VPNs Explained: What They Actually Do (And Don't Do)
VPN advertising is everywhere — YouTube sponsorships promise they’ll make you “invisible online,” protect you from hackers, and keep you safe on any network. Most of it is overblown. But VPNs do serve real purposes. Here’s an honest breakdown.
What a VPN Actually Does
A VPN (Virtual Private Network) creates an encrypted tunnel between your device and a VPN server. When you use one:
- Your internet traffic is encrypted before leaving your device
- It travels to the VPN provider’s server
- From there it goes to its destination (a website, app, etc.)
To your ISP and anyone on your local network, your traffic looks like encrypted data going to the VPN server — they can’t see what you’re actually doing. To the destination website, your traffic appears to come from the VPN server’s IP address, not your real IP.
That’s it. That’s what a VPN does.
What a VPN Protects Against
Your ISP seeing your traffic: Without a VPN, your Internet Service Provider can see every site you visit and sell that data to advertisers (legal in the US since 2017). A VPN encrypts this.
Network surveillance on public Wi-Fi: Coffee shop Wi-Fi, hotel networks, and airports are run by unknown parties. A VPN prevents anyone on those networks from seeing your traffic in cleartext.
Basic IP-based tracking: Websites can’t see your real IP address when you use a VPN. This prevents some forms of geolocation-based tracking and ad targeting.
Geographic content restrictions: Streaming services restrict content by country. A VPN lets you appear to be in a different country — useful for accessing content unavailable in your region.
What a VPN Does NOT Protect Against
This is where VPN marketing misleads people:
Cookies and browser tracking: VPNs don’t stop websites from tracking you via cookies, browser fingerprinting, or login accounts. If you’re logged into Google and browsing with a VPN, Google still knows exactly who you are and what you’re reading.
Malware: A VPN doesn’t protect you from downloading malicious software, clicking phishing links, or getting infected by malware. It’s not antivirus.
Your VPN provider seeing your traffic: You’re shifting trust from your ISP to your VPN provider. The VPN provider can see all your traffic (unless sites use HTTPS, in which case they see the destination but not content). This is why choosing a trustworthy provider with a verified no-logs policy matters.
Legal liability: Using a VPN doesn’t make illegal activity legal. Law enforcement can compel VPN providers to turn over data, and many do keep logs despite claiming otherwise.
Complete anonymity: Sophisticated tracking methods (browser fingerprinting, account logins, behavioral patterns) can identify you regardless of VPN use.
When You Should Use a VPN
On public Wi-Fi: Hotels, airports, cafés. High value for low effort. Anyone on the same network could be monitoring traffic.
In countries with heavy internet surveillance or censorship: If you’re in a country where internet access is monitored or restricted, a VPN provides meaningful protection.
To access region-locked content: Streaming libraries vary by country. A VPN lets you access content not available in your location.
If your ISP throttles streaming traffic: Some ISPs throttle bandwidth for certain services (Netflix, YouTube). A VPN hides what type of traffic you’re sending, preventing targeted throttling.
From your ISP: If you don’t want your internet provider building a profile of your browsing habits, a VPN helps.
When a VPN Probably Isn’t Worth It
General browsing at home on a trusted network: Most web traffic is already encrypted via HTTPS. Your ISP can see you visited a site but not what you did there.
If you’re logged into services anyway: If you’re on Gmail, Facebook, Amazon — they already know who you are and what you’re doing. The VPN adds minimal privacy benefit.
Choosing a VPN Provider
The VPN market is full of shady operators. Many free VPNs are run by companies that log and sell your data — the opposite of their marketing promise.
Key factors:
Verified no-logs policy: Audited by a credible third party. Providers who’ve had servers seized by law enforcement and couldn’t provide useful data (like Mullvad in 2023) demonstrate this in practice.
Business model: Paid VPNs with transparent business models are far more trustworthy than free VPNs that monetize data.
Jurisdiction: Providers in countries outside the “Five Eyes” intelligence alliance (US, UK, Canada, Australia, New Zealand) have less legal exposure to government data requests.
Recommended providers: Mullvad (no accounts, anonymous payment, strong privacy), ProtonVPN (Swiss-based, open source, audited), and ExpressVPN (widely tested) are generally considered trustworthy. Avoid Hotspot Shield, Hola, and most free VPNs.
A VPN is a useful privacy tool for specific scenarios — public Wi-Fi, ISP surveillance, geographic restrictions. It is not a privacy silver bullet, and most VPN marketing wildly overstates what it does. Use one when the situation warrants it; don’t assume it makes you anonymous online.
Written by Marcus Thorne
Software analysis and cybersecurity tips
A former software engineer, Marcus transitioned into tech journalism to explain complex digital concepts in simple terms.
You Might Also Like
The Most Common Cybersecurity Threats (And How to Protect Against Them)
You don't need to be a security expert to protect yourself online. Here's a plain-English breakdown of the threats that actually affect regular people.
The Best Browsers for Privacy in 2025
Your browser is one of the biggest vectors for online tracking. Here's how the major browsers compare on privacy — and which one you should use.
How to Spot and Avoid Phishing Attacks
Phishing is the most common cyberattack — and the most preventable. Here's how to recognize phishing attempts and what to do when you encounter one.