ELI5: how does a VPN work? What is the difference of a proxy, VPN and Tor?
A proxy is where you send your traffic through a 3rd party instead of being sent directly. Lets say that you want to get a package sent to your house, but you don’t want the sender to know where you live or you don’t want your parents to see it when it is delivered. You could instead make arrangements with a friend to have it sent to his house instead, and for your friend to forward it to you. In this case, your friend is serving as a proxy. This can have the advantage of keeping you anonymous^1 , hiding where you live to the sender (or anyone who sees your package in transit between the sender and your friend), and for you to get around certain restrictions (parents can’t block it).
A VPN (virtual private network) is a persistent secure/encrypted connection over an unsecured network. Lets say that you send letters via ‘snail mail’ to you friend, and you’re worried about it getting intercepted and read. However, you combat this vulnerability of the unsecured mail network by scrambling your messages in a way that only you and your friend can know how to unscramble. This is equivalent to a VPN. Someone in between you and the other end can intercept your messages, see where it came from and where it’s going, but wouldn’t be able to unscramble your messages (assuming you use a good method of scrambling/unscrambling them).
Usually, when people talk about a VPN, they’re talking about a VPN that’s also a proxy server. In this case, the message is received by the friend from the sender, and then scrambled/encrypted and sent to you. Conversely, if the message goes the other way, it’s scrambled/encrypted by you and sent to the friend, unscrambled/decrypted by the friend and forwarded to the recipient. With this setup, someone who intercepts the package between you and your friend can know where you are, but not to where your sending (if outgoing) or where it came from (if incoming), nor would they know what the message is (because it’s scrambled). Someone who intercepts it between your friend and the other person would see who that other person is, but not who are. They would be able to see what the content of the intercepted message is, since your friend had to unscramble it so the end party could understand what they mean. That is, of course, unless you and the end party you’re sending to receiving from have mutually decided to scramble the message too.
So this is what sending with using a VPN as a proxy looks like:
You ------[encrypted]---------> Friend -------[decrypted]-------> server
So this is what receiving with using a VPN as a proxy looks like:
You <------[encrypted]--------- Friend <-------[decrypted]------- server
Keep in mind that your friend will have the ability to know everything: who/where you are, who/where the other party is, and what the content of the message is (unless you and the end party mutually decided to scramble it, which is equivalent to using HPPTS instead of HTTP). So you better trust this friend if you’re going to send anything sensitive through him. For this reason, I recommend not using free VPN/proxy services. You can get a reliable VPN/proxy service for ~$40/year.
Tor is basically a network of public servers that partially decrypts your message as it sends it from Tor router to Tor router. That way, while the first/last Tor routers will know some information, such as knowing where it’s going, where it came from, or what the decrypted message is (if you and the end party don’t mutually agree to encrypt it), no single one of them will know all of that information.
EDIT: This is what using a VPN as a proxy looks like when connecting using an https connection:
You ------[encrypted][encrypted]---------> Friend -------[encrypted]-------> server
You <------[encrypted][encrypted]--------- Friend <-------[encrypted]------- server
In this case, the message is scrambled between you and the end server, but that scrambled message is being scrambled again between you and the friend/VPN. This way, not even your friend/VPN could know what the message is (assuming the encryption is good enough), because even the message he unscrambles is still a scrambled message. It also provides encryption all the way to the end server, whereas using a VPN/proxy only encrypts between you and the proxy/VPN. This is why I recommend that people use https, which encrypts your traffic between you and the website you’re accessing (e.g., reddit.com). While not every website supports https, almost all major websites do. There are browser extensions, such as HTTPS Everywhere, that makes your browser try to use https by default.
For those wondering, this is a good explanation for how one type of encryption works, keeping any interceptors from being able to unscramble the message even if all the information exchanged is intercepted.
^1 except if you give the sender information that can identify you, such as credit card information, email address, etc)
Proxy: all your web transactions go through a proxy server that’s normally hosted on your own local network or on a trusted network. The proxy is the one who actually connect to the sites that you’re visiting and relay the results back to you. Typically there’s no additional encryption involved. Proxies may or may not employ data caching and history logging.
VPN: somewhat like a proxy, with a few differences:
- There’s a “proxy” on both ends of the connection, and the communication between then (normally over the Internet) is supposed to be encrypted.
- It is not restricted to web transactions. Many types of network protocols are usually supported. Unlike the proxy, a VPN isn’t “aware” of what kind of services are being accessed, it only sees a stream of random bytes. Therefore caching and logging wouldn’t be available.
TOR: you might say it’s like a VPN, however, both ends aren’t supposed to know the IP address of each other.
- Data streams passing through a TOR network get routed by several hosts (typically 4) before reaching its destination. This chain of hosts between both ends of a connection is known as a circuit.
- When you connect to a TOR network, at least one circuit is established by your TOR client software and all your transactions go through them.
- When a circuit is created, your TOR client receives their IP address one encryption key from each host. When each host become part of your circuit, they create a new public/private key pair and send the public one to you. The private part is kept securely stored.
- When you’re about to send information through the TOR network, your TOR client encrypts the data packet several times, one for each host on the circuit with its corresponding public encryption key. This layered encryption scheme was the inspiration for the name The Onion Router.
- Each host that is about to relay your data packet decrypts it with its own private encryption key counterpart. At this point it unwraps the IP address of the next destination and relays the partially decrypted packet forward on the chain.
- The last host on the chain is the one who will make the last decryption pass on your data packet and relay it to its final destination.
This is only a guess as I’m not really experienced in this realm.
A proxy is simply a single PROXY server that you route your data through.
A VPN is a private network you route your data through, something that isn’t as obvious as a proxy
TOR is built upon some software but connects specialized nodes across the world. It’s pretty much a sub internet hidden through various technologies.
VPN is a virtual private network. it creates an encrypted sub network where members of the sub networks can talk to each other securely, even though each member is on a public network that is not inherently secure.
a byproduct of VPN is that if you are a member of the subnetwork, your outbound traffic looks like it’s coming from the subnetwork host, rather than your actual host. in this regard, the VPN is acting as a proxy. when you make a connection to XYZ service, the origin of the traffic will be the VPN host, rather than your actual host.
Tor is a seperate routing mechanism. instead of the traffic going to XYZ service coming from VPN host, it runs thru a number of random Tor network nodes and comes out somewhere else. randomly. One request will have you coming out of US, the next one Ukraine, the next one Brazil, etc.
Can you show a flow of a VPN without a proxy? Super informative fyi
Can you show a flow of a VPN without a proxy?
Do you mean a VPN that isn’t being used as a proxy? If so:
Sending:
You ------[encrypted]---------> Friend
Receiving:
You <------[encrypted]--------- Friend
It should be noted that this private/encrypted tunnel is running on top of network (the mail system). The message may go through your local post office, to a regional post office, to your friend’s local post office, before getting to your friend. However, the VPN creates a virtual ‘tunnel’ that simplifies the connection to be the above while providing security.
A lot of people who work from home (or while traveling), yet work with confidential information, use VPNs to access machines at their workplace.