A VPN is just a way to say “wrap up my normal internet packets and ship them somewhere specific before they continue the normal way.” The normal way is you want to get a message to some other server, and as a part of setting up the network you’re on, your machine should already have a list of other devices it’s physically connected to (“physically” could be “via radio waves” so not just wired) and they should have already advertised “hey, I’ve got access to these places too” for your information. Your router is likely the only one in your home network advertising anything that is on the larger internet, so all your outgoing messages will have to go that way to get to their destination. For example, I’ve got a phone, a wifi access point, a router, and my ISP’s box; my phone knows the WiFi access point is two hops away from internet because the access point said so, that’s the best one it can see, so it sends it that way and hopes it makes it. Each machine in between does the same thing until hopefully it gets where it is supposed to.
With a VPN, the same messages are wrapped in a second message that is addressed to the other end of the VPN. When it gets to the VPN provider, it’s unwrapped, then the inside message is sent off to wherever it’s supposed to go. If a message comes back to the VPN provider addressed to you (ish, this is simplifying a bit), it’s wrapped up the same way and sent back to you.
Big companies often put resources “behind” the VPN, so you can’t send messages from the outside addresses to the office printer, they’ll get blocked, but you can request a connection to the VPN, and messages that come in through that path do get allowed. The VPN can be one central place where you make sure everything coming in is allowed, then on the other side the security can be a little less tight.
VPNs also encrypt the internal message as a part of wrapping them up, which means that if you’re torrenting via a VPN, all anyone else can see is a message addressed to your VPN provider and then an encrypted message inside. And anyone you were exchanging messages with only ever saw traffic to and from the VPN provider, they never saw where it was going after your VPN provider got it. Only you and the VPN provider know what was happening on both ends, and hopefully they don’t look too closely or keep records.
Hopefully now it’s clear that Mullvad and similar won’t help you access your own things from outside, they’re only good for routing your stuff through them and then out into the rest of the internet. However, this isn’t secret magic tech: you can run your own VPN that goes in the other direction, allowing you into your own home network and then able to connect to things as if you were physically there. Tailscale is probably the easiest thing for things like that nowadays, it’ll set up a whole system where your devices can find each other and set up a mesh of secure, direct connections no matter where they are physically located. By default, just the direct device-to-device connections are re-routed, but you can also make a device an “exit node” that can route all your traffic like a traditional VPN.
Of course, that will be the exact opposite of what you want for privacy while torrenting, as it’s all devices that you clearly own and not hiding their identities whatsoever. But it’s very cool for home networking and self-hosting stuff.
A VPN is just a way to say “wrap up my normal internet packets and ship them somewhere specific before they continue the normal way.” The normal way is you want to get a message to some other server, and as a part of setting up the network you’re on, your machine should already have a list of other devices it’s physically connected to (“physically” could be “via radio waves” so not just wired) and they should have already advertised “hey, I’ve got access to these places too” for your information. Your router is likely the only one in your home network advertising anything that is on the larger internet, so all your outgoing messages will have to go that way to get to their destination. For example, I’ve got a phone, a wifi access point, a router, and my ISP’s box; my phone knows the WiFi access point is two hops away from internet because the access point said so, that’s the best one it can see, so it sends it that way and hopes it makes it. Each machine in between does the same thing until hopefully it gets where it is supposed to.
With a VPN, the same messages are wrapped in a second message that is addressed to the other end of the VPN. When it gets to the VPN provider, it’s unwrapped, then the inside message is sent off to wherever it’s supposed to go. If a message comes back to the VPN provider addressed to you (ish, this is simplifying a bit), it’s wrapped up the same way and sent back to you.
Big companies often put resources “behind” the VPN, so you can’t send messages from the outside addresses to the office printer, they’ll get blocked, but you can request a connection to the VPN, and messages that come in through that path do get allowed. The VPN can be one central place where you make sure everything coming in is allowed, then on the other side the security can be a little less tight.
VPNs also encrypt the internal message as a part of wrapping them up, which means that if you’re torrenting via a VPN, all anyone else can see is a message addressed to your VPN provider and then an encrypted message inside. And anyone you were exchanging messages with only ever saw traffic to and from the VPN provider, they never saw where it was going after your VPN provider got it. Only you and the VPN provider know what was happening on both ends, and hopefully they don’t look too closely or keep records.
Hopefully now it’s clear that Mullvad and similar won’t help you access your own things from outside, they’re only good for routing your stuff through them and then out into the rest of the internet. However, this isn’t secret magic tech: you can run your own VPN that goes in the other direction, allowing you into your own home network and then able to connect to things as if you were physically there. Tailscale is probably the easiest thing for things like that nowadays, it’ll set up a whole system where your devices can find each other and set up a mesh of secure, direct connections no matter where they are physically located. By default, just the direct device-to-device connections are re-routed, but you can also make a device an “exit node” that can route all your traffic like a traditional VPN.
Of course, that will be the exact opposite of what you want for privacy while torrenting, as it’s all devices that you clearly own and not hiding their identities whatsoever. But it’s very cool for home networking and self-hosting stuff.