Answering the Most Common Questions About VPNs

Updated on June 3, 2026

So, What Does a VPN Actually Do?

A VPN — Virtual Private Network — creates an encrypted tunnel between your device and a server operated by the VPN provider. When you browse the web through that tunnel, the sites you visit see the VPN server's IP address instead of yours, and your internet service provider sees only encrypted gibberish instead of your actual traffic.

That's the core of it. But the marketing around VPNs has gotten so overblown that a lot of people think they're buying near-invisibility online. They're not. A VPN is one specific tool that solves a specific set of problems. Understanding which problems those are — and which ones it doesn't touch — is the whole point of this article.

Does a VPN Make Me Anonymous Online?

No, and this is probably the most important thing to get straight. A VPN shifts who can see your traffic — from your ISP to your VPN provider — but it doesn't make you anonymous. Here's what can still identify you even while connected to a VPN:

  • Browser fingerprinting: Your combination of screen resolution, installed fonts, browser extensions, and timezone creates a surprisingly unique signature that has nothing to do with your IP address.
  • Logged-in accounts: The moment you sign into Google, Facebook, or any other service, they know who you are regardless of what IP you're coming from.
  • Cookies and tracking pixels: If you accepted cookies on a site last week, those are still in your browser. A VPN doesn't flush them.
  • DNS leaks: Poorly configured VPN clients sometimes send DNS queries outside the encrypted tunnel, revealing which sites you're visiting to your ISP after all.

If you're trying to protect your identity from a determined adversary — a government, law enforcement, or a sophisticated stalker — a VPN alone is nowhere near enough. You'd need Tor, hardened browsers, compartmentalization, and a lot more discipline than most people want to deal with.

What Does a VPN Actually Protect?

Plenty, when used in the right situations:

  • Public Wi-Fi snooping: On an open network at a coffee shop, airport, or hotel, someone on the same network could potentially intercept unencrypted traffic. A VPN encrypts everything leaving your device, which is a real and practical defense.
  • ISP surveillance and data brokering: In many countries, ISPs legally sell browsing data to advertisers. A VPN prevents them from seeing which sites you visit. Your VPN provider can see it instead — which is why the next question matters so much.
  • IP-based geo-restrictions: Accessing a streaming library in another country, or getting around a workplace content filter, is a completely legitimate use case and VPNs handle it well.
  • Basic traffic analysis: Even if someone can see that you're sending and receiving data, a VPN prevents them from easily reading what that data is.

Free VPNs — Are They Worth It?

Almost universally, no. And the reason isn't just that paid services are better — it's that free VPNs often actively work against you.

Running VPN infrastructure — servers, bandwidth, staff, auditing — costs real money. If you're not paying for it, something else is funding it. In practice, that "something else" is frequently:

  1. Selling your browsing data to data brokers and advertisers. This is exactly the problem a VPN is supposed to solve, and free VPNs frequently make it worse.
  2. Injecting ads or tracking scripts into your web traffic — a practice that has been documented in several popular free services.
  3. Providing extremely weak encryption or using outdated protocols that offer little real protection.
  4. Selling access to your connection as a residential proxy so other people can route their traffic through your IP address. This one's particularly bad because it can implicate you in activity you had no part in.

The 2021 investigation that revealed Sensor Tower — an analytics company — secretly owned multiple popular free VPN apps and used them to collect detailed user data should have been a wake-up call. It was for people paying attention. The rest of the market hasn't changed much.

There are two narrow exceptions: Proton VPN's free tier and Windscribe's free tier both have credible track records and transparent policies. Even then, the free tiers are bandwidth- or server-limited. Treat them as trials, not permanent solutions.

What Should I Look for in a Logging Policy?

This is where most people's eyes glaze over, which is exactly what shady VPN providers are counting on. The logging policy determines what a VPN provider could hand over to authorities or a hacker if compelled or breached. A few things to look for:

"No-logs" doesn't mean much on its own. Every VPN claims this now. What matters is whether the claim has been independently verified. Look for providers that have undergone third-party audits by firms like Cure53, KPMG, or Deloitte — and that publish the results publicly. Mullvad, ProtonVPN, and ExpressVPN have all done this, though audit scopes vary.

Look for what specifically isn't logged. The bare minimum: no connection timestamps, no originating IP addresses, no bandwidth logs tied to your account, no DNS query logs. Some providers log aggregate statistics for network management without tying them to individual accounts — that's generally acceptable.

Check the jurisdiction. A VPN company headquartered in the United States can be compelled by a National Security Letter to hand over data without being able to tell you they did it. Providers in Switzerland, Iceland, or Panama face different legal frameworks. This matters more in high-stakes scenarios than for casual browsing privacy.

The "we were served a subpoena and had nothing to give" test. Several providers — most famously PIA and Mullvad — have had their logs (or lack thereof) tested in real legal proceedings and had nothing to hand over. That's actual proof, not marketing copy.

Can My VPN Provider See My Traffic?

Yes. Technically, your VPN provider is in a position to see everything you send through their servers. That's an inherent architectural reality — you're decrypting at their endpoint. This is why choosing a trustworthy provider matters more than any other single factor.

That said, HTTPS encryption (which most modern websites use) means they can see that you visited a site, not necessarily what you did there. The content of your banking session, email, or social media activity is end-to-end encrypted above the VPN layer.

When Is a VPN Genuinely Worth Using?

A VPN earns its keep in these specific situations:

  • You regularly use public Wi-Fi for anything sensitive (banking, work email, health-related browsing).
  • You're in a country with aggressive ISP surveillance and data resale — the US, UK, and Australia have all had documented issues.
  • You're traveling and want to access home-country streaming libraries or banking apps that block foreign IPs.
  • You're a journalist, activist, researcher, or anyone whose browsing patterns could create professional or personal risk if exposed to your ISP.
  • You want to prevent your network-level traffic from being trivially correlated with your identity by advertisers.

A VPN is probably overkill or irrelevant if:

  • Your main concern is stopping Google or Facebook from tracking you — they track you through accounts and cookies, not your IP.
  • You want protection from malware or phishing — a VPN does nothing for either of those.
  • You think it makes you untraceable for illegal activity — law enforcement has other tools, and VPN providers do respond to legal pressure in serious cases.

Which VPN Should I Actually Use?

Rather than a definitive ranking, here's a practical framework. If privacy is your primary concern: Mullvad is the most privacy-focused option available — anonymous accounts, cash payment accepted, regular audits, a history of resisting legal pressure. If you want a balance of privacy and usability with a larger server network: ProtonVPN or IVPN. If performance and streaming unblocking matter most: ExpressVPN or NordVPN (both have been audited, though NordVPN had a server breach in 2018 that they eventually disclosed — they've since improved significantly).

Expect to pay somewhere between $4 and $10 per month for a quality service. Anything significantly cheaper should prompt questions about what they're compromising on.

One Last Thing

A VPN is a useful, specific tool that does what it does quite well. The mistake is treating it as a complete privacy solution. Pair it with a privacy-respecting browser, sensible cookie management, and some awareness of what you're logging into and from where — and you've got a genuinely solid baseline. Expect it to do more than that and you'll end up falsely confident in places where you're actually exposed.