What a VPN actually does — and what it doesn't
VPNs are widely misunderstood. This explains what they protect you from, what they can't fix, and how to pick a trustworthy one.
Updated 2026-04-11
What a VPN actually does
A VPN (Virtual Private Network) creates an encrypted tunnel between your device and a server operated by the VPN provider. All your internet traffic routes through that server, so websites you visit see the VPN server's IP address instead of yours. Your ISP sees only an encrypted connection to the VPN server — not which sites you're visiting or what you're doing there.
What a VPN doesn't do
A VPN does not make you anonymous. If you're logged into Google, Facebook, or any account while using a VPN, those services still know exactly who you are. It doesn't block malware, ads, or phishing — those require separate tools. And it doesn't hide your activity from the VPN provider itself. You're shifting trust from your ISP to the VPN company.
When a VPN is genuinely useful
VPNs are most valuable on untrusted networks (hotel WiFi, café hotspots, airport lounges) where attackers may intercept traffic. They're also useful for hiding browsing from your ISP in countries where ISPs are required to log and share data — such as Australia, the UK, or the US. They can also bypass geographic content restrictions, though that's a secondary use case.
How to pick a trustworthy VPN
Key criteria: an independently audited no-logs policy, jurisdiction outside Five/Nine/Fourteen Eyes, open-source clients, and a transparent business model (subscription-based, not free). Free VPNs typically monetise through data collection — the opposite of what you want. Providers like Proton VPN (Switzerland) and Mullvad (Sweden) are widely respected by the security community.
Ready to act on this?
We've reviewed the tools so you don't have to.