Why VPN?

Internet connections can be secured in basically two ways: securing the data itself (sometimes called "encrypting the data"), and/or securing the whole connection (sometimes called "securing the network").

Most secure websites and email systems utilize SSL (Secure Sockets Layer) to encrypt data passing between the client and the server—so, with secure services, you'd have encrypted HTTP, IMAP, POP, and SMTP connections. Someone "listening in" on the wire could see that there was a web-related or email-related connection between the client and the server, but they wouldn't be able to decipher the data.

Most of the time, encrypting the data is enough. Sometimes, though, the fact that someone can determine what server and/or service is being used can be a bad thing, even if they can't tell what data was passed. For example, if I'm looking at our firewall logs and notice that one of my employees is spending a lot of time at, I don't really care about the data itself. I'm going to have a conversation with that individual based solely on the fact that his computer is connecting to Facebook too much on company time. Similarly, someone living in an "unfriendly" country might not want to visit certain websites that the local government might be monitoring for access. Also, webservers can determine your geographic location based on your IP address, and some online businesses (PayPal and other online banking services, most notably) use this capability to deny access to foreign addresses—so, if you're traveling in India, and need to transfer some money in PayPal, you're out of luck. Finally, many "unfriendly" countries actively block connections to content deemed inappropriate by the government; for example, China and many strident Islamic countries block access to sites dealing with Christianity, human rights, etc.—and they often prosecute or persecute individuals who attempt to access such sites. In cases like these, securing the data itself isn't enough; you need to be able to "hide" the whole connection.

This is where a VPN is very useful, because it hides both the data and the connections inside the encrypted VPN tunnel. Someone "listening in" could tell that a VPN conversation was happening between computer A and computer B, but they could neither decipher the data nor figure out what other computers might be involved in the conversation. When the VPN client connects to other computers through the VPN tunnel, the connection appears to originate from the VPN server, so the server's IP would be the determining factor in geographical verification. Basically, a VPN gives you a "secure virtual relocation" service.

Note that the VPN only encrypts things between the VPN client and the VPN server. You still want to utilize data-level encryption wherever possible, in order to encrypt the traffic between the VPN server and the final destination. If you're in an "unfriendly" country, you also want to be sure that your VPN server is not considered suspicious by your host country (if it is, they'll probably block your access to it).