History of the VPN

The internet was the most significant sensation of the 90s. At first, it could only connect devices on the same network, however, the internet soon enabled people to communicate over remote networks. In the early 2000s, businesses and governmental institutions began building their own networks and moving their resources online. By the mid-00s, the general public realized the internet’s potential and saw it as a tool for remote communication and leisure. The usage of the internet was experiencing another boom.

However, once the internet started connecting the world, it jolted a new phenomenon — cybercrimes. Malicious entities didn’t take much time to seize new possibilities to obtain top-level sensitive data or financial resources from business entities. The growing base of individual internet users was not fully aware of the online threats and became easy prey for new cybercrime professionals – hackers. Phishing campaigns and malware began to thrive.

One of the solutions to put cyber threats on a leash came in the form of a VPN. It was first established to secure communication over remote networks between institutions of top importance. Soon, a VPN became an inherent part of business operations and a hot-demand asset for the general public.

As the internet keeps expanding and taking over more spheres of life – especially after the COVID-19 pandemic – VPNs continue to evolve, too, increasing the number of features to bring cybersecurity to the next level.

The necessary condition for a VPN to occur was the creation of the internet. In a sense, a VPN was only an afterthought. But to understand the result, one needs to understand the cause, in this case – what is the beast known as the internet. Let’s dive into a short overview of the first steps made in the creation of the internet, the first-ever networks, and how they stirred the need for online security measures.

ARPANET: The first network

A VPN was created to protect the connection between devices. However, the first-ever connection didn’t need much protection. Computers could only connect if they were in the same area when the US defense and research institutions developed the first computer network to share information in the 1950s.

But, the Pentagon’s Advanced Research Project Agency (ARPA) soon made it possible to connect computers even when they were far apart. In 1969, ARPA created a network system based on packet switching, with packets being messages sent between the computers. This network, called ARPANET, expanded over the 1970s to connect more research and education centers.

Though a big step forward, ARPANET used a network control protocol (NCP), which could only connect computers on the same network. A new solution for connecting devices on different networks was needed.

TCP/IP: The first steps of the internet

While ARPANET increased in popularity among governmental and educational institutions, ARPA kept searching for solutions to connect devices on different networks. By the 1980s, the organization established a new protocol called the Transmission Control Protocol/Internet Protocol (TCP/IP), which enabled remote connection by gradually changing NCP to internet protocol (IP). This effectively led to the development of an inter-network of remote devices, later called the internet.

The two main IPs we still use today – IPv4 and IPv6 – come from the same TCP/IP suite of protocols. IP is a string of numbers meant to identify every device connected to the internet. You couldn’t reach any online resources without knowing the correct IPs.

Remembering a string of random numbers is not a user-friendly way to steer the internet. With that in mind, a so-called “phone book of the internet” was created. Introduced in 1984, a domain name system (DNS) connected easily readable domain names (such as google.com) with their respective IP addresses.

The World Wide Web: Connecting the world

Soon after the IP and DNS systems were established, the internet was introduced to the general public. The first online platform appeared in 1985, offering people to join various chat rooms and participate in online communities. Called America Online (AOL), the platform worked on a dial-up network: Its users needed to phone the respective internet service provider (ISP) that would connect them to AOL.

With more possibilities for online interaction, a niche for commercial ISPs opened up. Starting in 1989, one of the first commercial ISPs, “The World,” began providing internet connection to individual users over a dial-up network.

Hypertext transfer protocol (HTTP) expanded the internet in the next few years. The first successful connection between an HTTP client and a server was conducted in 1990. It meant that internet users could now reach online resources and media through hyperlinks. The invention of HTTP helped to create a new information-sharing model – The World Wide Web (WWW).

After its establishment, it didn’t take long for the internet to connect the world. The 1990s saw a rapid expansion of the internet beyond academic and research circles. With more businesses and a growing number of people using the internet, the first concerns over the safety of online communication appeared. These apprehensions led to establishing a way to secure an internet connection – an IP-layer encryption, which became the first step towards a modern VPN.

SWIPE: The first VPN modality

Software IP Encryption Protocol (SWIPE) was an early attempt to provide end-to-end encryption for IP traffic between the devices. Using SWIPE, scientists from AT&T Bell Laboratories managed to encapsulate an entire IPv4 packet, encrypt it, and place it inside another IPv4 packet, which was then sent to its endpoint.

SWIPE was developed to show the feasibility of IP layer encryption and made a significant impact on developing IPsec – a standard encryption protocol still widely used today.

IPsec: The first standard suite for IP encryption

IPsec was a game changer in the process of securing an internet connection. It was the first standardized cryptographic protocol suite that provided end-to-end security at the IP layer. Its main purpose was to authenticate and encrypt each IP packet in data traffic so that it would reach its end point safely. Securing the network on an IP layer meant that IPsec could secure almost all types of traffic that run over IP without being restricted by any applications or protocols.

IPsec encrypts the entire original IP packet and encapsulates it within a new IP packet, which is sent over the internet to the desired end. IPsec also verifies the identity of two communicating parties, adding another layer of security.

Once established, IPsec was paired with IPv4 for increased security connecting over the internet. Later, IPsec became an inherent part of the new generation of IP protocols, including IPv6.

IPsec can be called the first iteration of a modern VPN, and soon an idea for a private network over a public one started to gain shape.

Once it was clear that data could be safeguarded by encryption, tech giants began competing to provide a safe way to transfer data through public networks. Two competing companies – Microsoft and Cisco – created the first data tunneling protocols that supported VPN connection. However, as both protocols became equally popular, the risk of dividing the tech market into two incompatible parts arose.

PPTP

The Point-to-Point Tunneling Protocol (PPTP) is one of the earliest protocols designed specifically for VPNs. A consortium of companies led by Microsoft developed PPTP in the mid-1990s. PPTP was designed as an improvement to the Point-to-Point Protocol (PPP), which was used to establish a connection between two remote devices.

PPTP works by encapsulating PPP packets and forming a virtual data tunnel to send these packets to a VPN server before they reach the endpoint, for instance, a website. Once the data reaches the website, the website’s response is sent back to the user through the same VPN server. Connection over a VPN allows users to use a public network as if it was private. It ensured safer data transfer over the internet and significantly lowered the chances of unauthorized interceptions or data theft.

Unsurprisingly, the primary use case for PPTP was connecting businesses’ remote servers to create a safer and more private corporate setting. PPTP’s primary purpose was to transfer data through a VPN. However, it provided relatively low-scale encryption and authentication. Though these shortcomings allowed PPTP to maintain near-original connection speeds, more robust solutions for secure data transfer were needed.

L2F

Microsoft wasn’t the only company that saw potential in providing VPN services to a growing user base. Shortly after the introduction of PPTP, Microsoft’s competitor, Cisco, developed another protocol to support VPN functionality and called it Layer 2 Forwarding (L2F). L2F addressed the main limitations of PPTP, which were the dependency on IP protocols and a weak encryption mechanism.

Cisco created L2F to support a dial-up connection over the internet so that users can reach their original network when they are away from it. For instance, users were able to connect to their home network while traveling by simply calling any local ISP and prompting them to create an L2F tunnel back to their home ISP’s network.

One of the improvements brought by L2F was that it could support different types of internet traffic, including IPX and AppleTalk. In comparison, PPTP was only capable of forwarding IP traffic. Though L2F didn’t provide encryption itself, it was designed to be paired with encryption protocols such as IPsec to safeguard the data in transfer. It soon became a tough competitor to PPTP, which provided relatively weak encryption mechanisms.

L2TP

The competition between the PPTP and L2F showed that multiple industry standards serving the same purpose create mainly compatibility issues. Microsoft and Cisco didn’t take long to realize how collaboration may benefit both companies. As a result, they developed a new protocol that combined the best features of PPTP and L2F and called it the Layer 2 Tunneling Protocol (L2TP).

From the PPTP side, the new L2TP took PPP-based data framing to transport multi-protocol data packs. Meanwhile, L2F gave an idea for a flexible authentication mechanism and multi-protocol support.

Developed in the late 1990s, the L2TP saw widespread adoption across the industry. It standardized the concept and approach to a VPN and offered a more secure and flexible way for tunneling data over IP networks.

In the late 1990s and early 2000s, the number of people and businesses using the internet grew exponentially. More people started to own computers, and more businesses connected to their partners and remote workers over the internet. However, online life created a space for cybercrimes to thrive, which prompted the tech industry to search for ways to tackle this issue.

Businesses going online

Before the widespread use of the internet, businesses developed secure communication between their remote branches and remote workers using dedicated phone lines. These lines were usually leased and were quite costly. So, when the internet started to gain prominence, enterprises didn’t waste time using its potential for cost-effective remote communication.

In the early 2000s, many enterprises decided to go online and augment their operations in the cyber world. Companies started building their online presence by establishing websites to market their products and services. With the development of online payment systems, many companies began to sell products to consumers via electronic commerce platforms. Online marketing and ads emerged to make users aware of the products sold on the internet. Soon, the first cloud-based solutions for businesses to move their operations online appeared. It provided a much more cost-effective way to manage companies.

The internet has enabled enterprises to spread their business globally. New cyber tools facilitated online communication, and remote workers were able to connect to their company’s resources wherever they were. However, a new platform for businesses to thrive also became the hive for cybercrimes.

The raise of cybercrimes

The internet technology was advancing fast in the early days of the 2000s. In the industry that concentrated mainly on improvements, security came in second when the vulnerabilities of the internet started to be exploited.

The global nature of the internet allowed cyberattackers to target victims worldwide, challenging jurisdictions and law enforcement that were usually place-specific. The internet provided a degree of concealment for cybercriminals, who could mask their location and identity by spoofing their IP addresses and making them hard to trace. The advancement of social networking sites has also laid the foundation for various phishing and social engineering schemes, with hackers being able to trick unaware users into revealing their sensitive and financial information or even steal their identity.

It didn’t take long for threat actors to spot the possibility of hacking online accounts and committing fraud since the businesses actively started to use e-commerce and online banking systems. In the early 2000s, online safety mechanisms barely existed because companies weren’t fully aware of the gravity and ruinous consequences of cyber threats. With increasing online profits, organized cybercriminal groups stormed the internet. Malicious entities didn’t spare funds to develop sophisticated tools and techniques to trick the still-unaware business community.

The 2000s were the time when the dark web emerged to become a marketplace for selling illegal data, tools, and services for conducting cybercrimes. Various types of malware were developed and spread across the internet, causing disruptions, stealing data, and creating botnets that would paralyze critical systems. The cyber scene of the 2000s was full of possibilities for businesses to thrive and malicious entities to ruin them.

Early VPN use cases

With enterprises placing their sensitive data and resources online, it was only natural for them to search for ways to secure it. One safety measure that helped avoid unauthorized access to the company’s network was using a wide area network (WAN). WANs were typically built on the company’s private infrastructure, with data traveling over dedicated, often leased internet lines. These lines help to isolate a company’s network from the public internet.

However, leasing WAN lines was expensive, and many businesses turned their glances toward connection over a VPN. Using a VPN over a public internet was a cost-effective, easy, and convenient way to allow employees to securely access their company’s internal network, whether working from the office or remote locations. From time to time, businesses would also need to grant access to their networks to their partners, vendors, or contractors. VPN allowed them to control and secure external access to their resources.

By the 2000s, VPNs could provide decent data encryption paired with a secure tunnel for data traffic. These security measures ensured that data in transit, even if intercepted, would remain unreadable to unauthorized entities. In addition, a VPN allowed for easy business scaling because it could connect new offices, branches, or employees without needing new infrastructure and large investments for expansion.

Notable VPN protocols of the early 2000s

Every VPN needs a strong foundation – a protocol to ensure secure and reliable communication between the user and a VPN server. Below are the most noteworthy protocols of the early 2000s:

• OpenVPN was developed by James Yonan, who wanted to securely connect to his home network while traveling in Asia. Since he couldn’t find a suitable solution, he created his own VPN protocol. Yonan called it OpenVPN and designed it as an open-source, publicly available, and easily adaptable protocol.
• SSL VPN was built using SSL/TLS encryption protocol and enabled two different types of a VPN connection: SSL Portal VPN, which allowed users to access a single web page, and SSL Tunnel VPN, which allowed users to access multiple network resources through a secured encryption tunnel.

From the first days of development, VPN was seen as a perfect tool for enterprises to secure their online operations and scale their businesses. It took some time for the general public to realize they need tools to secure their privacy online, too. And no wonder: Hackers’ attempts were first and foremost projected onto businesses that operated with large sums of money or valuable data. However, as the internet quickly became a global phenomenon, the scale of cybercrimes grew, introducing new phishing methods and new malware variants. The general public soon became a target.

Security breaches

Individual users started to pay more heed to their security online when the first phishing campaigns began to circulate the internet. Some of the most notable ones were the ILOVEYOU computer worm, which disguised itself as a love letter, and Mydoom, which in 2004 became the fastest-spreading email worm in the history of the internet.

By the mid-2000s, hackers began to exploit public networks to intercept individual connections. It became a huge problem when public Wi-Fi started to be routed in shared places, such as cafes and airports. People connected to a public network became an easy target. Once a hacker squeezed themselves between the two communicating ends, they could monitor and record the data in transfer, capturing sensitive information such as login credentials, personal details, or financial data.

Besides eavesdropping, hackers were able to alter data in transit, possibly corrupting sensitive information or inserting malicious software. Internet users could also end up being steered to malicious websites that would steal their private data or trick them into buying fake products and services.

The rising awareness of various hacking attempts led individual internet users to pay more attention to their online privacy.

Internet restrictions

Once established, the internet created the possibility to connect the world and let people share their knowledge and ideas globally. However, many authoritarian governments were quick to implement censorship or limitations over the content accessible to their citizens online. Information control was applied to maintain political stability and suppress dissent.

Social media became the number one enemy of the dictatorial regimes because of how fast and efficiently it could spread information. However, some oppressive governments went as far as implementing sophisticated methods to monitor and manipulate citizens’ online interactions and conversations. Internet censorship made people search for solutions to access unrestricted internet.

Emergence of a consumer VPN

With endless possibilities and accompanying threats, internet users began looking for ways to safely connect to the public network. As a result, the demand for a VPN from the general public came not long after businesses saw its potential.

By 2005, the first commercial VPNs emerged, offering their services to the general public. It was a big step forward because VPNs created for businesses were complex tools designed for use by tech-savvy entities. Commercial VPNs were easy to use and employed various apps to steer users through all the necessary processes.

By the end of the 2000s, VPNs had evolved into an essential everyday tool for online privacy and security. The number of third-party VPN service providers and the demand for a VPN grew exponentially. Their competition led to improvements in VPN speeds, reliability, and quality.

Notable VPN protocols of the late 2000s

The second part of the 00s brought some innovations to the expanding pool of VPN protocols:

• IKEv2/IPsec was created to help maintain a VPN connection when the user switched between the networks or experienced network disruptions. This protocol was established to satisfy the growing need for a mobile VPN connection and a smooth switch between Wi-Fi and cellular networks.
• SSTP was founded by Microsoft on the premise of the SSL/TLS protocol and could traverse firewalls and proxy servers more easily than many of its predecessors.

The second decade of the 20th century was a turning point for the internet. Numerous large-scale IT advancements were made, giving birth to new cultural phenomena. The growing internet led to the development of a global network that moved a large part of peoples’ lives online, including both work and leisure. New cyber life also meant an increasing number and severity of cyber threats, advancing hand in hand with IT.

A global network

Expanding networks and technological innovations made it possible for the internet to connect the farthest and the closest points of the world with the user. The Internet of Things (IoT) has been developed, allowing different types of devices to connect over the internet.

Now, you can order your smart vacuum to clean the house while being at work or call a friend using a smartwatch. Several IT companies developed smart assistants, such as Alexa and Siri, for a seamless user experience, while the gaming industry provided the possibility for online multiplayer games. With online retail booming, more consumers started shopping using their mobile devices.

As internet connection became available on almost any device and at any place, streaming services started to thrive. Platforms such as Netflix and Hulu saw a dramatic expansion, and the launch of new streaming services led to “streaming wars” for bigger online audiences.

New online professions such as YouTube content creation, influencing on Instagram and TikToking became prominent. They all depended on a stable internet connection and the ability to reach a large audience online anytime. This has put more pressure on ISPs to provide their customers with good internet speeds and excellent service.

Increasing needs for online security

With more spheres of life moving to the internet, robust security solutions were needed. Network interceptions now could lead to much graver consequences than a decade ago because an increasing amount of sensitive data, both personal and occupational, was being sent and stored online.

The public interest in a VPN grew rapidly, and the number of VPN service providers grew as a result. The VPN industry experienced significant growth and transformation thanks to evolving technology. VPN providers expanded their services to mobile platforms. They even made a VPN compatible with routers so that users could route all of their smart home devices through a VPN at once.

Internet users became more conscious about their online privacy as the stakes of falling victim to various data breaches grew higher. VPN providers began offering additional features to bring user privacy to the next level. The most notable features implemented by the majority of respectable VPN providers were:

• No-logs policy, which means that VPN companies wouldn’t store any records of their users’ activity online.
• Kill switch, which automatically disconnects a device from the internet if the VPN connection is lost, preventing accidental data leaks.
• Multi-hop connection, which enables routing internet traffic through multiple VPN servers before data reaches the endpoint, making the user close to untraceable online.

Tight competition between VPN service providers propelled them to search for ways to increase VPN connection speeds and make it an easy-to-use and highly effective tool.

Notable VPN protocols of the late 2010s

A VPN protocol that made heads turn in the second decade of the 21th century was WireGuard®. WireGuard uses modern cryptography for the encryption, which allows for more straightforward configurations. The protocol has a built-in roaming feature that keeps the VPN connection intact when the device switches between Wi-Fi and cellular internet connection. WireGuard showed the potential for simple usage, intuitive design, and performance improvements.

In 2020, the world was shaken by COVID-19, which changed many aspects of everyday life all around the globe. With the lockdown and social distancing measures intact, the internet became vital for communication, work, education, and entertainment. As almost all spheres of life moved to virtual reality, the capabilities of security solutions needed to be improved. VPN technology has become more valuable than ever before.

The internet in the times of a global pandemic

Even though the internet was already taking over the world before the pandemic, it showed its true potential when COVID-19 hit. To keep their businesses running, many enterprises started to rely on remote work, move all of their resources to the cloud services, and use various virtual collaboration tools, such as Zoom or Microsoft Teams. Schools and universities had to switch to online resources, coworking tools, and platforms developed for virtual teaching.

In fact, almost every part of everyday life transitioned to the online format— streaming services or participating in online events replaced going to the cinema or concerts; Private therapy sessions and support group meetings were also held online. With no one being able to leave the house, e-commerce boomed as never before.

With everyday life moving drastically to the online realm, securing it became the main concern for the tech industry.

VPNs adapting to the new reality

The demand for VPNs skyrocketed once businesses shifted to remote work models and more employees needed to access remote networks. However, many VPN providers were not ready for the excessively high volume of users connecting to their servers simultaneously. They had to work fast to find solutions to scale VPN services and enhance them to handle increased loads.

Life moving online has also offered more possibilities for hackers to steal sensitive data and corrupt work-related operations. The stakes were the highest they have ever been, and the number of cybercrimes skyrocketed.

VPN providers introduced multi-factor authentication (MFA) to tackle the increased risk of unauthorized access. The growing number of cyberattacks have encouraged them to integrate various malware protection features into the VPN services. Many VPN providers have also expanded their base of VPN servers to satisfy the increased demand and have started to develop new protocols for higher-end encryption.

Though life after COVID-19 has slowly returned to normal, the importance of our online security and well-being hasn’t diminished in any way. The future of the VPN industry looks bright, with continuous development of new security features and increased global outreach.

What’s in store for VPNs?

The underlying technologies of VPNs are evolving fast, aiming to provide stronger encryption and improve performance. Many browsers, operating systems, and IoT devices have already started integrating VPN as its standard feature. As mobile internet use rises, VPN solutions for tablets and smartphones are being developed and refined.

Many VPN providers are also moving towards decentralized VPN (dVPN) technology, enabling users to build VPN networks using peer-to-peer (P2P) connections. dVPNs may become an effective tool against internet censorship and other online restrictions because it doesn’t rely on centralized network infrastructure, which is more prone to blocking.

The VPN market will also likely benefit from another phenomenon quickly capturing the cyber world – artificial intelligence (AI). The latest use and expansive integration of AI chatbots is already reshaping the internet, making it more intuitive and human-like. AI technology used for a VPN may provide more efficient malware blocking by analyzing data packets in transfer. AI can also improve VPN’s speed and performance by analyzing servers’ loads, latency, and network conditions and connecting users to the server that would provide the best service at that time.

With a VPN integrated into most of the devices we use every day, we’ll be able to enjoy safer internet connection and increased online privacy.

Where is NordVPN headed?

NordVPN has set its goal on providing unrestricted internet for its customers. We constantly expand our server bases and add new features for a smoother user experience.

Technological advancements have created possibilities to improve our virtual lives significantly. However, it also opened the door to making less detectable and more severe online threats. Responding to the increased scope of malware and phishing attempts, NordVPN is searching for new ways to provide top-grade cybersecurity solutions.