What is the history of VPNs?

The internet was the most significant sensation of the ’90s. At first, it could only connect devices on the same network. However, the internet soon enabled people to communicate over remote networks. 

As early as the 1990s, businesses and governmental institutions began building their own networks and moving their resources online. By the mid-00s, most of the general public had realized the internet’s potential and saw it as a tool for remote access, communication, and leisure. The usage of the internet was experiencing another boom.

However, once the internet started connecting the world, it sparked a new phenomenon — cybercrime. Malicious entities didn’t take much time to seize new possibilities to obtain top-level sensitive data or financial resources from business entities.

The growing base of individual internet users was not fully aware of the threats being online posed and became easy prey for new cybercrime professionals — hackers. Phishing campaigns and malware began to thrive.

One solution to combat cyber threats was a virtual private network. It was first established to secure communication over remote networks between highly important institutions. Soon, VPNs became an inherent part of business operations and a hot-demand asset for the general public.

As the internet keeps expanding and taking over more spheres of life (especially after the Covid-19 pandemic), VPNs continue to evolve, too, increasing the number of features to bring cybersecurity to the next level.

VPN history: Prologue

The necessary condition for the development of VPNs was the creation of the internet. In a sense, VPNs were only an afterthought. However, to understand their purpose, we must first understand the complex entity known as the internet.

Let’s look at the first steps made in the creation of the internet, the first-ever networks, and how they stirred the need for online security measures.

ARPANET: The first network

A VPN was created to protect the connection between devices. However, the first-ever connection didn’t need much protection. Computers could only connect if they were in the same physical location.

However, the Pentagon’s Advanced Research Project Agency (ARPA) soon made it possible to connect computers even when they were far apart. In 1969, ARPA created a network system based on packet switching, with packets being messages sent between the computers. This network, called ARPANET, expanded over the 1970s to connect more research and education centers.

Though a big step forward, ARPANET used the Network Control Protocol (NCP), which could only connect computers on the same network. A new solution for connecting devices on different networks was needed.

TCP/IP: The first steps of the internet

While ARPANET became increasingly popular among governmental and educational institutions, ARPA continued to search for solutions to connect devices on different networks. By the 1980s, the organization established a new protocol called the Transmission Control Protocol/Internet Protocol (TCP/IP).

TCP/IP enabled remote connection by gradually changing NCP to IP. This shift effectively led to the development of an inter-network of remote devices, later called the internet.

The two main IPs we still use today — IPv4 and IPv6 — come from the same TCP/IP suite of protocols. IP is a string of numbers meant to identify every device connected to the internet. In the early days of the internet, you couldn’t reach any online resources without knowing the correct IPs.

Remembering a string of random numbers is not a user-friendly way to navigate the internet. With that in mind, the “phone book of the internet” was created. Introduced in 1984, the domain name system (DNS) connected easily readable domain names (such as google.com) with their respective IP addresses.

The World Wide Web: Connecting the world

Soon after the IP and DNS systems were established, the internet became accessible to the general public. One of the first major online platforms, America Online (AOL), launched in 1985.

AOL allowed users to join chat rooms and participate in online communities. It operated on a dial-up network, which meant that users needed to call their internet service provider (ISP) to connect to it.

With more possibilities for online interaction, a niche for commercial ISPs opened up. Starting in 1989, one of the first commercial ISPs, “The World,” began providing internet connection to individual users over a dial-up network.

Hypertext Transfer Protocol (HTTP) expanded the internet in the next few years. The first successful connection between an HTTP client and a server was conducted in 1990.

That meant that internet users could now reach online resources and media through hyperlinks. The invention of HTTP helped to create a new information-sharing model — the World Wide Web (WWW).

First steps towards a VPN

After it was established, the internet quickly connected the world. In the 1990s, the internet spread rapidly outside academic and research circles.

With more businesses and a growing number of people using the internet, the first concerns over the safety of online communication appeared. These apprehensions led to the establishment of a way to secure internet connections — IP-layer encryption, which became the first step toward the development of the modern VPN.

What were the primary features of early VPNs?

The earliest VPNs focused on creating a secure and private connection over the public internet and were designed mainly to meet the needs of businesses. These early models included key features that formed the foundation of modern VPN technology.

• The tunneling protocol created a secure “tunnel” over the public internet, which allowed data to travel safely between two endpoints without exposure to outsiders.
• Basic encryption protected data with 128-bit encryption, which was considered strong enough at the time to prevent unauthorized access.
• Point-to-point connection provided a direct and exclusive link between the user and the corporate network, avoiding the need to switch servers during communication. This connection allowed employees to securely reach internal company resources like email, files, and intranet systems from outside the office.
• Business focus meant the VPN was designed primarily for enterprise security needs rather than for individual user privacy or casual browsing.

SWIPE: The first VPN modality

The Software IP Encryption Protocol (SWIPE) was an early attempt to provide end-to-end encryption for IP traffic between devices. Using SWIPE, scientists from AT&T Bell Laboratories managed to encapsulate an entire IPv4 packet, encrypt it, and place it inside another IPv4 packet, which was then sent to its endpoint.

SWIPE was developed to show the feasibility of IP layer encryption and significantly impacted the development of IPsec, a standard encryption protocol still widely used today.

IPsec: The first standard suite for IP encryption

IPsec was a game changer in securing an internet connection. It was the first standardized cryptographic protocol suite that provided end-to-end security at the IP layer.

Its main purpose was to authenticate and encrypt each IP packet in data traffic so that it would reach its end point safely. Securing the network on the IP layer meant that IPsec could secure almost all types of traffic that run over IP without being restricted by any applications or protocols.

IPsec encrypts the entire original IP packet and encapsulates it within a new IP packet, which is sent over the internet to the desired end. IPsec also verifies the identity of two communicating parties, adding another layer of security.

Once established, IPsec was paired with IPv4 for increased security when connecting over the internet. Later, IPsec became an inherent part of the new generation of IP protocols, including IPv6.

IPsec can be called the first iteration of a modern VPN, and soon after, the idea of a private network over a public one started to take shape.

What were the first VPN protocols?

Once it was clear that data could be protected by encryption, tech giants began competing to provide a safe way to transfer data through public networks. Microsoft and Cisco were two of the first companies to focus on consumer-friendly VPN solutions.

They each developed tunneling protocols that made VPN connections accessible to a wider audience. Instead of splitting the tech market into incompatible systems, these developments helped push the creation of evolving standards for VPN technology.

PPTP

The Point-to-Point Tunneling Protocol (PPTP) is one of the earliest protocols designed specifically for VPNs. A consortium of companies led by Microsoft developed PPTP in the mid-1990s. PPTP was designed as an improvement to the Point-to-Point Protocol (PPP), which was used to establish a connection between two remote devices.

PPTP, arguably the oldest VPN protocol, works by encapsulating PPP packets and forming a virtual data tunnel to send these packets to a VPN server before they reach the endpoint, for instance, a website. Once the data reaches the website, the website’s response is sent back to the user through the same VPN server. 

Connection over a VPN allows users to use a public network as if it was private. It ensured safer data transfer over the internet and significantly lowered the chances of unauthorized interceptions or data theft.

The primary use case for PPTP was connecting businesses’ remote servers to create a safer and more private corporate environment. PPTP was designed to transfer data through a VPN, but it only offered basic encryption and authentication. While these limitations allowed PPTP to maintain faster connection speeds, they highlighted the need for more robust solutions for secure data transfer.

L2F

Microsoft wasn’t the only company that saw potential in providing VPN services to a growing user base. Shortly after the introduction of PPTP, Microsoft’s competitor, Cisco, developed another protocol to support VPN functionality, called Layer 2 Forwarding (L2F). L2F addressed the main limitations of PPTP, which were its dependency on IP protocols and a weak encryption mechanism.

Cisco created L2F to support a dial-up connection over the internet so that users could access their original network when they were away from it. For instance, users were able to connect to their home network while traveling by simply calling any local internet service provider and prompting it to create an L2F tunnel back to their home ISP’s network.

One of the improvements brought by L2F was that it could support different types of internet traffic, including IPX and AppleTalk. In comparison, PPTP was only capable of forwarding IP traffic.

Though L2F didn’t provide encryption itself, it was designed to be paired with encryption protocols such as IPsec to protect the data in transit. It soon became a tough competitor to PPTP, which provided relatively weak encryption mechanisms.

L2TP

The competition between the PPTP and L2F showed that multiple industry standards serving the same purpose create mainly compatibility issues. Microsoft and Cisco didn’t take long to realize how collaboration may benefit both companies. As a result, they developed a new protocol that combined the best features of PPTP and L2F and called it the Layer 2 Tunneling Protocol (L2TP).

From the PPTP side, the new L2TP used PPP-based data framing to transport multi-protocol data packs. Meanwhile, L2F suggested a flexible authentication mechanism and multi-protocol support.

Developed in the late 1990s, the L2TP saw widespread adoption across the industry. It standardized the concept and approach to VPNs and offered a more secure and flexible way for tunneling data over IP networks.

VPNs for business

In the late 1990s and early 2000s, the number of people and businesses using the internet grew exponentially. More people started to own computers, and more businesses connected to their partners and remote workers over the internet. However, online life created a space for cybercrimes to thrive, which prompted the tech industry to search for ways to tackle this issue.

Businesses going online

Before the widespread use of the internet, businesses developed secure communication between their remote branches and remote workers using dedicated phone lines.

These lines were usually leased and were quite costly. So when the internet started to gain prominence, enterprises didn’t waste time using its potential for cost-effective remote access and communication.

In the early 2000s, many enterprises decided to go online and augment their operations in the cyber world. Companies started building their online presence by establishing websites to market their products and services.

With the development of online payment systems, many companies began to sell products to consumers via electronic commerce platforms. Online marketing and ads emerged to make users aware of the products sold on the internet.

Soon, the first cloud-based solutions for businesses to move their operations online appeared. They provided a much more cost-effective way to manage companies.

The internet has enabled enterprises to expand globally. Advanced cybersecurity tools and communication technologies allowed remote workers to securely connect to their company’s resources from anywhere in the world. However, this digital transformation also gave rise to a new era of cybercrime.

The rise of cybercrimes

Internet technology advanced rapidly during the early 2000s. In an industry primarily focused on innovation and growth, security was often treated as a secondary concern — until the exploitation of internet vulnerabilities highlighted its importance.

The global nature of the internet allowed cyberattackers to target victims worldwide, challenging jurisdictions and law enforcement that were usually place specific. The internet provided a degree of concealment for cybercriminals, who could mask their location and identity by spoofing their IP addresses and making them hard to trace.

The advancement of social networking sites has also laid the foundation for various phishing and social engineering schemes. Hackers can exploit these platforms to trick unaware users into revealing sensitive financial information or even steal their identity.

As businesses started using e-commerce and online banking systems, threat actors quickly recognized the opportunity to hack online accounts and commit fraud. This emerging wave of cybercrime was compounded by the fact that, in the early 2000s, online safety mechanisms were rudimentary at best.

With increasing online profits, organized cybercriminal groups stormed the internet. Malicious entities spent generously to develop sophisticated tools and techniques to trick the still-unaware business community.

The 2000s saw the dark web emerge as a marketplace for selling illegal data, hacking tools, and services for conducting cybercrimes. During this era, criminals developed various types of malware and spread it across the internet, causing disruptions, stealing data, and creating botnets that would paralyze critical systems.

So while the cyber scene of the 2000s brought new opportunities for businesses to thrive, it also gave malicious actors unprecedented chances to exploit vulnerabilities and cause widespread harm.

Early VPN use cases

With enterprises placing their sensitive data and resources online, it was only natural for them to search for ways to secure these assets. One safety measure that helped avoid unauthorized access to the company’s network was using a wide area network (WAN).

WANs were typically built on the company’s private infrastructure, with data traveling over dedicated, often leased, internet lines. These lines helped to isolate a company’s network from the public internet.

However, leasing WAN lines was expensive, and many businesses turned their attention toward connection over a VPN. Using a VPN over the public internet was a cost-effective, easy, and convenient way to allow employees to securely access their company’s internal network, whether they were working from the office or remote locations.

From time to time, businesses would also need to grant access to their networks to their partners, vendors, or contractors. A VPN allowed them to control and secure external access to their resources.

By the 2000s, VPNs could provide decent data encryption paired with a secure tunnel for data traffic. These security measures ensured that data in transit, even if intercepted, would remain unreadable to unauthorized entities. In addition, a VPN allowed for easy business scaling because it could connect new offices, branches, or employees without needing new infrastructure and large investments for expansion.

Notable VPN protocols of the early 2000s

Every VPN needs a strong foundation — a protocol to ensure secure and reliable communication between the user and a VPN server. Below are the most noteworthy protocols of the early 2000s:

• OpenVPN was developed by James Yonan, who wanted to securely connect to his home network while traveling in Asia. Since he couldn’t find a suitable solution, he created his own VPN protocol. Yonan called it OpenVPN and designed it as an open-source, publicly available, and easily adaptable protocol.
• SSL VPN was built on the SSL/TLS encryption protocol and supported two types of VPN connection. The first, SSL Portal VPN, allowed users to access a single web page through their browser. The second, SSL Tunnel VPN, provided users with access to multiple network resources via a secure encryption tunnel. Many organizations still use SSL VPN technology today.

VPNs for the general public

From their early days of development, VPNs were perceived as ideal tools for enterprises to secure their online operations and scale their businesses. It took time for the general public to realize they, too, needed tools to protect their privacy online.

However, as the internet rapidly became a global phenomenon, cybercrime operations expanded in scale, introducing new phishing methods and advanced malware variants. The general public soon became key targets.

Security breaches

Individual users started paying more attention to their online security when the first phishing campaigns began to circulate the internet. Some of the most notable ones were the ILOVEYOU computer worm, which disguised itself as a love letter, and MyDoom, which in 2004 became the fastest-spreading email worm in the history of the internet.

By the mid-2000s, hackers began exploiting public networks to intercept individual connections. This problem intensified when public Wi-Fi became increasingly available in shared spaces like cafes and airports, where unencrypted connections were especially vulnerable.

People connected to a public network became easy targets. Once a hacker squeezed themselves between the two communicating ends, they could monitor and record the transferred data, capturing sensitive information such as login credentials, personal details, or financial data.

Besides eavesdropping, hackers could alter data in transit, possibly corrupting sensitive information or injecting malicious software. In some cases, internet users could be redirected to malicious websites designed to steal private data or deceive them into purchasing fake products and services.

The rising awareness of various hacking attempts led individual internet users to pay more attention to their online privacy. The prevalence of phishing campaigns, malware attacks, and vulnerabilities in public networks highlighted the need for stronger personal cybersecurity measures and privacy tools.

Internet restrictions

When it was first established, the internet made it possible for people around the world to connect and share knowledge and ideas globally. However, many authoritarian governments were quick to implement censorship or limitations over the content accessible to their citizens online. These restrictions were aimed at controlling information to maintain political stability and suppress dissent.

Social media became the number one enemy of dictatorial regimes because of how fast and efficiently it could spread information. In response, some oppressive governments developed advanced methods to monitor and manipulate their citizens’ online interactions and enforce strict controls. Internet censorship drove individuals to seek solutions, such as tools that provided access to unrestricted internet.

Emergence of a consumer VPN

With endless possibilities and accompanying threats, internet users began looking for ways to safely connect to the public network. As a result, the general public's demand for VPN options came not long after businesses saw their potential.

By 2005, the first commercial VPNs emerged, offering their services to the general public. It was a big step forward because VPNs created for businesses were complex tools designed for use by tech-savvy professionals. Commercial VPNs were easy to use and employed software to guide users through the setup and connection process.

By the end of the 2000s, VPNs had evolved into essential everyday tools for online privacy and security. The number of third-party VPN service providers and the demand for VPNs grew exponentially. Competition between providers led to improvements in VPN speeds, reliability, and quality.

Notable VPN protocols of the late 2000s

The second part of the ’00s brought some innovations to the expanding pool of VPN protocols:

• IKEv2/IPsec was created to help maintain a VPN connection when the user switched between networks or experienced network disruptions. This protocol was established to satisfy the growing need for a mobile VPN connection and a smooth switch between Wi-Fi and cellular networks.
• SSTP was founded by Microsoft on the premise of the SSL/TLS protocol and could traverse firewalls and proxy servers more easily than many of its predecessors.

The expanding internet

The 2010s was a turning point for the internet, marked by numerous large-scale advancements in information technology (IT). These developments led to the expansion of a global network that integrated much of people's work and leisure into online spaces. However, this growing digital landscape has also increased the number and severity of cyber threats, which have evolved alongside advancements in IT.

A global network

Expanding networks and technological innovations made it possible for the internet to connect the user with different points across the globe, no matter how far. The Internet of Things (IoT) similarly allows different types of devices to connect over the internet.

Now you can order your smart vacuum to clean the house while you're at work or call a friend using a smartwatch. Several IT companies developed smart assistants, such as Alexa and Siri, while the gaming industry provided the possibility for online multiplayer games. With online retail booming, more consumers started shopping on their mobile devices.

As internet connection became available on almost any device and at any place, streaming services started to thrive. Platforms such as Netflix and Hulu saw a dramatic expansion, and the launch of new streaming services led to “streaming wars” for even bigger online audiences.

New online professions, such as YouTube content creation, Instagram influencing, and TikTok video production, have become prominent. These professions rely heavily on a stable internet connection and the ability to reach large audiences at any time. These conditions have put more pressure on ISPs to provide their customers with good internet speeds and excellent service.

Increasing need for online security

With more spheres of life moving to the internet, robust security solutions have been increasingly needed. Network interceptions now pose far graver consequences than a decade ago. The increasing volume of sensitive personal and professional data being transmitted and stored online has heightened the risks of cyber threats.

The public interest in VPNs grew rapidly, and the number of VPN service providers grew as a result. Thanks to evolving technology, the VPN industry experienced significant growth and transformation.

VPN providers expanded their services to mobile platforms. They even made VPNs compatible with routers so that users could route all of their smart home devices through a VPN at once.

Internet users became more conscious about their online privacy as the stakes of falling victim to various data breaches grew higher. VPN providers began offering additional features to advance user privacy to the next level. Some of the best VPN features implemented by the majority of respectable VPN providers were:

• A no-logs policy, which means that VPN companies don’t store any records of their users’ activity online.
• A kill switch, which automatically disconnects a device from the internet if the VPN connection is lost, preventing accidental data leaks.
• A multi-hop connection, which enables routing internet traffic through multiple VPN servers before data reaches the endpoint, making the user close to untraceable online.

Tight competition between VPN service providers propelled them to search for ways to increase VPN connection speeds and make it an easy-to-use and highly effective tool.

Notable VPN protocols of the late 2010s

A VPN protocol that made heads turn in the 2010s was WireGuard^®. WireGuard uses modern cryptography for encryption, which allows for more straightforward configurations than legacy protocols like IPsec and OpenVPN.

The protocol has a built-in roaming feature that keeps the VPN connection intact when the device switches between Wi-Fi and cellular internet connection. WireGuard showed the potential for simple usage, intuitive design, and performance improvements.

VPNs at the height of the Covid-19 pandemic

In 2020, Covid-19 shook the world, changing many aspects of everyday life. With physical businesses closed and social distancing measures intact, the internet became vital for communication, work, education, and entertainment.

As almost all spheres of life moved to virtual reality, better security solutions were needed. VPN technology has become more valuable than ever before.

The internet during a global pandemic

Even though the internet had already taken over the world before the pandemic, it showed its true potential when Covid-19 hit. To keep their businesses running, many enterprises started relying on remote work, moving all of their resources to cloud services, and using various virtual collaboration tools, such as Zoom or Microsoft Teams.

Schools and universities had to switch to online resources, coworking tools, and platforms developed for virtual teaching. In fact, almost every part of everyday life transitioned to the online format — using streaming services or participating in online events replaced going to the cinema or concerts.

With everyday life having moved significantly to the online realm, securing it became the main concern for the tech industry.

VPNs adapting to a new reality

The demand for VPNs skyrocketed once businesses shifted to remote work models and more employees needed to access remote networks. However, many VPN providers were not ready for the excessively high volume of users connecting to their servers simultaneously. They had to work fast to find solutions to scale VPN services and enhance them to handle increased loads.

Life moving online also offered more opportunities for hackers to steal sensitive data and corrupt work-related operations. The stakes were the highest they have ever been, and the number of cybercrimes skyrocketed.

VPN providers introduced multi-factor authentication (MFA) to tackle the increased risk of unauthorized access to sensitive data. The growing number of cyberattacks has encouraged them to integrate various malware protection features into the VPN services. Many VPN providers have also expanded their base of VPN servers to satisfy the increased demand and have started to develop new protocols for higher-end encryption.

How are VPNs used today?

VPNs have become vital tools for businesses and individual users. People use VPNs to secure their online activity and protect sensitive data from hackers and cyber threats. By creating an encrypted connection that changes your IP address and scrambles your internet traffic, a VPN makes it much harder for anyone to spy on your activity or steal your data.

Today, where remote work, online banking, and digital entertainment are part of everyday life, using a VPN can help protect your privacy and maintain security across all internet connections, especially on public Wi-Fi networks. As cyberattacks grow more sophisticated and internet censorship tightens in some regions, the importance of VPNs continues to rise.

What are the current uses of VPNs?

VPN technology has evolved far beyond its original purpose of securing business communications. Today, VPNs serve a wide range of users and needs, from protecting individual privacy to supporting activities like gaming or something as important as overcoming internet censorship.

Let’s explore some of the most common and important uses of VPNs today.

VPNs: Epilogue

Though life after the height of the Covid-19 pandemic has slowly returned to normal, the importance of our online security and well-being hasn’t diminished in any way. With the continuous development of new security features and increased global outreach, the VPN industry is poised for growth.

What’s in store for VPNs?

The underlying technologies of VPNs are evolving fast, aiming to provide stronger encryption and improve performance. Many browsers, operating systems, and IoT devices have already started integrating VPN as its standard feature. As mobile internet use rises, VPN solutions for tablets and smartphones are being developed and refined.

Many VPN providers are also moving towards decentralized VPN (dVPN) technology, which enables users to build VPN networks using peer-to-peer (P2P) connections. dVPNs may become an effective tool against internet censorship and other online restrictions because they don’t rely on centralized network infrastructure, which is more prone to blocking.

The VPN market will also likely benefit from another phenomenon quickly capturing the cyber world — artificial intelligence (AI). The use and integration of AI chatbots is already reshaping the internet, making it more intuitive and human-like, according to those implementing them.

AI technology in VPNs can enhance malware blocking by identifying and filtering malicious data packets in transit. Additionally, AI can optimize VPN performance by assessing server loads, latency, and network conditions, automatically connecting users to the most efficient server in real time.

Where is NordVPN headed?

NordVPN remains committed to providing customers with unrestricted internet access and a smooth, seamless user experience. We continue to expand our server network and introduce new features to meet evolving user needs.

While technological advancements have significantly improved our virtual lives, they have also enabled the development of more sophisticated and harder-to-detect online threats. In response to the growing prevalence of malware and phishing attacks, NordVPN is actively innovating to deliver new top-grade cybersecurity solutions.