When you look up VPN-related topics, you'll find articles on how these services can help you bypass geo-blocks and secure data. But there's not a lot of info about VPN history itself. So, we decided to put together this article discussing the most important things about it, helping you understand how VPNs became the most effective tools for preserving your privacy in today's digital world.
VPN technology was first introduced to government projects and corporations. Initially, they were just meant to offer government officials and corporate employees a secure way to access files from home, downtown, or abroad. But VPNs went from that to extensive, successful commercial services over the years, as you'll soon find out.
In this guide, we'll explain the timeline of VPN development, go into the origins of VPN technology, and even take a look at what the future has in store for VPNs.
VPNs might seem like a new concept designed as a response to today's geo-blocks, Internet censorship, and privacy-related issues. However, the initial idea of VPN technology was drafted in the 1960s, even before the Internet was introduced in the mid-1980s. However, as the popularity of the Internet grew, so did the development of various VPN-like protocols for data transmission.
In the 1990s, AT&T Bell Laboratories introduced the Software IP Encryption Protocol, showing that web connections can be encrypted. However, Microsoft played a major role in the popularity of VPNs with the introduction of the Point-to-Point Tunneling Protocol, which marked a significant milestone, as it showed that data could be encapsulated within individual packets for more secure transmission.
Alongside Microsoft, Cisco worked on its protocol called L2F, which was seen as an improved version of PPTP, as it introduced advanced encryption methods. By working together, Microsoft and Cisco made a combined protocol (L2TP), which made VPN connections easier to achieve and maintain, enabling the security of data tunneling across IP networks.
The history of VPN connections can be seen through the development of VPN protocols, such as PPTP, IPsec, L2TP, OpenVPN, and more. Also, keep in mind that VPN providers aren't the ones who came up with the idea of VPN protocols. Some of them are government-funded projects, while others are the work of independent teams that use open-source code.
Let's explain the history of VPNs through various decades, starting with the 1960s, which is when the first concept of a VPN connection was born.
In the 1960s, computers were very different than how we imagine a computer today. They were large and expensive machines stored in specialized environments, so universities, laboratories, and government institutions primarily used them. More importantly, they were standalone machines without an option to connect two or more computers for the purpose of exchanging information and data.
In the early sixties, Paul Baran, who worked for Rand Corporation, was the first one to create a concept of a decentralized network using packet switching. This concept imagined that data could be broken into smaller pieces called data packets, which was later developed by the US Advanced Research Projects Agency (ARPA).
ARPA's researchers, data scientists, and engineers started the development of ARPANET in 1966 to connect research institutions and universities. In 1969, a team of graduate students at UCLA attempted to send a message through ARPANET to a computer at the Stanford Research Institute. Even though the system crashed and the transmission was incomplete, this was the first time two computers shared data successfully.
As ARPANET became widely used by educational and governmental institutions, a more advanced data transmission protocol was needed. By the 1980s, the Transmission Control Protocol / Internet Protocol (TCP/IP) created a new approach to connecting devices, setting the base for today's Internet. Today's widely used IPv4 and IPv6 protocols stem from TCP/IP.
The issue is that IP addresses are made of a string of numbers. So, inputting a string of numbers each time a connection to a device is needed was tiresome. That issue was resolved in 1984 when the Domain Name System (DNS) was introduced, swapping IPs with text-based domain names (such as google.com, for example), which allowed the broader public to access the Internet.
The first online platform was launched in 1985 (AOL - America Online), allowing people to use chat rooms and participate in digital communities. In 1989, the first commercial ISP called The World, based in Massachusetts, started allowing individuals to connect to the Internet through dial-up connections. By 1990, hyperlinks were introduced through the HTTP protocol, creating the World Wide Web.
By the mid-1990s, the Internet was growing rapidly, creating a need for securing connections and preventing possible interceptions by malicious actors. The first VPN protocols were created during this decade, but they were in development years before that.
PPTP (Point-to-Point Tunneling Protocol) was the brainchild of a consortium of various companies - Microsoft being the most notable. Its primary purpose was to secure remote connections to work and home computers. Nowadays, VPN providers no longer widely use PPTP. The NSA can decrypt it, and it's vulnerable to bit-flipping and dictionary attacks. Plus, firewalls can block PPTP traffic quite easily.
IPSec (Internet Protocol Security) started out as a DARPA project in the early 1970s and grew into an NSA-backed project between 1986 and 1991 whose goal was to create security protocols for the Internet. After many name changes and different companies working on it, the protocol was eventually called IPSec. Like PPTP, its goal was to allow computers to communicate safely over the web.
Overall, IPSec is pretty secure, but it also comes with serious flaws. The good news is that IPSec VPN connections are only vulnerable if they use IKEv1 instead of IKEv2. Still, not many providers offer standalone IPSec connections. Usually, they pair it up with L2TP and IKEv2.
The 2000s saw a significant shift in how companies used the Internet. Aside from establishing their online presence through websites and e-commerce platforms and integrating online payment systems, companies also started using the Internet to support their infrastructure, secure their data, and prevent cybercrime. This led VPNs to further develop through newly designed protocols.
L2TP (Layer 2 Tunneling Protocol) is a protocol that supports VPN connections and helps ISPs deliver their services. It originates in two different protocols - Cisco's L2F (Layer 2 Forwarding) protocol and Microsoft's PPTP protocol. The protocol attempted to solve the TCP meltdown issue using a UDP port. While that offered better stability, one big problem was that the L2TP tunnel provided zero encryption.
Because of that, L2TP was always (and continues to be) paired up with IPSec. So, you'll only see VPN providers offering L2TP/IPSec connections, not L2TP connections. The security is pretty decent since you get double encapsulation - first, like a PPTP connection and then an IPSec connection.
In 2001, James Yonan developed OpenVPN and published it using GPL (GNU General Public License). We can easily say this was a turning point in VPN history since this was the first open-source VPN protocol. Also, OpenVPN enabled peers to authenticate each other through pre-shared keys, usernames/passwords, and digital certificates.
OpenVPN offered excellent security, which was achieved by mixing TLS and SSL. It also underwent security audits, and the results were good. Most VPN providers provide OpenVPN connections nowadays, but you can also set up your VPN server. If you'd like to learn more about this protocol, we provide a dedicated guide to OpenVPN.
Initially, VPNs were used by companies, as the cost of VPN deployment was justifiable for enterprise users primarily. However, that changed by the mid-2000s, when the first commercial VPNs appeared as Internet users became aware of the risks of being online. As websites and digital services became more powerful and more demanding in terms of personal data, so did cybercrime.
Hacking attempts on public Wi-Fi networks, phishing scams, malware, and other online dangers have become commonplace in the 2000s, and they still present a grave threat even today. In addition to anti-malware tools, commercial VPNs also appeared, as it became possible to deploy a VPN network not only for companies but also for individual users.
2005 is when IKEv1 got officially updated to IKEv2. That fixed IKEv1's security vulnerabilities and added more useful functionality - particularly MOBIKE (IKEv2 Mobility and Multihoming Protocol), which helped the VPN connection resist network changes.
That meant your VPN connection wouldn't go down if you switched from a Wi-Fi network to mobile data on the spot. Furthermore, IKEv2 brought along better DoS protection. Even though it was closed-source, it has open-source implementations like OpenIKEv2 and Openswan.
Microsoft developed SSTP (Secure Socket Tunneling Protocol) and introduced it with Windows Server 2008 and Vista SP1. While it still encrypted data packets with PPTP, it ensured they stayed safe by following up with the SSTP header, which uses SSL encryption.
While SSTP is secure, stable, and flexible, some doubt its efficiency because it's closed-source. Also, only Microsoft owns it, and the company is part of the PRISM surveillance program. Of course, when SSTP came out, that wasn't such an issue since that kind of info wasn't public knowledge.
The 2010s brought a significant step forward to the development of the Internet. The number of devices with online features grew yearly as individuals could use their computers, phones, and tablets to access online services. Also, we've seen the rise of e-commerce platforms, streaming services, and online multiplayer games, forcing ISPs to deliver better speed and service.
Of course, Internet threats didn't go away, prompting VPN providers to refine their offerings. During this time, no-logs policies became a major selling point of VPNs, as people started to understand that no one should have easy access to their sensitive data. Also, new features appeared, such as kill switches and multihop connections, while VPN providers also worked on providing better performance overall.
SoftEther started out as research for Daiyuu Nobori's master's thesis at the University of Tsukuba. But it didn't take long to become a successful VPN protocol implementation. It quickly grew popular thanks to being open source, offering high-end digital security, and providing better speeds than OpenVPN and PPTP.
As for Chameleon, it's pretty unique since it's the only protocol on this list developed by a VPN provider (VyprVPN) and only belongs to them. Because of that, though, it's not open for inspection.
Despite that, we still consider Chameleon a noteworthy part of VPN history because it's the only protocol that uses a form of obfuscation, meaning it also hides your VPN traffic, not just your regular traffic. So, your ISP or government won't know you're using a VPN.
Written by Jason A. Donefield, WireGuard is the latest VPN protocol. According to its documentation, it aims to surpass the OpenVPN and IPSec protocols in terms of performance. Just like OpenVPN, WireGuard was published under GPL.
Even though it runs inside the Linux kernel, WireGuard is cross-platform compatible. Moreover, it's more straightforward than OpenVPN or SoftEther since its code isn't too complex (it only has around 3,700 lines).
As for security, WireGuard aims to offer only the best and latest measures. That includes ChaCha20 encryption, Poly1305 message authentication, Curve25510 for ECHD key agreement, 1.5-RTT handshake, and BLAKE2s hashing.
However, WireGuard is still a work in progress. So, we might see new features and more improvements soon (like it being able to use TCP port 443). The same applies to the protocol's strengths and possible weaknesses.
Up to this point, traditional VPN connections have been used in enterprise environments for around three decades. However, conventional hub-and-spoke VPN models faced new challenges as businesses started moving to the cloud. Due to latency when accessing cloud-based applications over traditional VPN connections, new solutions emerged, such as SDWAN and SASE.
SDWAN uses software-defined networking principles, and it's based on multiprotocol label switching (MPLS) and wireless, broadband, and VPN connections to create a secure digital environment. It also monitors the performance of WAN connections to maintain fast speeds and optimize connectivity. As such, it delivers easy scalability, allowing administrators to scale up to down based on actual demand.
SASE combines networking and security into a single cloud-delivered service. Unlike traditional VPN connections, which still use corporate data centers, a SASE architecture uses nearby cloud gateways. This results in simplified management and complexity. Furthermore, SASE systems can scale quite easily, making them more adaptable than VPNs without compromising the security of an enterprise digital environment.
The 2020 COVID-19 outbreak brought a major shift in how work is done, with the entire planet switching to remote work, which persists worldwide. Organizations were forced to switch to remote work overnight, meaning remote access VPNs became imperative. As a response, remote access VPN providers grew their server fleets, adopted multifactor authentication, and integrated malware protection.
Split tunneling has also become commonplace, allowing individuals to use VPN connections selectively and preserve VPN bandwidth. In other words, we're still seeing VPN providers optimize the very core of their architecture to become more agile, more performant, and more secure. However, the past couple of years have brought certain VPN limitations to the surface.
As mentioned earlier, businesses are moving to the cloud massively. We expect cloud applications to become prevalent, which creates an issue with VPNs, as those networks use a centralized hub, which makes routing inefficient and causes latency. So, solutions such as SDWAN and SASE present a compelling alternative, prompting VPNs to become more agile than ever before.
In the past few decades, and especially in the last 15 years, several events and trends have influenced commercial VPNs to become widely used. VPNs adapted to solve those issues as the Internet changed and brought new obstacles and threats. Let's take a closer look.
WikiLeaks started showing the world how much shady stuff goes on behind the scenes and how much governments loved censoring the web in 2006. Besides, many privacy scandals have convinced people that the Internet isn't as private and safe as we all like to think.
And it all culminated with Edward Snowden's leaks between 2013 and 2014. That's when people found out just how much governments spy on online users. For example, the NSA (National Security Agency) was discovered to collect all telephone data via Verizon. Also, it was discovered that the NSA tapped into the servers of major tech companies, such as Microsoft, Google, Facebook, and Yahoo.
The leaks revealed the extent of data logging, unimaginable to this day. We also learned that the UK's central intelligence agency was tapping fiber-optic cables to intercept global communications, sharing that data with the NSA. Reportedly, the NSA also spied on European Union officers as well as collected data from 38 embassies and missions.
Regular Internet users were affected as well, not just those under suspicion. Because of that, VPNs became a popular and highly effective way for Internet users to stop government agencies, hackers, and ISPs from spying on them.
China is one of the most notable examples. The country started censoring the Internet in 1997, and its government immediately started working on its Great Firewall the following year. Today, this country imposes censorship on various media types, including television, print media, radio, film, text messaging, video games, and more. Also, numerous Western sites are not accessible from the country.
Besides that, countries such as North Korea and Iran are following China's lead. They heavily emphasize domestic websites, which are heavily censored, while foreign digital services are blocked. Similar things happen in Iraq, Myanmar, Pakistan, and Turkmenistan, where shutdowns are common, as well as obstacles to accessing foreign sites and social media networks.
Obviously, people in those areas and tourists visiting those countries started using VPNs to get around government censorship. By connecting to VPN servers abroad, Internet users can obtain a foreign IP address, which is how access blocks and censorship can be bypassed.
Video-on-demand services started showing up around 2006. Amazon Video, Netflix, Hulu - you had quite a lot of options. This trend is still quite active, as hundreds of streaming services deliver mainstream and niche content. On top of that, we've also seen the rise of live TV platforms, allowing Internet users to break free from cable TV packages.
Unfortunately, these services use geo-restrictions. Due to licensing and broadcasting rights, they're forced to implement country-based streaming libraries. That means that users in different countries can access different movies and TV shows while paying the same or similar prices. In the US, there's also the issue of sports blackouts, which carried over from cable TV to IPTV.
So, people living or traveling outside a specific country (usually the US) didn't get access to all that entertainment until they started using VPNs to bypass geo-blocks.
Wi-Fi might be useful, but its risks are pretty severe. What started out with flaws that could jam networks and hacking threats eventually culminated with the KRACK attack - a cyber attack that can break WPA2 encryption (the current Wi-Fi security standard). Even though you can do a lot to prevent a KRACK attack, the truth is that Wi-Fi will remain vulnerable for a long time to come. Plus, not even WPA2's successor (WPA3) is 100% without flaws.
Many other types of Wi-Fi attacks exist as well. For example, there are "evil twin" attacks when hackers set up malicious hotspots with seemingly trustworthy names. Man-in-the-middle attacks break into Wi-FI networks and intercept traffic, while packet-sniffing attacks focus on unsecured Wi-Fi networks to extract login credentials and financial information.
All in all, Wi-Fi has proven time and time again how unreliable it is over the years. So, online users just started running VPN connections whenever they used Wi-Fi to secure their traffic. In fact, a VPN can turn any unsecured Wi-Fi network into a highly secure one, preventing hacking attempts and malicious data interception.
In the last decade, we've seen many countries trying to implement data privacy laws, which is seen as a response to the ever-growing power of IT companies. Perhaps the most notable example is the EU's GDPR, which aims to force data logging parties to implement stronger consent requirements, better overall security, and stricter fines for data breaches and unauthorized data collection.
Countries such as the US, Canada, New Zealand, Brazil, Singapore, Thailand, Germany, China, South Korea, Switzerland, Saudi Arabia, and India have national data privacy laws, which is considered a GDPR domino effect. However, even with this legislation, no matter how strict it might be, it's impossible to avoid data logging and related questionable practices.
No matter where you live or what kind of laws protect your use of the Internet, it's always wise to take your digital privacy into your own hands. That's where VPNs come into play, as they remain the most effective way to prevent data logging and surveillance, no matter your country's laws.
Internet shutdowns have become a common technique in authoritarian countries to stop protests, censor speech, control elections, and silence populations. They're implemented by slowing down Internet access, blocking specific apps/digital services, or partially/completely closing down the Internet.
The countries shutting down the Internet the most are India, Myanmar, Ethiopia, Iran, Russia, Tanzania, Senegal, and Azerbaijan. Furthermore, Internet shutdowns happen every couple of days, which can be tracked over at NetBlocks, which means that this method of censorship is on the rise. Of course, as a response to these threats, VPNs are on the increase in those countries as well.
It's important to understand that VPNs can't help you regain access to the Internet. However, they're an irreplaceable tool for bypassing censorship. So, if you're in a country where social media is often blocked or have difficulty accessing foreign sites, a VPN can be your biggest ally.
The first official commercial VPN app to hit the market was StrongVPN. The company behind it dates back to 1994, and it was in the business of selling computer parts. They officially made VPN history by launching StrongVPN in 2005.
According to some old reviews we managed to dig up, StrongVPN had 440 servers (give or take a few), a 7-day money-back guarantee, and unlimited bandwidth around the time it launched. They also offered pre-configured routers, 24/7 support, and pretty fast speeds.
Unfortunately, it was lacking in terms of security. You mainly had the PPTP protocol (some reviewers mentioned L2TP and IPSec, too) and limited access to OpenVPN. StrongVPN also used static IP addresses, which is not the best privacy choice.
Nowadays, the service is obviously more different. It has more servers, a 30-day money-back guarantee, keeps zero logs, and offers better protocol support - OpenVPN (widely available now on their servers), IKEv2, L2TP/IPSec, IPSec, WireGuard, and SSTP.
If you'd like to read a more recent review of StrongVPN, check out our take on it. After StrongVPN, these were the next apps to hit the market: PureVPN (2007), VyprVPN (2009), and ExpressVPN (2009).
The global VPN market will grow significantly by 2032 - up to roughly $350 billion. Large companies are noticing that since they started buying VPN services in bulk. Moreover, VPN usage will likely continue growing primarily in Asia, the Pacific, Latin America, and the Middle East. Those regions currently have the highest VPN usage rates.
Of course, we also expect VPNs to adapt to the latest technologies and trends. For example, we might see decentralized VPNs and technologies such as artificial intelligence and machine learning will most certainly find their use. Let's go over what we might see from VPNs in the future.
Regular users having power over how things work instead of a central authority sounds appealing, after all. So, it's not very surprising that we might or might not see decentralized VPNs (dVPNs) soon. In fact, there is already work in progress, and it's called the Tachyon Protocol.
From the get-go, it's obvious why a decentralized VPN sounds good. It would ensure that there is no way a VPN service could go behind your back and log your traffic. It would also eliminate the risk of data breaches and leaks. Also, censorship wouldn't be a problem either.
Moreover, Tachyon also promises to deliver faster and more stable connections. And it claims to achieve this level of decentralization by combining PPTP with blockchain technology. That sounds a bit bad since PPTP is not secure, but the Tachyon protocol allegedly uses end-to-end ECDHE-ECDSA encryption to provide security.
IKEv2/IPsec, OpenVPN, and WireGuard are the most widely used protocols. While OpenVPN is the strongest, WireGuard has a lightweight codebase and speedy performance. That said, none of those protocols are fully prepared for the rise of quantum computing, which could make current encryption models obsolete.
That's why certain VPN providers are also advocating for Post-Quantum Cryptography (PQC). It's hard to tell whether the currently available protocols could evolve and adopt new encryption algorithms, but we'll most definitely see a significant change in that area in the future.
We have already seen how artificial intelligence has changed how we use the Internet. AI chatbots are making it easy to extract complex information, and something similar might happen with VPNs. For example, artificial intelligence could help VPN providers optimize their speed and performance by providing real-time data on servers' loads, latency, and network conditions.
Aside from that, machine learning will most definitely provide a big step towards responding to the increased scope of malware and phishing attempts.
Based on the current trends, the importance of user privacy will undoubtedly continue to rise. Privacy regulations like GDPR may force VPN providers to become more transparent, as the competition in the global VPN market will call for higher accountability standards. In other words, we'll see clearer terms and conditions explaining how your data is managed.
Ultimately, we hope to see VPN providers providing greater user control over their data, allowing individuals to make choices aligned with their values and priorities.
VPN providers have already started offering non-VPN features to enhance your protection. For example, we already have VPNs with dedicated anti-malware tools, content blockers, and digital tools that warn if your credentials leak online. The global VPN industry is poised to grow, prompting providers to offer more comprehensive digital protection.
It's not far-fetched to imagine secure browsers offered by VPN providers that can do more than connect you to a secure server. As VPNs become more powerful, they'll need to find a way to offer user-friendly interfaces that host more features than ever before without affecting their ease of use.
Initially imagined as a way to connect and protect business environments, VPNs have managed to adapt to the ever-changing Internet landscape to become an essential privacy tool. You'll agree that we live in uncertain times, as Internet censorship is still rampant worldwide while data logging and geo-blocks are rising. Therefore, the importance of using a VPN will only grow as time passes.
Whether we talk about corporate or individual users, the history of VPNs has shown us the importance of creating secure connections. So far, VPNs have managed to remain agile and adapt to ever-changing digital conditions, and we're yet to see how they implement post-quantum encryption and artificial intelligence. However, based on their history up to this point, it's hard to imagine a replacement that could bring the same level of cybersecurity as VPNs deliver right now.
That's all for our guide on the history of VPN technology. Let us know what you think in the comments section below. And, of course, thanks for reading!