Episode 1 — Fundamentals / 1.4 — Understanding HTTP and HTTPS
1.4.g — How VPN Works and “Accessing Restricted Content”
In one sentence: A VPN (Virtual Private Network) creates an encrypted tunnel from your device to a VPN server, then sends your internet traffic out from that server’s network location — which can bypass local blocking, change your apparent region, and hide traffic from a local ISP — but it is not a universal invisibility cloak.
Navigation: ← 1.4.f — Proxies · ← 1.4 Overview
1. What a VPN Actually Does
At a high level:
- Your device runs a VPN client that connects to a VPN server using a VPN protocol (WireGuard, OpenVPN, IKEv2/IPsec, etc.).
- The OS gets a virtual network interface (a “tunnel”).
- Packets destined for the internet are encrypted and sent to the VPN server.
- The VPN server decrypts and forwards them to the real destination.
[ You ] ~~~~ encrypted tunnel ~~~~ [ VPN server ] ---- normal internet ---- [ Website ]
(ISP sees: "VPN traffic") (website sees: VPN server's IP)
2. What a VPN Helps With (Honest List)
| Goal | How VPN helps |
|---|---|
| Bypass local blocking | If your school/work/ISP blocks a site locally, routing through a VPN may escape that blocking path |
| Change apparent location | Services that geo-restrict by IP may see the VPN exit region |
| Protect traffic on untrusted Wi‑Fi | Encrypts traffic between you and VPN server against local eavesdroppers |
| Hide browsing from ISP (partially) | ISP sees encrypted tunnel to VPN provider, not final sites (mostly) |
3. What a VPN Does Not Guarantee
| Limitation | Why |
|---|---|
| Not “full anonymity” by default | The VPN provider can see your traffic unless you also use additional protections; you shifted trust from ISP → VPN |
| Doesn’t stop tracking inside HTTPS sites | Cookies, logins, fingerprinting still exist |
| Doesn’t bypass all blocks | Streaming providers block known VPN IPs; some countries block VPN protocols |
| Doesn’t make illegal activity legal | Policy/law still applies |
| DNS leaks / WebRTC leaks | Misconfiguration can expose your real IP or DNS path despite “VPN on” |
4. VPN vs Proxy vs HTTPS (Different Layers)
| Tool | What it secures / changes |
|---|---|
| HTTPS (TLS) | Encrypts a single connection to a website (application layer) |
| Forward proxy | Routes application traffic (often HTTP) through an intermediary; may or may not encrypt to the proxy |
| VPN | Tunnels IP traffic (many apps) through an encrypted tunnel to an exit |
You can combine them: VPN + HTTPS is common.
5. “Restricted Content” — Three Different Mechanisms (Important)
People say “VPN unlocks content,” but the mechanism depends on the restriction:
- Network blocking (school/work firewall) — VPN can work if the VPN itself isn’t blocked.
- Geo-licensing (streaming catalogs) — VPN changes exit IP region; providers often fight VPN IP ranges.
- Legal / contractual restrictions — technical bypass doesn’t imply permitted use; terms of service may forbid VPNs for circumvention.
This curriculum teaches mechanisms, not circumvention advice — understand the technology and respect laws and contracts.
6. Corporate VPN vs Consumer VPN
| Type | Typical purpose |
|---|---|
| Corporate VPN | Remote access to private company networks (internal IPs, internal apps) |
| Consumer VPN | Privacy/geo routing/general internet exit through vendor infrastructure |
Same underlying idea (tunnel), different trust model and routing rules.
7. Key Takeaways
- VPNs tunnel IP traffic to an exit server; the internet often sees the VPN server IP.
- They can bypass some local blocks and change some geo behaviors.
- They move trust from ISP to VPN provider — choose providers carefully.
- HTTPS still matters: VPN encrypts to the VPN exit; HTTPS encrypts to the website (different segments).
Explain-It Challenge
- What does your ISP see when you browse HTTPS without a VPN? With a VPN?
- Why might a streaming service block VPN IP ranges?
- What is a DNS leak in one sentence?
Navigation: ← 1.4.f — Proxies · ← 1.4 Overview