Privacy7 min read

VPNs: When You Actually Need One (And When You Don't)

Cutting through the marketing hype to explain what VPNs actually do and whether you need one.

Andri
Andri
Scroll to read

If you've watched any YouTube video in the past five years, you've seen a VPN ad. They promise to make you invisible online, protect you from hackers, and let you watch Netflix from other countries.

Some of that is true. A lot of it is marketing hype.

Let me explain what VPNs actually do, when they're genuinely useful, and when they're a waste of money.

What a VPN Actually Does

A VPN (Virtual Private Network) creates an encrypted tunnel between your device and a server run by the VPN company. Your internet traffic goes through that tunnel before heading to its destination.

This means:

  1. Your ISP can't see what you're doing — They see you connecting to the VPN server. They don't see which websites you visit.

  2. Websites see the VPN's IP address, not yours — The site thinks you're connecting from wherever the VPN server is located.

  3. Your traffic is encrypted to the VPN server — Anyone monitoring your local network (like on public Wi-Fi) sees encrypted gibberish.

That's it. That's what a VPN does.

What a VPN Does NOT Do

Despite what ads suggest:

VPNs don't make you anonymous. Websites track you in many ways beyond IP address: cookies, browser fingerprinting, login sessions. Using a VPN while logged into Google doesn't hide anything from Google.

VPNs don't protect you from viruses. They're not antivirus software.

VPNs don't protect you from phishing. A VPN won't stop you from entering your password on a fake site.

VPNs don't make your connection "secure." Most websites already use HTTPS. The VPN adds encryption to the ISP leg of your connection, but the HTTPS was already doing that for the sensitive data.

VPNs don't make you unhackable. This is pure marketing nonsense.

When You Actually Need a VPN

On Public Wi-Fi

Coffee shops, airports, hotels — any network you don't control. Not because hackers are constantly prowling Starbucks (this is exaggerated), but because:

  • The network operator could monitor traffic
  • You don't know how the network is configured
  • Better safe than sorry

With HTTPS everywhere, the risk is lower than it used to be, but a VPN adds a useful layer.

Hiding Activity from Your ISP

Your internet provider can see which websites you visit (the domains, not the content — HTTPS encrypts that). In some countries, they sell this data to advertisers or hand it to governments.

If you don't want your ISP knowing you visited certain sites, a VPN prevents that.

Bypassing Geo-Restrictions

This is why most people actually use VPNs. Connect to a server in the UK to watch UK Netflix. Connect to the US to access US-only services.

This works, though streaming services actively block known VPN servers. It's a cat-and-mouse game.

Accessing Region-Locked Content While Traveling

Your streaming subscriptions, bank websites, and other services might not work abroad. A VPN lets you appear to be in your home country.

Avoiding Censorship

In countries that block websites or monitor internet usage, a VPN can circumvent restrictions. This is genuinely important for people in authoritarian regimes.

Torrenting

If you're downloading files via BitTorrent (legally or otherwise), your IP address is visible to everyone in the swarm. A VPN hides your real IP.

When You Don't Need a VPN

"For Security" at Home

If you're on your home network and you trust your ISP, you probably don't need a VPN running constantly. Modern HTTPS protects your traffic content.

To Protect Your Passwords

HTTPS already encrypts this. Your bank connection was secure before VPNs became trendy.

To "Prevent Hacking"

VPNs don't stop malware, phishing, or security vulnerabilities in software you use.

For Privacy from the Websites You Use

A VPN hides your IP from websites. But they track you in dozens of other ways. If you're logged into Facebook, Facebook knows it's you regardless of VPN.

When Your Threat Model Doesn't Require It

"Threat model" means: who are you protecting yourself from, and what are the consequences if they succeed?

Most people aren't being surveilled by nation-states. If your concern is casual privacy, browser extensions and good security habits matter more than a VPN.

The VPN Trust Problem

Here's the thing nobody in VPN ads mentions: when you use a VPN, you're trusting the VPN company instead of your ISP.

Your ISP could see your traffic → Now your VPN can see your traffic.

Are VPN companies more trustworthy than ISPs? Sometimes. But:

  • VPN companies have been caught logging traffic despite "no-logs" claims
  • Some are owned by data-harvesting companies
  • Jurisdiction matters — a VPN based in a Five Eyes country may be compelled to hand over data
  • Free VPNs are especially suspicious — if you're not paying, you're the product

If privacy really matters, you need to research the VPN's ownership, privacy policy, and track record. This takes more effort than most people expend.

If You're Going to Use a VPN

Paid vs Free

Never use a free VPN for anything sensitive. Free VPNs have been caught injecting ads, selling browsing data, and worse. The good ones limit speeds and data.

Expect to pay €3-12/month for a decent VPN.

Reputable Options

These generally have good track records, have been independently audited, and importantly — are based in privacy-friendly jurisdictions:

  • Mullvad (~€5/month) — Accepts cash, no account needed, based in Sweden. My personal favourite for privacy.
  • ProtonVPN (€4-10/month) — Swiss-based, from the ProtonMail people. Has a limited free tier. Strong on EU privacy law.
  • IVPN (~€6/month) — Gibraltar-based, small company, transparent practices, independent audits.

I'm deliberately recommending European-based services. They're subject to stronger privacy laws and outside Five Eyes jurisdiction. I'm also not recommending the ones you see advertised everywhere — heavy marketing budgets make me suspicious.

What to Look For

  • No-logs policy (ideally independently audited)
  • Based in a privacy-friendly jurisdiction
  • Open about ownership
  • Supports modern protocols (WireGuard)
  • Doesn't make absurd marketing claims

Alternatives and Complements

DNS-Level Solutions

Changing your DNS to Cloudflare (1.1.1.1) or Quad9 (9.9.9.9) provides some privacy from your ISP with zero speed penalty. Your ISP can still see which IPs you connect to, but not the DNS queries.

Browser Privacy

Firefox with strict tracking protection, or Brave browser. These address the tracking that VPNs don't help with.

Tor

For actual anonymity, Tor is more effective than VPNs. But it's slow and some sites block it. Use for specific sensitive activities, not daily browsing.

Encrypted DNS (DoH/DoT)

DNS over HTTPS encrypts your DNS queries. Browsers like Firefox support this. Complements a VPN but is also useful without one.

My Take

I use a VPN:

  • On public Wi-Fi (always)
  • When I don't want my ISP logging certain traffic
  • To access geo-restricted content

I don't use a VPN:

  • At home for general browsing (I trust my ISP enough)
  • When logged into services that already know who I am
  • As a security solution (it's a privacy tool, not a security tool)

If you travel a lot or frequently use public networks, a VPN subscription is worth it. If you mostly browse at home on a network you control, you probably don't need one.

Don't buy into the fear marketing. A VPN is a useful tool with specific use cases — not a magic security solution.

#VPN#privacy#security#networking

Join the Newsletter

Weekly insights on cybersecurity, digital privacy, and AI tools. Practical advice for non-technical people.

No spam. Unsubscribe anytime.

Back to all posts