Whilst I’ve heard the “tunnel” analogy before, it doesn’t explain the method of how the data is secured.
As an example of a secure \ private computer network.
- Three computer terminals (T1, T2, & T3) in the same locked room are only connected together using three cables (C1, C2 & C3). The terminals have no (external) internet connection. So, no Internet Service Provider, No WiFi, etc. They are only connected together. Therefore, three people could sit at the computers and know, without a doubt - that only they were connected to this private network.
This is an (basic) example of a secure network configuration. A private network of computers. The only point to see the data transferred on this private network is at one of the computer terminals. Let us assume the computers are also securely password-protected. The “weakest link” on this network is that the data is being transferred between the computers via cables. However, since this network is in a locked room, only those with a key to the room can have access to the network (the computers and the cables that connect them).
Now, let’s assume we wanted to connect (using a long cable) another computer terminal (T4) to this network. But, the T4 computer was outside of the secured room. Now we have a security issue because the cable (C4) is traveling outside of the secure room. Therefore, anyone that wanted to “see” the data that was passing through the C4 cable “only” had to hack into that cable. Or perhaps physically sit at T4, which was outside of the locked room, and hack the computer’s password protection - therefore, gain access to the network.
So, to secure the data passing along the C4 cable we used end-to-end encryption. So, now, some “outside” agents could only “see” the unscrambled data if they had the decryption key or “hacked” that key (which is apparently virtually impossible with modern-day encryption).
So, our private (P2P) network is comparably secure. But, now we are told that “Your ISP is like a door to the internet, you have to pay to open that door”. In other words, that’s not because we technically “have to”, that’s how the system is designed. Our private network functioned without ISPs. That “door” is the “world” of the insecure world-wide-web. With a multitude of computers (servers, etc) and agents that are “interested” in other people’s internet activity (i.e., data) and private lives (e.g., hacking into cameras & microphones). Essentially, that door is the commercial network where everything has a price (your data, your “private” lives, etc).
So, “you have to pay” to connect to the internet is actually a monetary idealogy (what? some people want to make money? who knew!). Of course, if we want a computer network we have to manufacture the hardware (the computers, cables, WiFi tech, etc). Thus far, this post has been amoral. In other words, “making money” is an amoral statement. Some people make money in sincere ways (i.e., an “honest John”) and others don’t (e.g., low levels of honesty-humility - a personality dimension). And of course, due to different personality characteristics and differing social circumstances (e.g., ideologies, politics, economics), those that “don’t” vary in their methods.
However, my initial question was related to VPNs. The only way that VPNs could be secure would be if the data was end-to-end encrypted (i.e., “secure” in the context that the ISP could not unscramble the data & that the VPN really didn’t keep logs. i.e., didn’t record or monitor a person’s personal data). Scrambled data out, scrambled data in. In other words, all the data that passed through the network was scrambled and the only way to “see” the unscrambled data was to either have the “key” or to hack the “key” (or hack the computer - therefore gain access to the "key).
To quote Mullvad VPN “In all of our servers, we have specified default configurations and orders of priority for encryption to provide the strongest encryption available for each tunnel protocol”
So, technical “jargon” aside (i.e., the lexicon of computer science), I assume that means that once I installed the Mullvad VPN App on a PC or phone, all the (incoming & outgoing) data is scrambled. However, to reiterate, in this context, if the scrambled data is either traveling directly to the Mullvad servers (computers), then what’s the point of the ISP? (middle person[s]). Of course, if we had a P2P encrypted private network (as described, or even if the ISP used encryption technology (i.e., security was built into the system by intentional design), then we would not need VPNs. Of course, generally speaking, security isn’t built in by design due to profit incentives and political ideologies. For example, governments & corporations that seek (in part) to profit from, rule, and manipulate, not serve, the citizens of a democracy. And in the context of autocracy - the individual’s privacy isn’t a (state) value. Unless that is, that individual is part of the autocratic “establishment” (i.e., an authoritarian regime that uses social oppression to sustain its social norms and values).