An anonymous person holding a paper with a question mark in front of their face.

VPNs are advertised as the best way—maybe even the only way—to stay private online, but is that really true? If we look beyond the marketing copy, we find a much more messy reality than what is portrayed on the homepages of VPN providers.

What Does a VPN Do?

When you connect to the internet, you access the website you want to visit by going through your ISP’s network. Your ISP knows the domain you’re accessing and where you’re located, as does the website you’re visiting—although it has a rougher idea of your location. This data is stored in log files, which can record data such as your IP address, the time of your connection, and the length of time you were connected for.

This data is worth good money to marketers, and has become a source of income to ISPs and websites. Besides commercial purposes, log files can also be used to track people who use BitTorrent to illegally download files as well as people who use social media to brag about their crimes.

If you’re concerned about your privacy, perhaps because you just don’t want third parties making money off your data, one of the things you can do is use a virtual private network when you connect to the internet. When you connect to a VPN, the VPN sits in the middle and functions as an encrypted tunnel. Your internet service provider or local network can only see that you’re connected to the VPN—not what you’re accessing through the VPN. The websites you access will see the VPN’s IP address rather than your IP address. We have a full article on how VPNs work, but, in short, instead of sending your connection to the ISP server and then to a website, you’re placing a server owned by the VPN in between. By going through this private server, both your ISP and any sites you visit will see its IP address rather than yours.

RELATED: What Is a No-Log VPN, and Why Is That Important for Privacy?

VPNs and Privacy

According to what many providers promise, VPNs are a silver bullet that will annihilate all your privacy worries with a single stroke. Replacing your IP address with the VPN’s, however, solves only one problem, and not even a big one at that. There are still plenty of ways to find out who you are and what you’re doing.

Probably the biggest problem VPNs don’t solve is that you can still be “seen” thanks to browser cookies—which websites use to remember who you are—as well as any social media accounts you’re signed in to—and many keep you signed in, like it or not. This means that if you’re signed in to Google or Facebook when you’re using your browser with a VPN, they can still track you. It’ll just look like your physical location has changed.

The only way to fix this is by using Incognito Mode and a VPN together, but we have yet to find the VPN provider that will tell you this.

In fact, finding out anything about how VPNs operate is hard: For whatever reason, they don’t like to share details about how their products or businesses work. One thing that’s very hard to test, for example, is how secure the connection a VPN provides actually is.

For example, one of the biggest promises they make is that your connection will be encrypted in something called a “secure tunnel.” That sounds really cool—until you realize that there’s no good way to test whether it works from the outside. Though the AES-256 cipher most tunnels are advertised as being encrypted with is nigh uncrackable, there’s no good way to find out whether it really is that encryption key that’s being used.

RELATED: What's the Difference Between Incognito Mode and a VPN?

VPNs and Logs

This brings us to another thing that we’re asked to take on faith. Namely, how your logs are treated. Many VPNs claim to be “no-logs” or “zero-logs” services, saying that they do not keep records of your activity online.

However, this claim takes some stretching of the imagination to believe, as there’s always a record of the event when servers connect. The internet literally cannot function without this data being generated. It has to be kept (at least temporarily) so that servers know where to send data back and forth.

We suspect that most of these services destroy logs as soon as they’re created, which is fine from a privacy perspective—but doesn’t fit well into marketing copy.

Many VPNs will admit to logging some types of data, though that usually comes with assurances that they only log unimportant information, like what time the VPN server connected. The log files that could identify users are supposedly not recorded or destroyed, like with a zero-logs service.

Whether you’re going with a no-logs service or one that keeps only connection logs, you’re taking the VPN provider on faith, as neither claim can be investigated. In the end, you’re going to have to trust that VPNs aren’t selling your data. Look for a VPN with a good reputation, not one that just promises “no logs”—some VPNs work with third-party auditors in an attempt to prove their security promises.

RELATED: What Is a No-Log VPN, and Why Is That Important for Privacy?

What Are VPNs Good for?

With all of the above information in mind, the question arises whether VPNs are actually good for anything. They are, in fact, very useful tools. They’re just not the privacy panacea that they’re often said to be. Generally speaking, there are four reasons to use a VPN:

  • As a privacy tool in a wider strategy: If all you do is turn on a VPN and keep browsing like normal, a VPN won’t necessarily give you much privacy. But combined with Incognito Mode, secure email and messaging, plus some other tricks, you’ll be much harder to track.
  • As a way to circumvent regional restrictions: You can unlock any country’s Netflix library, for instance, or visit the sites of state broadcasters in other countries.
  • To stay ahead of copyright enforcers: People who illegally download copyrighted content using software like BitTorrent often use VPNs to disguise their peer-to-peer traffic.
  • To circumvent censorship: People that live in countries with internet restrictions—China, for example—can use a VPN to get away from their country’s internet and onto the “real,” unfiltered one.

VPNs are handy tools, but they’re not the only way to protect yourself online—nor even the best one. Although VPNs definitely have a use for most people who spend a lot of time on the internet, their use (like with any tool) is a lot more precise than many would have you believe.

RELATED: Do You Really Need to Have Your VPN On All the Time?

If you’re looking for a VPN to protect your privacy, recommend ExpressVPN here at How-To Geek. ExpressVPN has been our top pick here at How-To Geek for years, and many of us have used it for that long. ExpressVPN is a stable company that’s been around for a long time. The company even innovates by developing new technology like Lightway, a next-generation VPN protocol that will be open-source.

Profile Photo for Fergus O'Sullivan Fergus O'Sullivan
Fergus is a freelance writer for How-To Geek. He has seven years of tech reporting and reviewing under his belt for a number of publications, including GameCrate and Cloudwards. He's written more articles and reviews about cybersecurity and cloud-based software than he can keep track of---and knows his way around Linux and hardware, too.
Read Full Bio »