protect your data and privacy?
When you access the Internet, via your browser or an app, your request for content first passes through your Internet service provider (ISP). Your ISP is the entity that actually interacts with the Internet to find the content you’re looking for, and then returns it to your browser or app. By fetching content on your behalf, your ISP is in a position to take note of everything you do online.
The Internet and your ISP
This process is slightly different when you use a VPN. The VPN can take the place of the ISP for navigating the Internet to find your requested content. The VPN software on your device encrypts your request and sends it to the VPN server. This initial transmission still has to eventually pass through the ISP, but the only thing the ISP can see is that your traffic is going to a VPN server. The ISP can’t tell what the true destination website is. This encrypted leg between you and the VPN server is called a tunnel—you know traffic is moving through it, but you can’t see the traffic from outside the tunnel.
Routing traffic through a VPN server
The same thing happens when your requested content is returned. The VPN server encrypts it and passes it through the ISP to your browser or app. Again, the ISP can see you’re receiving data from a VPN server, but it can’t read the data or tell where the data actually came from.
The role of encryption in VPNs
When the VPN software on your device and a VPN server connect, they agree on an encryption key that only your software and the server know. It’s this unique and secret key that’s used to encrypt all your data and traffic requests—including website URLs—that pass through the tunnel.
However, while many VPN companies will use scare tactics about hackers and credit card theft, or drum up fear around public Wi-Fi networks, in reality most Internet traffic is already mostly encrypted via HTTPS. The real advantage of VPN encryption is that it fully encrypts the URL you’re requesting (meaning the ISP can’t read your ultimate destination as your traffic passes by), and serves as an encryption safeguard in case you’re dealing with a non-HTTPS website. A VPN can also work in conjunction with HTTPS in situations where HTTPS is not yet engaged (like if you initially connect to an HTTP website before being redirected), or when a website doesn’t properly apply HTTPS encryption.
Note that some mobile apps apply HTTPS selectively, meaning encryption isn’t guaranteed. Using a VPN on your phone can ensure that data traveling to and from an app is as well protected as when using a browser and an HTTPS website.
The strength of AES-256 encryption
Most reputable VPN providers will use an encryption called AES-256. AES stands for Advanced Encryption Standard, and 256 is the number of bits (basic units of computer data) in the key. That means the secret key that your VPN software and the VPN server agree upon is a string of 256 values, making it almost impossible to simply guess. AES-256 is considered an industry standard and is used widely in many different forms of cryptographic protocols including HTTPS.
AES-256 is also efficient because most devices have hardware acceleration, which means encryption and decryption happen relatively fast. And it’s used in many places in addition to VPN systems, like for transmitting and storing data, and communication.
Beyond encrypting unsecure HTTP websites, VPNs offer a few other security advantages.
Masking your IP address
Your IP address is how a Web server can find your device to deliver the content you want. IP addresses are distributed to ISPs who in turn assign them to their customers. Because they’re distributed geographically, even by itself an IP address offers some rough indication of your physical location. When combined with other identifying information gathered by other tracking means, an IP address can help to refine your digital profile.
IP address
By inserting themselves between the user and the website, VPNs conceal a user’s real IP address. Only the VPN knows your true IP address—the website you’re visiting can only see the IP address of the VPN server. This prevents the website from determining your true location and using that to decide what content to provide. It also prevents sites from tracking you during a visit, or across repeated visits.
Browsing history and online activities
When your Internet traffic passes through your ISP without the benefit of a VPN, the ISP can track every website you visit. This information can be used to build a profile of you, serve you targeted ads, and generally expand a sense of being trapped in the surveillance economy.
VPNs hide information about what sites you’re visiting (like the URL) as part of the encryption step. The ISP passes the encrypted data to the VPN server, but it can’t read the data as it passes through. Since it can’t log what it can’t see, your browsing activity stays out of the ISP’s tracking database.
The VPN provider, however, can see some of your browsing activity—it needs to in order to fulfill its function. This is why it’s important to find a VPN provider with a true no-logs policy (such as Brave Firewall + VPN).
A VPN can add an extra layer of encryption to fend off unwanted snoopers; mask your IP address to prevent others from tracking you or determining your location; and keep your ISP from collecting data about your browsing activity. But a VPN alone doesn’t protect you from all types of online tracking.
A VPN can’t keep cookies from identifying you on the web, and your browser details can still be used to build a digital fingerprint. You need other tools to block these attempts at tracking and identifying you. Fortunately, the Brave browser does just that, and when combined with its built-in Brave VPN, it can offer protection against online tracking and identification on many more fronts than a VPN alone.
VPNs aren’t perfect, of course. One common point of failure is called a DNS leak. There are several causes of DNS leaks, including substandard VPN providers, a faulty VPN setup, or lack of support for IPv6. Whatever the cause, the result is that your DNS requests revert back to using your default ISP instead of using the VPN’s DNS.
A killswitch feature in the VPN software detects when your connection to the VPN server is broken and immediately stops all online activity, rather than revert to using the ISP.
Are VPNs the same as private/Incognito browser windows?
Most browsers offer an option for opening a private window, or what Chrome calls an Incognito window. In a private browsing window, the browser promises that it won’t store information about your browsing session (like sites visited, search history, and cookies) on your device. This may sound similar to the protections from a VPN, but it isn’t.
The promise of a private or incognito window to not store data only relates to what data is stored on your device. Private windows keep your activity hidden from others using the same device, but offer no protection against outside data collection. You still have to use your ISP to locate content, so your browsing history is still trackable by your ISP. And your real IP address is still available to the destination website to use in their tracking activities.
How do VPNs affect access to online content?
Overcoming censorship and content blocks
Some countries censor the Internet content available to citizens by imposing their own Domain Name System (DNS) that only contains the Internet addresses for “approved” content. The ISP(s) inside the country must then use this censored DNS when fetching content for users. Censorship can be applied universally to anyone within the country, or on an individual basis, based on the user’s unique IP address.
Connecting to a VPN server located outside the country can circumvent the censored DNS, potentially allowing access to different DNS tables and thus more content on the Internet. The VPN server also masks your true IP address, so your activity can’t be controlled based on your IP address.
Enhancing your gaming or streaming experience
Streaming and gaming can both consume lots of data. If your ISP notices this on your account (i.e. by seeing lots of traffic to certain domains), they can take the step of throttling (basically limiting) your bandwidth. With a VPN, an ISP can still see your overall data usage, but they can’t tell specifically how you’re using it. This may protect you against the ISP applying automatic rules about data usage levels on specific websites.
Accessing region-specific content or services
Content providers can use IP addresses to apply geographic restrictions on who can access what content. By selecting a VPN server located in an approved viewing area, you may be able to access content that you might otherwise be blocked from enjoying. This can come in handy, for example, when you want to access your regular content while traveling.
Brave VPN: a comprehensive shield
As we’ve seen, a VPN can do a lot to enhance your privacy and security online. A VPN helps thwart the efforts of third parties to track your online activities, and can mask your true location. And it adds an extra layer of encryption protection to the data you transmit. A VPN is an excellent addition to your privacy toolbox, alongside other tools like ad blockers, tracker blockers, Safe Browsing, and malware protection. When used together, Brave browser and Brave VPN offer just such a fully stocked toolbox.
Brave Firewall + VPN pairs strong encryption like AES-256 and ChaCha20 with the routing protocols IKEv2 and WireGuard. These protocols work very similarly to protect users so that they can focus on browsing rather than fixing their internet so they aren’t being tracked.
Once you decide you want to use a VPN service, the next step is to choose a reputable, trustworthy VPN, one that meets your particular needs. For more on what to look for when selecting the right VPN for you, check out our detailed guide on choosing a VPN.