What a VPN does
A VPN creates an encrypted connection between your device and a VPN server. Internet traffic then exits through that server, so websites normally see the server’s public IP address instead of your home, mobile, or local-network IP address.
This changes who can observe which part of the connection. A café hotspot or internet provider may see that you are using a VPN but generally has less visibility into destinations beyond the tunnel. The VPN provider becomes part of the trusted path, so provider choice and current privacy terms matter.
The simplest mental model
A VPN protects the network path to the VPN server and changes the IP address presented to destinations. It does not automatically protect everything that happens before traffic enters the tunnel or after it reaches a website.
What a VPN helps protect on public Wi-Fi
On a shared network, a VPN encrypts traffic leaving your device until it reaches the VPN server. That makes casual local inspection and manipulation harder and reduces what the hotspot operator can learn about your destinations.
HTTPS already encrypts modern web connections, and you should keep using it. A VPN adds a broader tunnel that covers supported apps and reduces reliance on the local network. Follow the public Wi-Fi safety checklist for network verification, updates, and account precautions.
What a VPN hides from websites
A connected VPN normally replaces your visible public IP with the VPN server’s IP. That can reduce IP-based location accuracy and stops a site from seeing the public address assigned to your current connection.
Websites can still recognize you through logins, cookies, browser storage, fingerprinting signals, and information you submit. If you sign into the same account, changing your IP does not make that session unrelated to you.
What a VPN may hide from your ISP
Without a VPN, an internet provider can observe connection metadata and DNS information depending on your setup, while HTTPS hides page content. With a VPN, the provider normally sees a connection to the VPN service rather than the final destination of each tunneled request.
This is not the same as eliminating trust or records. The VPN service operates the exit point, and destinations still receive your requests. Privacy depends on technical behavior, account settings, jurisdiction, and current provider policy — not only on the presence of a connect button.
What a VPN does not protect from
- Phishing: a VPN cannot tell whether a convincing login page belongs to the real service.
- Malware: encryption does not make a malicious download safe or repair an infected device.
- Account tracking: sites and apps still know which account is signed in.
- Cookies and fingerprinting: changing an IP does not erase browser identifiers.
- Weak passwords: a VPN cannot prevent credential reuse or replace two-factor authentication.
- Unsafe permissions: apps may still access location, contacts, photos, or other allowed data.
- Every ad and tracker: a VPN needs a separate filtering feature, and even that has limits.
- Data already shared: connecting later does not remove old posts, uploads, or account history.
VPN myths to avoid
“A VPN makes me anonymous”
No single VPN setting makes normal web use anonymous. Accounts, payments, cookies, browser fingerprints, and personal behavior can identify or link sessions. A VPN improves one privacy layer: the network path and visible IP.
“A VPN makes any website safe”
A VPN can securely carry a request to a fraudulent or compromised site. Verify domain names, heed certificate warnings, and do not open unexpected downloads merely because the VPN is connected.
“A VPN replaces HTTPS”
The VPN tunnel ends at the VPN server. HTTPS continues encryption from your browser to the destination and authenticates the site certificate. You want both on untrusted networks.
“A VPN blocks every ad”
Basic VPN tunneling does not block ads. Some VPN apps add DNS or domain filtering, but first-party ads, native promotions, and page placeholders may remain. Compare these layers in VPN vs adblock vs DNS.
Best privacy setup
- Keep the operating system, browser, and apps updated.
- Use HTTPS and stop when a browser reports a certificate problem.
- Use unique passwords from a password manager and enable two-factor authentication.
- Add a maintained browser blocker or DNS filter for known ads and trackers.
- Use a reputable VPN when the network path or exposed public IP is your concern.
- Review account privacy settings, app permissions, and the data you choose to share.
- Run the adblock test to check filtering after changing your setup.
No layer needs to be perfect to be useful. The goal is to match each control to a specific risk, then verify that it works where you use it.