VPNs were used primarily by companies to allow secure access to their network from the outside. It doesn't surprise me that documents aimed at businesses running Windows servers would describe them in the context of that use case. It doesn't mean that was the entire point, or purpose. It's just one thing they were commonly used for.

> VPNs were used primarily by companies to allow secure access to their network from the outside.

Yeah, that was the entire argument.

At the same time that I was working at an ISP on a product that would let employees from various companies connect via dial up and VPN into their corporate networks (whose gateways were also on our network) several of my co-workers were using a VPN of their own to connect to their home networks, but not to access the resources on those home networks (although some did that too). They wanted to use the internet from their machines at home in order to hide their internet activity from our IT department.

This is basically the same thing people do with VPNs now, only instead of hiding their internet activity from IT, they hide it from their ISP.

VPNs were always used for things other than connecting someone to a corporate network, it's just that most of the general internet population at that time (and I'm guessing you're old enough to remember this) were not aware of the technology and not tech savvy enough to set it up. This is true even for the employees of the companies we had as customers. We had to build entire software products that did nothing but hand hold people through setting up a dial up networking connection. It's not surprising that corporations were the majority users of VPN technology until the rest of the public (who don't have IT staff) caught up, at which point it became increasingly more common for people to use it to hide their internet traffic.

I don't doubt that, I was replying to this:

> You are wrong on this, the private part indicates the privacy it provides not the destination.

In your own recollection, what do you think "Virtual Private Network" stood for? Connecting private networks together, or privacy?

I took it to mean a private network connecting two end points, not necessarily connecting two private networks, just that the tunnel (the network between them) was virtual and secure so the traffic exchanged couldn't be eavesdropped on, or modified, by every random node as it passed though the untrusted internet.

I might have been influenced by the product we were selling though. These were dial up users on workstations looking to access their company's LAN so the idea of connecting two discrete private networks wouldn't have fit as well. There was also a lot of focus on the insecurity of passing traffic (even encrypted traffic) over the internet. We had companies paying us a premium to sign up for the service and host their gateway on our network so that the traffic between the users who dialed in and the company's own network never left the ISPs network (never reached the internet at large). I knew at the time it was marketing and that with a well encrypted connection it shouldn't matter if the traffic ever left our "cloud", but it could have helped to shape my view of the technology.

Clients ate that up too. The internet was scary to them. Being able to say that their employee will dial directly into our equipment, and that no packet would pass through a device we didn't operate until the moment it hits your company's gateway made a lot of companies feel better about letting workers remote in.

Fair, it does seem that "privacy" VPNs are a lot older than I thought and possibly as old as the "VPN" moniker. (Assuming that your project was in the 90s, which it sounds like.)

At this point it just seems like arguing for arguing's sake, but I was rejecting the notion that VPNs were always intended for privacy (along with saying others are wrong for suggesting otherwise). It still seems to me that VPNs did not always imply "privacy", and I think in my sibling comment to this, an RFC from 1999 seems to support that (focusing on "intranets" and "extranets" in the definition of a VPN, and only mentioning encryption once as an optional component, with possibly only authentication instead, or even none).

I agree, VPNs were absolutely not always used to hide internet activity, but sometimes they were. Early on they were certainly most often used by companies to connect networks or to connect to resources on their intranet, the need (and the money) was primarily there, but I'm not surprised that using VPNs for privacy reasons got more popular as time went on. Even back then I thought it was pretty cool/useful tech and I had no LAN to speak of.

I agree with all of that, too! And yeah, I think by now the meaning of "VPN" has well shifted, likely because of the privacy enhancement getting to popular (and I think I've also noticed that terms like "Intranet" and "Extranet" have somewhat fallen out of favor, too, but maybe that's just in my environments).

It's not a question of recollection. Read the acronym carefully. It is virtual and it is a network. Not the destination but the tunnel itself is the network that is private. It was described as such from the start and in no networking context have I ever heard otherwise (correct me if wrong please).

Let's say you have an IPSec tunnel between a branch location and HQ site. The typical solution was GRE where you encapsulate it inside another IP packet that has public IPs only for the destination to decapsulate it. When VPNs came along they added privacy hence the name.

In networking you are not connecting two networks. You are interconnecting three networks! the branch would have its own subnet so would HQ but the VPN also would have its subnet all routed as separate networks. The tunnel network getting privacy because it traverses untrusted networks (back in the day it wasn't typically the interent but ATM, frame relay,T1,etc... "directly" between sites), that's where term cloud comes from FYI the untrusted magic ISP network in the sky.

This might be the most pedantic thread (on my part, too) I was ever part of. :)

The earliest reference to VPN I can find in the RFCs, RFC2547, seems to call the "destination" (the network spanned by the tunnel) the VPN, not the tunnel itself:

    "If all the sites in a VPN are owned by the same enterprise, the VPN
    is a corporate "intranet".  If the various sites in a VPN are owned
    by different enterprises, the VPN is an "extranet".  A site can be in
    more than one VPN; e.g., in an intranet and several extranets.  We
    regard both intranets and extranets as VPNs."

That same RFC has only one mention of encryption at all, in passing, and as being optional (note the "and/or"):

    A security-conscious VPN user might want to ensure that some or all
    of the packets which traverse the backbone are authenticated and/or
    encrypted.

It does not seem to me that privacy was implied.

I still think that VPNs were invented to connect smaller private networks to a larger private network together, where private != privacy. (But rather related to authorities, such as using "private IP addresses" in e.g. 10.0.0.0/8, instead of publicly routable ones.)

Privacy was a (good, likely popular) option, but just not part of the strict definition of what a VPN is (much unlike today).

If you show me GRE being called a VPN I will concede, and yeah very pedantic but it is good to learn through discourse as well I think.

Well companies used VPNs that were not site to site, since the first ASAs and probably before then.

And even then it isn't like individuals did not VPN in the 90s at all.

Yes, too bad about the downvotes but let me add on that and ask those who disagree what P stands for in WEP and WPA? lol. Wep is wired equivalent privacy.

A connection that does not provide privacy like a GRE tunnel for example is called a tunnel never a VPN or more and GRE specifically connects networks which are typically private.

You can also have VPN between two ASes on on the internet which are public networks. Wrong is wrong. Give me another argument to shoot down against VPNs lol.

The correct term for both private and non-private network tunnels is an overlay network (includes stuff like 6-in-4).

The P in WPA stands for Protection, the P in WEP stands for Privacy, the P in VPN stands for Private. Private and privacy don't have the same meaning, and one does not imply the other. I've cited an RFC from 1999 (RFC2547) in another reply to you that strongly suggests (to my reading, at least) that privacy was not necessarily implied in the notion of "private" (although of course a VPN could provide privacy). "Private IP addresses" in the form of "not publicly routable", but not necessarily with any privacy-providing encryption in the mix, seem closer in meaning in this case, and were often (but not always) part of it.

The same RFC also pretty clearly calls the network spanned by the tunnel, not the tunnel itself, a VPN.

By now, the meaning has shifted.

That being said, I think this is my last message on the topic, since, well... it's quite a lot of wasted time on pedantry (which is totally my fault).

> Private and privacy don't have the same meaning, and one does not imply the other.

These two words have the same root and etymology. The adjective "private" is transformed into a noun using the abstract noun suffix, "cy," to become "privacy." These two words have the same word root dressed as different parts of speech.

Of course they have the same root and etymology. Of course they do not have the same meaning, look them up in the dictionary. A private parking spot is not a privacy parking spot.

They are strongly associated, and the definitions are related. One can not have a private conversation without privacy, and when seeking privacy it is exclusively to do something in private. Contrary to previous claims, one implies the other.

The argument that privacy doesn't mean private, and vice versa, in regards to the meaning any of the letters in acronyms is specious, such as, the word private in VPN does not mean that you will have privacy, because, in fact, any transfer of data between the VPN nodes will be kept private from the Internet at large, thus the transfer is in privacy.

The fallacy you and OP committed (if you are not OP, didn't check) is known as the appeal to definition.

> One can not have a private conversation without privacy, and when seeking privacy it is exclusively to do something in private.

One can have a private parking spot without privacy, though. Or a private pilot license.

> any transfer of data between the VPN nodes will be kept private from the Internet at large, thus the transfer is in privacy

Not if your VPN is not encrypted, which exists, although it isn't very common anymore, for obvious reasons.

The IP address "10.1.1.1" is still part of IANA's private IP address space, no matter whether it is transported in a way (say using an unecrypted tunnel over the public Internet) that provides privacy or not.

> One can have a private parking spot without privacy, though. Or a private pilot license.

This is equivocating between two distinct and separate definitions of "private." You are mixing these homonyms.

In the sense you're using in the quote I pulled from your comment, it means intended for or restricted to the use of a particular person, group, or class, but in the sense that it is used in Virtual Private Network, it means something else, namely not known or intended to be known publicly; secret.

Settling that question was the entire discussion you butted into. I quoted an RFC from the late 90s that shows what meaning of "private" was originally intended, while you seem to a priori assume what "private" means here.

> in the sense that it is used in Virtual Private Network, it means something else, namely not known or intended to be known publicly; secret.

Great. Present some evidence or stop wasting time. My evidence that it actually does not mean that is RFC2547.

> My evidence that it actually does not mean that is RFC2547.

RFC2547 does not support your claim... anywhere.

I'll use Webster's definitions for my evidence. Also, every explanation of what VPN is everywhere on the Internet speaks of anonymity and privacy. This means the P in VPN could only mean free from public attention, secret and NOT for the use of a particular person or group, as in private parking.

RFC2547 supports my claim that a VPN does not imply privacy. There is only one mention of "encryption", and it's called out as optional:

   A security-conscious VPN user might want to ensure that some or all
   of the packets which traverse the backbone are authenticated and/or
   encrypted.

Webster's definition of a VPN is (https://www.merriam-webster.com/dictionary/VPN):

    a private computer network that functions over a public network

A private network at the time was defined according to RFC1918. It also provides the motivation for private networks/the private IP address space, which was growth, not privacy/secrecy.

It's a happy coincidence that you can sell a "Virtual Private Network" to endusers as a privacy-enhancing machination, given that it already contains the word "Private", even if that was meant as in private parking space, not private conversation.

You've turned me around. I am convinced. Well done.

This reminds me of the people who think public companies (traded on the stock market) are publicly owned (part of the government) and so want the First Amendment to apply to getting banned from Facebook.