← Home  |  ← Protection Tools

Hide your IP address and encrypt your internet connection

How It Works

A VPN creates an encrypted tunnel between your device and a remote server. All your internet traffic is routed through this server, so websites see the VPN server's IP address instead of yours. This effectively hides your IP address, location, ISP, and hostname.

What It Protects

• IPv4 and IPv6 address — replaced with the VPN server's IP
• Location, country, and coordinates — websites see the server's location
• ISP and hostname — your real internet provider is hidden
• Timezone — can appear to change based on server location
• DNS requests — routed through VPN's DNS servers (if properly configured)
• ASN and network information — shows the VPN provider's network instead

What It Does NOT Protect

A VPN does not change your browser fingerprint — your screen resolution, fonts, GPU, user agent, and other technical details remain the same. Websites can still track you using these parameters even if your IP changes.

Limitations

• VPN usage can be detected by services that maintain lists of known VPN server IP addresses
• Some websites block VPN connections entirely
• A poorly configured VPN can leak DNS requests or IPv6 traffic, revealing your real location
• Your VPN provider can see your traffic (choose a trustworthy, no-log provider)

How a VPN Works in Detail

Without a VPN

When you connect to a website without a VPN, your device communicates directly with the website's server. The website can see your real IP address, your ISP, and your approximate physical location.

With a VPN

When you use a VPN, your traffic is first encrypted on your device, then sent through a secure tunnel to a VPN server. The VPN server decrypts your traffic and forwards it to the website. The website only sees the VPN server's IP address and location — not yours.

The Encryption Process

VPN encryption works in layers. When your device sends data, the VPN client wraps it in an encrypted envelope before it leaves your machine. This process is called encapsulation.

VPN Protocols

The VPN protocol determines how the encrypted tunnel is established and maintained. Different protocols offer different trade-offs between speed, security, and compatibility.

• WireGuard — modern, fast, and lightweight. Uses state-of-the-art cryptography with a very small codebase (~4,000 lines), making it easy to audit. The best choice for most users.
• OpenVPN — battle-tested and highly configurable. Runs on TCP or UDP and works through most firewalls. Slower than WireGuard but extremely well-proven.
• IKEv2/IPSec — fast reconnection on mobile devices when switching between Wi-Fi and cellular. Built into most operating systems.

What Happens to Your Data at Each Step

Common VPN Leak Scenarios

Even with a VPN active, certain misconfigurations can reveal your real identity:

• DNS Leak — your DNS queries bypass the VPN tunnel and go directly to your ISP's DNS servers, revealing which websites you visit. A properly configured VPN routes all DNS through its own servers.
• IPv6 Leak — many VPNs only tunnel IPv4 traffic. If your device has an IPv6 address, it may connect to websites directly over IPv6, exposing your real IP. Good VPNs either tunnel IPv6 or block it entirely.
• WebRTC Leak — WebRTC (used for video calls and peer-to-peer connections) can reveal your real IP through browser APIs, even when a VPN is active. This must be blocked at the browser level.
• Kill Switch failure — if the VPN connection drops unexpectedly, traffic may flow unprotected through your ISP. A kill switch blocks all internet access until the VPN reconnects.