Most people get sold a VPN as an all-purpose privacy shield. It’s more limited than that — and misunderstanding what it does leads people to either skip it when it would genuinely help, or rely on it when they’re still exposed. Here’s what a VPN actually does and when it’s worth running.
What a VPN actually does
A VPN creates an encrypted tunnel between your device and a server run by the VPN provider. Your internet traffic passes through that tunnel, so two things happen: your ISP can see you’re connected to the VPN, but not what sites you’re visiting. And the websites you visit see the VPN server’s IP address, not your actual location.
That’s it. A VPN doesn’t make you anonymous. It shifts who can see your traffic — from your ISP to your VPN provider. That’s a meaningful change in some situations and not meaningful in others.
When it genuinely helps
Public Wi-Fi. Coffee shops, airports, hotels — these networks are often unsecured, which means anyone on the same network could potentially intercept unencrypted traffic. A VPN encrypts everything leaving your device, making that interception worthless. If you use public Wi-Fi regularly, running a VPN there is one of the most practical uses.
Hiding activity from your ISP. Your internet provider can see every site you visit. In the US, ISPs can legally sell that data to advertisers. A VPN prevents this — your ISP sees encrypted traffic going to the VPN server, nothing else.
Bypassing geo-restrictions. Traveling abroad and want access to your home country’s streaming catalog? A VPN with servers in your home country makes that work. Same for accessing content blocked in your region.
When it doesn’t help
Tracking by websites you’re logged into. If you’re signed into Google, Facebook, or Amazon, those platforms know who you are regardless of your IP address. A VPN doesn’t change that. They track you by your account, not your location.
Browser fingerprinting. Advertisers can identify your browser by its unique combination of settings, fonts, screen resolution, and extensions — no IP address needed. A VPN does nothing to prevent this. Browser fingerprinting is harder to block; tools like Brave browser or the Firefox extension CanvasBlocker help more here.
Malware. A VPN is a network privacy tool, not a security tool. It won’t stop malicious downloads, phishing attacks, or compromised websites. Don’t confuse the two.
Which VPN to use
Avoid free VPNs. They have to make money somehow, and the way most free VPN providers do it is by logging and selling your traffic data — which defeats the point entirely. You’re trying to get away from one entity selling your data, not trade it for another.
Mullvad ($5/month) is the gold standard for privacy — accepts cash payment, requires no email to sign up, and has been independently audited. Proton VPN (free tier available, paid plans from $5/month) is solid and run by the same team behind ProtonMail. ExpressVPN and NordVPN are widely recommended and work well, though they’re more marketing-heavy than the first two.
One practical note: running a VPN all the time on a phone drains battery and slows connections slightly. A reasonable middle ground is running it automatically when connected to public Wi-Fi (Mullvad and others support this) and leaving it off on your home network.
How to set it up
Setting up Mullvad takes about five minutes. Go to mullvad.net, generate an account (no email required), pay with a card or cash, download the app, and log in with your account number. On iPhone, you can configure it to automatically connect on untrusted networks in the app settings. That’s the entire setup.
For Proton VPN: create an account at proton.me/vpn, download the app, log in. The free tier limits you to a handful of countries and slower speeds but works fine for basic use.
The bottom line
A VPN is one tool among many, not a privacy solution by itself. Use it on public Wi-Fi, use it if you’re concerned about ISP surveillance, use it to access geo-blocked content. Don’t expect it to make you anonymous or protect you from phishing. And don’t use a free one — the cost savings aren’t worth it.