What Is a VPN (and Should You Use One?)

VPN advertizing tends toward overstatement: "become invisible online," "browse with complete anonymity," "total protection." None of these claims are accurate, and the gap between marketing and reality makes VPNs confusing for people trying to understand whether one would actually help them.
This guide explains what a VPN does, what it does not do, when it is genuinely useful, and how to evaluate one if you decide to get it.
What this covers:
What a VPN is and how it works
The main reasons people use VPNs
What VPNs cannot protect you from
Whether you actually need one
What to look for when choosing a VPN
Free VPNs and why most should be avoided

What a VPN Is

A VPN (Virtual Private Network) routes your internet traffic through a server operated by the VPN provider before it reaches its destination. Two things happen as a result: your traffic is encrypted between your device and the VPN server, and the websites you visit see the VPN server's IP address rather than your own.

Without a VPN, your internet provider can see what sites you visit, and websites can see your IP address, which reveals your approximate location. Anyone monitoring the network you are on (for example, on public Wi-Fi) can potentially observe your traffic.

With a VPN active, your internet provider sees encrypted data going to the VPN server. Websites see the VPN server's location. Network monitors see only encrypted traffic.

The useful analogy: without a VPN, internet traffic is like a postcard. Anyone who handles it can read it. With a VPN, the postcard goes inside a sealed box that only the VPN server can open, and only after it arrives at the destination.

What VPNs Are Used For

Privacy on public networks. Public Wi-Fi at airports, cafes, and hotels is a shared network. Other people on the same network can, with the right tools, observe unencrypted traffic. A VPN encrypts your traffic so even if someone is monitoring the network, they see only scrambled data. This is the most practical and widely applicable use case.

Hiding your browsing from your internet provider. Internet providers can see every domain you visit. In some jurisdictions they are permitted to sell this data or are required to retain it. A VPN prevents this by routing encrypted traffic to the VPN server, which the provider sees, rather than to each individual destination.

Accessing region-restricted content. Streaming services, news sites, and other platforms restrict content by country. A VPN routes traffic through a server in a different country, which makes the destination site see a request from that country instead. Whether this is permitted under the terms of service of the platform varies.

Bypassing censorship. In countries where certain websites are blocked at the network level, a VPN can route traffic around those blocks. Whether this is legal and the degree of effectiveness varies by country and VPN provider.

Remote work access. Many organisations use VPNs to allow employees to connect to internal systems as if they were on the company network. This is a different use case from consumer VPNs, and the company operates the server rather than a third-party provider.

What VPNs Cannot Do

A VPN encrypts your traffic and changes the IP address that websites see. It does not:

Prevent malware or viruses. A VPN does nothing to protect against malicious software on your device or delivered through downloads.

Block phishing. If you click a link in a fake email and enter your credentials on a convincing but fraudulent site, the VPN connection to that site is just as secure as a connection to a legitimate one. The problem is not the connection; it is the destination.

Stop cookies and tracking scripts. Websites use cookies, fingerprinting, and tracking scripts to identify users across sessions. These operate at the browser level and are unaffected by VPN use. If you are logged in to a service, that service knows who you are regardless of your IP address.

Provide anonymity. A VPN shifts who can see your traffic (from your internet provider to the VPN provider) but does not make you anonymous. The VPN provider knows your real IP address and, if it keeps logs, which sites you visited. Using a VPN while logged in to social media or email does not prevent those services from knowing who you are.

Do You Actually Need One?

A VPN is most useful in specific situations rather than as something running continuously on a home network.

It is worth using when connecting to public or shared networks you do not control, particularly for anything involving logins, banking, or other sensitive activity.

It is less necessary on a trusted home network where the main concern is not being monitored by others on the same network. Most home connections already use HTTPS for the majority of traffic, which encrypts the content of communications even without a VPN.

For people in countries with significant internet censorship or surveillance, a VPN provides more consistent value as a regular tool.

For most people in most situations, the realistic use case is: enable it when on public Wi-Fi or when traveling, and leave it off at home unless there is a specific reason to use it.

What to Look for When Choosing a VPN

No-logs policy. A VPN provider that retains logs of your activity can be compelled to hand them over, or can be breached. Look for providers with a documented no-logs policy that has been independently audited.

Encryption standard. AES-256 is the current standard for symmetric encryption and is used by reputable providers. WireGuard is a newer VPN protocol that is faster and generally considered more secure than older options like OpenVPN or IKEv2.

Jurisdiction. VPN providers operating in countries that are members of intelligence-sharing agreements (the Five Eyes, Nine Eyes, or Fourteen Eyes) may be subject to data requests. Providers based in Switzerland, Iceland, or Panama are commonly cited for stronger privacy protections.

Independent audit. Reputable providers commission independent security audits and publish the results. This is more meaningful than marketing claims alone.

Speed. Encryption adds overhead. Good providers minimize this impact, but any VPN will reduce speeds to some degree. Testing with a free trial before committing is worthwhile.

Providers with consistently strong reputations include ProtonVPN, Mullvad, and ExpressVPN. Research current reviews before subscribing, as the VPN market changes and past reputation does not guarantee current quality.

Free VPNs

Most free VPNs monetize by collecting and selling user data, which is the opposite of what a VPN is supposed to provide. The cost of running VPN servers is not trivial, and if the product is free, the user's data is typically how it is paid for.

ProtonVPN's free tier is a genuine exception: it is run by a privacy-focused company, enforces a no-logs policy, and is supported by paid subscribers rather than data sales. The free tier has speed and server limitations but is reliable for light use.

For regular use, a paid VPN from a reputable provider is worth the cost. Annual subscriptions from established providers typically run under $100 per year.

Key Takeaways

A VPN encrypts your traffic between your device and the VPN server and replaces your IP address with the server's. It does not make you anonymous.
The most practical use case is public or untrusted networks, where a VPN prevents others on the same network from observing your traffic.
VPNs do not block malware, phishing, cookies, or tracking scripts. They address one specific threat model: traffic interception and IP-based location tracking.
Most free VPNs collect and sell user data. ProtonVPN's free tier is a legitimate exception.
When evaluating a paid VPN, prioritize a verified no-logs policy, a current security audit, and modern encryption protocols (AES-256 or WireGuard).

Conclusion

A VPN is a useful tool for a specific set of circumstances, not a comprehensive privacy solution. On public networks, it provides meaningful protection. As a permanent, always-on layer of privacy at home, the benefit is less clear for most users.

Understanding what a VPN actually does makes it easier to decide when it is worth having active. The combination of a VPN on untrusted networks, strong passwords, two-factor authentication, and an ad-blocker for tracking scripts covers the most common practical privacy risks.

Have a question about a specific VPN use case or want a recommendation for a particular situation? Leave it in the comments.