The Problem with "VPN"
“VPN” is a broken term.
We use one acronym to describe two entirely different things:
- The Gated Community: A private network your company controls, where only authorized employees can enter. Think of it as a locked office building with a single front door.
- The Mask: A middleman service that hides your real location on the internet. Think of it as sending your mail through a third party so nobody knows your home address.
The underlying technology is the same in both cases: wrap your traffic, encrypt it, send it, unwrap it on the other end. But the purpose is completely different, and our language doesn’t reflect that.
The word “private” means two different things depending on which VPN you’re talking about. In the first case, private means “only our people can get in.” In the second, it means “nobody can see who I am.” Same word, opposite intent.
This confusion causes real misunderstandings. When headlines say “the government is targeting VPNs,” most people read that as an attack on personal privacy. But what’s usually happening is that companies and governments are rethinking the first kind of VPN - the locked office building - because it’s an outdated way to secure access. If everyone’s working from home anyway, why route all their traffic through one front door?
The industry’s answer to that is Zero Trust: instead of protecting a perimeter, you verify every person and device every time they access anything, no matter where they are. No single front door. Every door has its own lock.
One acronym, two completely different tools, and a public that can’t tell them apart. Until we give them different names, we’ll keep having the wrong argument.