The short answer
A VPN hides your real IP address and encrypts your internet traffic so your ISP, café Wi-Fi snoops, or your landlord can’t see what you’re doing. But it does not make you anonymous. Your browsing habits still leak through cookies, browser fingerprinting, and the accounts you log into. Expect a VPN to be one layer, not a cloak of invisibility.
What a VPN actually hides (and what still leaks)
A VPN encrypts the connection between your device and the VPN server. That means:
– Your ISP cannot see which websites you visit.
– Public Wi-Fi attackers cannot intercept your login credentials.
– Websites see the VPN server’s IP, not your home IP.
What a VPN does not hide:
– Cookies and tracking scripts. If you visit a site with Facebook’s pixel, Facebook still knows you were there.
– Browser fingerprinting. Your screen resolution, installed fonts, and OS version are still visible.
– DNS leaks if misconfigured. Some VPNs leak your real DNS queries despite claiming protection.
– Your Google or social media accounts. Logging into Gmail while connected tells Google exactly who you are.
The one privacy tool you need alongside a VPN
No VPN fixes bad browsing habits. If you want real privacy, combine the VPN with:
– A privacy-focused browser (Firefox with strict tracking protection or Brave).
– uBlock Origin to block third-party scripts.
– Cookie auto-delete extensions or browser settings that clear cookies on exit.
Example: You connect to a VPN, then search for “best hiking boots” on Google. Google still sees your search history and serves personalized ads. The VPN only hides your IP from Google—not your search queries or account data.
How to choose a VPN for privacy without the marketing fluff
Ignore the “military-grade encryption” claims. Every decent VPN uses AES-256. Focus on:
– Audited no-logs policy. Look for a third-party audit (e.g., PwC, Cure53) that confirms they don’t keep connection logs.
– RAM-only servers. Data is wiped on reboot, reducing the risk of log seizure.
– Open-source apps. Anyone can verify the code isn’t spying on you.
– Kill switch. Without it, a dropped VPN connection exposes your real IP.
Avoid free VPNs that monetize through ads or data selling. If you don’t pay for the product, you are the product.
The log policy trap: what “no logs” really means
Many VPNs claim “no logs” but still log metadata like connection timestamps, bandwidth usage, or session duration. That metadata can identify you if authorities request it.
Real no-logs means:
– No connection timestamps.
– No IP addresses assigned to you at any given time.
– No bandwidth usage data tied to your account.
Check the provider’s privacy policy for phrases like “aggregated data” or “troubleshooting logs.” Those are logs. If the company is based in a country with mandatory data retention laws (e.g., UK, Australia), even a good policy might be overridden by law.
Common mistakes that kill your privacy gains
– Using the VPN’s default DNS. Switch to a trusted third-party DNS like Quad9 or Cloudflare.
– Keeping browser cookies. Clear them regularly or use a separate browser for sensitive activity.
– Reusing passwords. A VPN won’t help if your email password gets leaked on HaveIBeenPwned.
– Assuming incognito mode + VPN = anonymous. Incognito only stops local history, not tracking.
When a VPN hurts your privacy (yes, it can)
– Free VPNs that inject ads or track you. Some free services bundle spyware or sell your browsing data.
– VPNs that require excessive permissions. An Android VPN that requests access to your SMS or contacts is a red flag.
– Logging into accounts while connected. Your identity is tied to the account, not the IP. The VPN becomes irrelevant.
Real scenario: You use a free VPN to watch a geo-blocked video. The VPN logs your connection and sells that data to an ad broker. Next week, you see targeted ads for the exact product you searched while “protected.”
Quick checklist: before you hit “connect”
– [ ] Choose a VPN with a published, audited no-logs policy.
– [ ] Enable the kill switch in the app settings.
– [ ] Test for DNS leaks at dnsleaktest.com.
– [ ] Clear browser cookies or use a separate browser for privacy-sensitive tasks.
– [ ] Disable WebRTC in your browser (it can leak your real IP).
– [ ] Log out of Google, Facebook, and other accounts you don’t need open.
A VPN is a useful tool, not a cure-all. Pair it with good browser hygiene and realistic expectations.
FAQ
Q: Does a VPN hide my browsing history from my ISP?
A: Yes, your ISP sees only encrypted traffic to the VPN server, not the websites you visit.
Q: Can a VPN protect me from malware?
A: No. A VPN does not block malware. Use antivirus software and avoid suspicious downloads.
Q: Will a VPN stop advertisers from tracking me?
A: Partially. It hides your IP, but advertisers still track you via cookies, browser fingerprinting, and logged-in accounts.
Q: What is a DNS leak?
A: A DNS leak occurs when your device sends DNS queries outside the VPN tunnel, revealing your real IP to your ISP. Test with dnsleaktest.com.
Q: Can I use a free VPN for privacy?
A: Not safely. Most free VPNs log your data, inject ads, or sell your bandwidth. Only trust paid providers with audited no-logs policies.
Q: Does a VPN work on public Wi-Fi?
A: Yes, it encrypts your traffic, preventing others on the same network from intercepting your data.
Q: Should I keep my VPN on all the time?
A: Yes, if privacy is your goal. Turn it off only when you need to access a local service that blocks VPN IPs.
