The VPN industry does an excellent job of marketing fear. Advertisements show hackers in hoodies intercepting your data on public Wi-Fi and governments monitoring your every click. The reality is both more nuanced and, in some respects, more concerning. A VPN is a genuinely useful privacy tool — but it does not make you invisible, and understanding exactly what changes when you use one will help you make better decisions about when and how to use it.

What Is Actually Exposed Without a VPN?

Without a VPN, several parties can see different aspects of your internet activity:

Your Internet Service Provider (ISP)

Your ISP is the most comprehensive observer of your unprotected internet activity. They can see: every IP address you connect to, which reveals what websites you are visiting even if the content is encrypted; the volume and timing of your traffic; and in many countries, they are legally required to store this metadata for months or years. In the United States, ISPs are legally permitted to sell anonymised browsing data to advertisers.

Website Operators

Every website you visit can see your real IP address, which can be used to determine your approximate geographic location (usually city-level accuracy), identify you across sessions, and in combination with other data, fingerprint your device.

Network Administrators

On any network you do not control — public Wi-Fi, your employer's network, a hotel or cafe — the network administrator can see which IP addresses and domains you connect to. On unencrypted connections (HTTP rather than HTTPS), they can also see the content of your communications.

Governments and Intelligence Agencies

Depending on your country's laws and your ISP's cooperation, government agencies may have access to traffic metadata held by your ISP. In some jurisdictions, real-time monitoring of traffic is legally permitted in certain circumstances.

What a VPN Actually Hides

When a VPN is working correctly (and this is an important caveat — use our tool to verify it is), here is what changes:

From Your ISP

Your ISP can no longer see which websites you are visiting or which IP addresses you connect to. They can see that you are connected to a VPN server and approximately how much data you are transferring, but the content and destination of that data are hidden inside the encrypted tunnel. This is the VPN's strongest benefit.

From Websites

Websites now see the VPN server's IP address instead of yours. This hides your real geographic location and prevents basic IP-based tracking of your identity across sessions.

From Network Eavesdroppers

On public Wi-Fi or other untrusted networks, all your traffic is encrypted before leaving your device. Even if someone intercepts the data, they see only encrypted noise. This is particularly valuable protection on public networks where basic attacks like man-in-the-middle interceptions are plausible.

Is Your VPN Actually Working?

Verify your VPN is hiding what it should be hiding — free instant test.

Run VPN Test →

What a VPN Does NOT Hide

This is the section VPN marketing glosses over, and it is crucial for setting realistic expectations.

Your Activity From the VPN Provider Itself

Your VPN provider can see everything your ISP used to see — because they are now your network gateway. If you use a VPN provider that logs activity, you have simply moved your trust from your ISP to the VPN company. This is why choosing a VPN with a verified no-logs policy, ideally one that has been independently audited, matters enormously.

Browser-Based Tracking

Cookies, browser fingerprinting, login sessions, and tracking pixels work entirely independently of your IP address. If you are logged into Google or Facebook, those companies track your activity through your account, not your IP. A VPN does nothing to prevent cookie-based or account-based tracking.

Device Fingerprinting

Advanced tracking systems build a profile of your device based on its screen resolution, installed fonts, browser plugins, time zone, language settings, and dozens of other characteristics. This fingerprint can identify your device with high confidence even if your IP changes with every session.

Malware and Phishing

A VPN encrypts your internet traffic but provides no protection against malware you download, phishing sites you visit, or malicious software already on your device. A VPN is not a substitute for up-to-date antivirus software, careful clicking habits, or using a reputable password manager.

Legal Requests to the VPN Provider

If a VPN provider genuinely logs no data, they have nothing to hand over when authorities make legal requests. But if they do log data (despite claiming not to), a court order can compel them to produce it. Always choose providers who have had their no-logs policies verified through independent audits or real-world court cases where they were unable to produce user data.

When a VPN Makes the Biggest Difference

Given everything above, here are the situations where a VPN provides genuine, meaningful privacy improvements:

  • Public Wi-Fi: The most clear-cut use case. A VPN protects all your traffic from network-level interception on untrusted networks.
  • Avoiding ISP surveillance and data selling: Particularly relevant in the United States and other countries where ISPs have few restrictions on how they use browsing metadata.
  • Accessing geo-restricted content: A VPN lets you appear to be in a different country, which is useful for accessing streaming services, news sites, and other regionally restricted content.
  • Preventing IP-based tracking: Rotating VPN servers makes it harder for websites to track you across sessions based on IP address alone.
  • Journalism and sensitive research: For people in countries with restrictive internet policies or those doing sensitive professional research, a VPN adds a meaningful layer of protection.

When a VPN Makes Little Practical Difference

  • If you are logged into Google, Facebook, or other accounts — they track you through your login, not your IP.
  • If you primarily use HTTPS websites — the content of your browsing was already encrypted from ISP inspection (though destinations are still visible).
  • If your concern is malware, phishing, or being hacked — a VPN provides no protection against these.
  • If you are seeking true anonymity — a VPN alone is insufficient. True anonymity requires a combination of tools including Tor, careful browser hygiene, and operational security practices far beyond the scope of a VPN.

The Most Important Thing: Verify It Is Working

All of the privacy benefits described above only exist if your VPN is actually functioning correctly. A VPN with a DNS leak, a WebRTC leak, or a broken tunnel provides none of these benefits while creating a false sense of security. Before trusting your VPN with anything that matters, verify it is working with a comprehensive test.

Advertisement

Verify Your VPN is Working Correctly

Free instant test — no account, no signup, results in seconds.

Run Free VPN Test →

Recommended VPN Providers

Affiliate Disclosure: We may earn a commission from these links at no cost to you.

NordVPNTop Pick
★★★★★
  • Audited no-logs policy
  • Threat Protection feature
  • 6,000+ servers worldwide
rel="sponsored noopener" target="_blank" class="btn btn-primary">Get NordVPN
ProtonVPNPrivacy First
★★★★½
  • Swiss privacy jurisdiction
  • Open source apps
  • Tor over VPN support
rel="sponsored noopener" target="_blank" class="btn btn-primary">Get ProtonVPN
SurfsharkBest Value
★★★★½
  • Unlimited devices
  • Ad and malware blocker
  • From $2.49/month
rel="sponsored noopener" target="_blank" class="btn btn-primary">Get Surfshark

Related Articles