I’m currently using one to bypass the Great Firewall of China (OpenVPN and SSL secured; no idea what that means), but I’d really like to know how it actually works and what it means for my online anonymity.
You have a direct connection to someone’s network that exists outside of the reach of China’s firewall. We’ll call that the Host. The connection is encrypted and is presumably secure (unless China somehow obtained the private encryption key used by the server).
When you make a request for anything on the Internet, it gets encrypted on your computer and sent across the network to the Host. The Host decrypts it and then forwards your request out to the Internet. When it gets a response back, it encrypts it and sends it back to you. The Host acts like a middle man basically.
Your data should be secure, so from that perspective you have anonymity from the Chinese government looking at your requests. However, they do know that you made a connection from your computer to the Host so they could decide to block that connection one day. Also, the Host sees every request you make so you do not have much anonymity there. If you go to secure websites (HTTPS), then the Host cannot see the information in your requests. Otherwise, they can read all of it.
Anyone can see that you have a connection. What is being transmitted, however, is encrypted. In order for a third party to understand that data, the encryption would have to be compromised. Depending on what type of encryption you’re using, that’s either somewhat simple or almost impossible.
So LI5: I can see where you’re coming from, and where you’re going, but I can’t tell what you’re doing.
Hmmm…like you’re 5, you say…
Well, this gets down to the nitty gritty of how networks and encryption work if it’s genuinely explained, so we’ll avoid that. I can, however, answer your pointed questions and give you an idea of how it works.
-
Am I actually anonymous? In a word, yes…with regards to the information that you transmit, and assuming the trustworthy nature of your VPN provider, you’re pretty anonymous. Your internet service provider can see that you have a connection to your VPN provider, and they can see the data flowing back and forth between you and the VPN provider. However, due to SSL, the data they see is garbage without the proper keys, which they should not (some would say can not) have.
-
…untraceable? Well, as stated above, they can see that you’re talking to a VPN provider. Beyond that, the only way to trace your activities is from one end or the other of the VPN connection. This means they need to get to your computer to watch what you’re doing, or they need to get to the VPN server and watch what you’re asking it to do. Neither is trivial.
-
What’s SSL? Secure Socket Layer, it stands for. It basically means your data is encrypted, which means that no one but you and the person sending it know what’s actually in it. To the rest of us, it looks like scrambled garbage. The basic form is such:
a. You have two keys, public and private. So does your VPN provider.
b. The two of you exchange public keys over the unsecured network. It doesn’t matter who sees the public key.
c. You scramble the data you want to send to your provider with their public key; they scramble data they want to send to you with your public key.
d. Your private key, which you didn’t share, is the only key that can unscramble data that was scrambled by your public key. Ditto for theirs - info you scramble with their public key can only be made legible again by their private key. The math is big and scary; the idea is not so hard though.
Theoretically, you can’t be traced if you’re using OpenVPN just based on the operating principles of the software. However, there are some ways you can be traced:
-
If the OpenVPN server you’re connecting to is logging your connections, then the governing authority in the country where the server is operating could probably establish who you are if the server’s operator either got subpoenaed or the server got confiscated and the logs pored over. And that’s if the server is logging its connections. Now, seeing as to how you’re using a VPN to defeat a Chinese firewall and the server you’re using is probably in a Western democracy, this scenario doesn’t seem very plausible from a political standpoint.
-
A piece of malware could be running on your computer that reports your activities to a company, or more likely, the Chinese government by directly communicating with a server, bypassing the VPN. This scenario is the far more likely one. Fortunately, you can protect yourself against this by firewalling your machine and only allowing outgoing connections on specific ports, and always keep an eye on which applications are requesting internet access.
When you are connected to the Internet without a VPN then anytime you communicate with another computer (like a webserver that sends you a webpage) someone else could look at what server you connected to, what you sent them, and what they sent you. Even if you connect to that server using https (an encrypted link) they could still see that you requested something from that server and that it responded back to you.
So instead you first make a connection to a VPN. The VPN then acts like a pipe. Any request you make to a webserver for a webpage gets stuffed into the pipe at your end and then pops out the other end of the pipe at the VPN server. If someone is watching you all they can see is the exterior of the pipe. They can’t see what’s inside the pipe. They cannot see that you made a request to the webserver. So the Chinese leaders cannot see what webpage you are requesting.
The webserver does not see the request as coming from you. Instead it sees the request for the webpage as coming from the VPN server. So it sends the webpage to the VPN server. The VPN server then stuffs it into the pipe. The webpage then pops out the other end of the pipe at your computer. The Great Firewall never blocks the request because it did not come from your computer - it came from the VPN server that isn’t located in China!
Your only risk comes from the logs of activity at the VPN server. They could record everything you do if they wanted. If the Chinese government then demanded those records you could be in big trouble. Most VPN servers however do NOT keep these kinds of records. TorrentFreak just did a survey of the different providers and specifically asked them about this. The results are here.
HI. Actualy VPN allows you to by pass all the censorship so you can have the access to your desired locations or to all the websites you want by keeping your self untraceable. your data and all the transmission will be passing through secure tunnel specially if you have Open VPN and SSL. they both are highly secured protocols. they provide excellent encrypted service that could really add essence to your motive of being hidden throughout the time you romance with internet. To get vpn account you need to interact with vpn providers. once you purchase any vpn account so that provider will send you an email notification attached all the credentials to get the complete idea that how vpn works.
For further assisstance i suggest you to visit Bestvpnservice.com and get huge details about the best vpn providers and also get the idea which providers provide ssl and open vpn because not all of them provides that facility. hope that info helps you
I’ll try to ELI5 this.
You have a letter you wish to deliver to Susan, who’s in another school. You don’t want anyone to know you’re talking with Susan (because you’re weird like that). Susan has a classmate, Jane, that you don’t mind talking with in public. So you write your letter in a code that only you and Susan know and hand it off to Jane.
Your connection with Susan is now using Jane as a VPN. Even if the letter (your data) gets lost or stolen, nobody else can use it because it’s in a secret code (encrypted - possible using SSL).
As far as anonymity… Nobody knows you’re talking with Susan except Jane. Someone could follow the letter from Jane to Susan and know that they talk but they’d have no idea that you were involved. (You’re not completely untraceable, just more difficult to trace).
Somewhat off topic, will I notice a difference in performance by doing this?
Help me out with another one if you could:
I was downloading a movie on my home network on a weekend. I connect to my work VPN to remote into my computer to get some work done. I get a copyright infringement notice from the work network. How on earth are they monitoring my home network traffic while I’m connected to their VPN?
Nice ELI5 although it’s slightly wrong, the SSL encryption is between you and the VPN device, not the whole internet. If you go to a public website such as http://google.com (Susan) then it is not coded, except google thinks the request has come from the VPN Provider (Jane) not you. As tiaxanderson says it’s an encrypted tunnel in which the exit is at the VPN provider. The Exit can’t move. If the VPN provider was in sweden, then it is as if your whole computer had been transported there and as such you would be redirected to swedish content http://google.se ,etc.
So in ELI5 terms…
Just to add, every other classmate speaks the same language.
Regarding anonymity: Susan won’t know the letter is from you. Jane translates your secret code into English and signs her name on it. Then she hands them to Susan who writes a response. Susan (thinking the letter was from Jane) gives her reply back. Jane now translates Susan’s English letter back into your secret code and gives you the response.
- Anonymity issues
When you have written your letter [data] in a secret code that only Jane knows, people won’t be able to understand the contents, however they can see that you are swapping coded letters and can get suspicious. It could be an offence depending on where you live to write letters in code. [See Pakistan]
You also place your trust on Jane that she is going to keep your code a secret and that she will not reveal who she gets the letters from if she is called to the principal’s office. As Jane’s school is in another country she could be governed by different laws forcing her to comply with your school’s principal.
Edits: Sources and Formatting.
Very good analogy! Thanks for the help 
Very good job! BTW I tagged you as ELI5 Master.
There’s a performance decrease, though depending on wide range of factors you might not notice it.
In China you will see a (substantial) increase in performance. In countries that don’t censor the internet you will see a decrease, how much depends on your provider.
Did you VPN from the same computer you were downloading from? If you were, then all network traffic is routed through the VPN, and they can monitor whatever you were doing.
If you were on a separate computer, then they are likely doing something illegal.
Corporate VPN clients are designed to be super simple. This means that they force all programs on the computer to go through the work VPN once connected. When you are connected to the VPN do not do anything that you wouldn’t do at work. They can potentially see everything you do on that company device when connected.
They shouldn’t be able to monitor your home network activity. Could be that the client you use enables that, this is illegal.
The other option is that your downloading program switched to the VPN network when you connected.
I can’t know for sure of course, this all depends on what you used to download, what the preferred network on your computer is and how the VPN is set up.
Im interested in encrypting my traffic but I also play a number of online games. Would the best course of action be playing games on the normal network, then just remember to turn the vpn on when browsing?
Not in China there’s not. Apart from outright blocking of sites the government randomly degrades service to sites that are not blocked but it doesn’t like people using, including all Google properties (search, maps, gmail.) And I imagine they are scanning everything they can (so all non https traffic) so just about anything going out of China is slow too. And retarding the https for the fun of it if its someone they don’t like.
Install a VPN in China and your internet goes from chronically slow and unreliable to fast and reliable instantly, it is really quite extraordinary.
Source: I spent three months in China using VPN provider astrill.com