VPN advertisements are everywhere, promising complete online anonymity and bulletproof security. The reality is more nuanced. A VPN is a genuinely useful privacy tool, but only if you understand what it actually does and, just as importantly, what it does not do.
What a VPN Actually Does
A VPN (Virtual Private Network) creates an encrypted tunnel between your device and a VPN server. All your internet traffic passes through this tunnel before reaching its destination. This accomplishes three specific things:
- Encrypts your traffic between you and the VPN server. Anyone monitoring your local network, such as a coffee shop Wi-Fi operator or your ISP, sees only encrypted data flowing to the VPN server. They cannot see what websites you visit or what data you transmit.
- Hides your IP address from destination websites. Websites see the VPN server's IP address instead of yours, making it harder to tie your browsing activity to your physical location or identity.
- Hides your browsing activity from your ISP. Your Internet Service Provider can normally see every domain you visit. With a VPN, they see only that you are connected to a VPN server.
What a VPN Does NOT Do
This is where VPN marketing often crosses into misleading territory. A VPN does not:
- Make you anonymous. You are shifting trust from your ISP to the VPN provider. The VPN company can see your traffic instead. If you log into Google or Facebook through a VPN, those companies still know exactly who you are.
- Protect you from malware or viruses. A VPN encrypts your connection, not your device. Downloading malicious files through a VPN is just as dangerous as without one.
- Prevent tracking via cookies or browser fingerprinting. Advertisers track you using cookies, scripts, and browser fingerprints. A VPN does nothing to stop these techniques.
- Protect your credentials on malicious sites. If you enter your password on a phishing site while using a VPN, your password is still compromised.
- Encrypt traffic beyond the VPN server. Traffic between the VPN server and the destination website is only encrypted if the website itself uses HTTPS.
When You Should Actually Use a VPN
Despite the limitations, there are legitimate and important use cases for VPNs:
- Public Wi-Fi networks. Coffee shops, airports, and hotels run open networks where other users could potentially intercept your traffic. A VPN encrypts everything leaving your device.
- Preventing ISP surveillance. In many countries, ISPs are legally permitted to log and sell your browsing data. A VPN prevents your ISP from seeing which websites you visit.
- Bypassing geographic restrictions. Accessing content or services that are restricted by region requires routing your traffic through a server in the appropriate country.
- Circumventing censorship. In countries that block access to certain websites or services, a VPN can tunnel past government firewalls.
- Protecting against network-level attacks. On untrusted networks, a VPN prevents man-in-the-middle attacks and DNS hijacking.
Choosing a VPN Provider
Since a VPN provider can see your traffic, choosing a trustworthy one is critical. Look for:
- Verified no-logs policy. The provider should not record your browsing activity. Look for providers that have undergone independent audits to verify this claim.
- Jurisdiction. VPN companies based in countries with strong privacy laws and no mandatory data retention requirements offer better legal protections. Avoid providers in Fourteen Eyes countries if maximum privacy is your goal.
- Open-source clients. Open-source VPN applications can be audited by security researchers, ensuring the software does what it claims.
- Independent security audits. Reputable providers hire third-party firms to audit their infrastructure and code.
- Avoid free VPNs. If you are not paying for the product, you are the product. Free VPN services commonly fund themselves by logging and selling user data, injecting ads, or worse.
VPN Protocols
The protocol determines how your VPN tunnel is constructed and secured:
- WireGuard is a modern protocol with a minimal codebase, excellent performance, and strong cryptography. It is the best choice for most users today due to its speed and security.
- OpenVPN is the long-established standard, open source and thoroughly audited. It is slightly slower than WireGuard but remains highly secure and widely supported.
- IKEv2/IPsec offers fast reconnection when switching networks, making it useful for mobile devices. It is secure and stable but less flexible than OpenVPN.
A VPN is one layer in a broader privacy strategy, not a silver bullet. Combine it with encrypted DNS, a privacy-focused browser, and good security habits for meaningful protection.