If you’ve spent any time on YouTube or listening to podcasts, you’ve almost certainly been pitched a VPN. “Stay safe online!” “Browse anonymously!” “Protect your data from hackers!”

The advertisements make VPNs sound like a magical privacy cloak that makes you invisible on the internet. The reality is more nuanced — and some VPNs are actively harmful to the people who use them.

Let me cut through the noise.

What a VPN Actually Does

VPN stands for Virtual Private Network. When you use one, it does two things:

  1. Encrypts your internet traffic between your device and the VPN server, so anyone between you and that server — your internet provider, someone on public WiFi — can’t read it.

  2. Hides your real IP address from the websites you visit. Instead of seeing your home or office IP, they see the VPN server’s IP.

That’s it. That’s the whole thing.

Think of it like a postal service analogy. Normally, when you send a letter, the postal workers can see where it’s coming from, where it’s going, and potentially what’s in it. A VPN is like using a trusted courier: they pick up your sealed letter, drive to another city, and mail it from there. The recipient sees the courier’s city, not yours. But the courier still knows everything.

When a VPN Genuinely Helps

On public WiFi — coffee shops, airports, hotels, anywhere you don’t control the network. A VPN encrypts your traffic so that even if someone on that network is snooping, they see scrambled nonsense instead of your passwords and browsing. This is the legitimate, practical use case.

From your internet provider — your ISP (Comcast, AT&T, Verizon, etc.) can see every website you visit. A VPN prevents this. Whether you care about this is a personal privacy decision.

Accessing content while traveling — if you travel internationally and want to access streaming services or websites that are geographically restricted, a VPN can help.

When a VPN Does NOT Help

Protecting you from malware and viruses — a VPN is not antivirus software. If you click a bad link and download malware, a VPN won’t stop it or remove it.

Making you anonymous — you’re trusting the VPN company with your traffic instead of your ISP. If law enforcement asks a VPN provider for records, many cooperate. Your identity is not magically hidden.

Protecting you from phishing — a VPN won’t stop you from entering your password on a fake banking website. That’s not what it does.

Protecting you on HTTPS websites — if you’re on a properly secured HTTPS site (the padlock in your browser), your data is already encrypted. The VPN adds a layer but isn’t filling a gap.

The Free VPN Problem

Here’s the part the ads don’t mention: many free VPNs are the threat.

Think about the economics. A VPN requires servers all over the world. Servers cost money. Bandwidth costs money. If a VPN service is completely free, they’re paying for all that infrastructure somehow — and the answer is usually your data.

A CSIRO study found that nearly 40% of free VPN apps inject malware or tracking code into users’ devices. Many others log your browsing history and sell it to advertisers. Some free VPNs have been caught routing users through botnets — using your device’s internet connection to conduct attacks on others.

You thought you were getting protection. You were becoming the product.

Never use a free VPN unless it’s the free tier of a well-known paid service (like Proton VPN’s free tier, which is genuinely legitimate).

Which VPN Should You Actually Use?

If you decide a VPN makes sense for you, here are trustworthy paid options:

  • Mullvad — Privacy-focused, accepts anonymous payment, no accounts required. The gold standard for privacy.
  • Proton VPN — Made by the same people as ProtonMail. Strong privacy track record, has a legitimate free tier.
  • ExpressVPN or NordVPN — Well-known, widely reviewed. Fine for most people. The heavy advertising is a little annoying, but the products are legitimate.

Expect to pay around $3–$10/month. If a “VPN service” wants significantly more than that, or nothing at all, be skeptical.

Do You Actually Need One?

Honestly? For most people doing normal browsing at home on their own network — probably not urgently. Your home router is not a public network, and HTTPS handles most of the encryption needs for everyday browsing.

Where it makes a real difference: public WiFi. If you regularly work from coffee shops, travel and use hotel networks, or connect to airport WiFi — a VPN on your laptop and phone is a genuinely useful layer of protection.

Bottom line: A VPN does a specific thing well — encrypts your traffic on untrusted networks and hides your browsing from your ISP. It’s not a cure-all. Never use a free one from an unknown company. If you travel or work on public WiFi regularly, a paid VPN from a reputable provider is money well spent.