What Is a VPN? The Unbiased Guide (No Affiliate Links)

A VPN (Virtual Private Network) is a service that creates an encrypted tunnel between your device and a remote server, routing all your internet traffic through that tunnel. This hides your real IP address from websites and services you visit, and prevents your ISP, network administrator, or anyone else on the same network from seeing what you’re doing online. It’s one of the most popular privacy tools on the internet, and also one of the most oversold. Let’s cut through the marketing noise.

How a VPN Actually Works (Without the Marketing Fluff)

Every VPN explainer on the internet shows the same diagram: your computer, a magical encrypted tunnel, and a VPN server. And that’s roughly correct, but let’s actually break down what’s happening at each step.

Without a VPN

Normally, here’s what happens when you visit a website:

Your device sends a request to your router
Your router forwards it to your ISP
Your ISP routes it across the internet to the destination server
The website sees your real IP address (assigned by your ISP)
Your ISP can see which domains you’re visiting

Your ISP sits in the middle of everything and has full visibility into your DNS queries and the metadata of your connections. They know every website you visit, when you visited it, and how long you stayed. In many countries, ISPs are legally required to retain this data.

With a VPN

Here’s what changes:

Your device encrypts your traffic using a VPN protocol (WireGuard, OpenVPN, IKEv2, etc.)
The encrypted blob goes to your router, then your ISP
Your ISP can see you’re connecting to the VPN server’s IP address, but the contents are encrypted gibberish to them
The VPN server decrypts your traffic and forwards it to the destination website
The website sees the VPN server’s IP address, not yours
Responses travel back the same way in reverse

So the VPN shifts your trust from your ISP to the VPN provider. Instead of your ISP seeing everything, your VPN provider can see everything. This is why choosing a trustworthy VPN matters enormously, and why “no logs” policies are such a big deal.

VPN Protocols: What’s Inside the Tunnel

The protocol determines how the encrypted tunnel is built and maintained. Here’s where things stand in 2026:

Protocol	Speed	Security	Status
WireGuard	Fastest	Excellent	Modern standard, ~4,000 lines of code
OpenVPN	Moderate	Excellent	Battle-tested, ~70,000 lines of code
IKEv2/IPSec	Fast	Good	Good for mobile (handles network switching well)
L2TP/IPSec	Slow	Okay	Outdated, not recommended
PPTP	Fast	Terrible	Broken encryption, never use this

WireGuard has essentially won the protocol wars. It’s faster, simpler, and has a much smaller attack surface than OpenVPN (4,000 lines of code versus 70,000 makes security auditing way easier). Most modern VPN providers have switched to WireGuard as their default or built proprietary protocols on top of it (like NordVPN’s NordLynx or Cloudflare’s WARP).

The only downside of WireGuard is that it assigns static internal IPs by default, which could theoretically be used for tracking. Good VPN providers work around this with additional privacy layers like double-NAT or rotating internal addresses.

What a VPN Actually Protects (And What It Doesn’t)

Here’s where most VPN marketing goes completely off the rails. Let’s be brutally honest.

What a VPN DOES protect:

Your IP address from websites. Sites you visit see the VPN server’s IP instead of yours. This prevents IP-based tracking and geo-targeting.

Your traffic from your ISP. Your ISP can see you’re using a VPN but cannot see what websites you visit or what data you’re transmitting.

Your traffic on public Wi-Fi. On open networks (coffee shops, airports, hotels), a VPN encrypts your traffic so other users on the same network can’t snoop on it. This matters less now that most websites use HTTPS by default, but it still protects DNS queries, metadata, and connections to any non-HTTPS sites.

Your location for geo-restricted content. By connecting to a server in another country, you can access content that’s restricted to that region. This is probably the most common real-world VPN use case (Netflix different libraries, sports streaming, etc.).

Protection from network-level censorship. In countries that censor the internet, a VPN can bypass blocks by routing traffic through servers in uncensored locations.

What a VPN DOES NOT protect:

Your identity from websites where you’re logged in. If you log into Google, Facebook, or Amazon while using a VPN, obviously those services know who you are. They don’t need your IP address; they have your username.

Against browser fingerprinting. Your browser leaks a unique combination of screen resolution, installed fonts, plugins, timezone, language settings, and other data that can identify you across sessions even without cookies. A VPN doesn’t change any of this.

Against malware or phishing. A VPN encrypts your traffic; it doesn’t inspect it for threats. If you download malware or enter your password on a phishing site, the VPN won’t stop you.

Against cookies and tracking scripts. The advertising industry tracks you through cookies, pixels, and JavaScript. A VPN does nothing about this. Use an ad blocker (uBlock Origin) and privacy-focused browser settings instead.

Against your VPN provider. Your VPN provider can theoretically see your traffic (after decrypting it at their end). “No logs” policies are promises, not technical guarantees. Some have been verified by independent audits, others haven’t.

The “No Logs” Problem

Every VPN company claims they keep “no logs.” But what does that actually mean? Logs can include:

Connection logs: When you connected, how long, how much bandwidth
Traffic logs: Actually recording what websites you visited and what data you transmitted
IP logs: Your real IP address associated with your VPN sessions

Most reputable VPNs genuinely don’t keep traffic logs (that would be expensive and pointless for them). Connection logs are more of a gray area. Some providers keep minimal connection data for troubleshooting and abuse prevention.

The only way to verify a “no logs” claim is through independent audits or court cases where a provider was legally compelled to hand over data and had nothing to give. A few providers have passed this test:

Mullvad: Raided by Swedish police in 2023, no user data found
ExpressVPN: Servers seized by Turkish authorities in 2017, no logs found
PIA (Private Internet Access): Subpoenaed by the FBI twice, had no logs to provide

But keep in mind: a VPN provider’s infrastructure runs on rented server hardware in data centers worldwide. The data center operators, their upstream providers, and potentially intelligence agencies with access to backbone infrastructure could theoretically monitor traffic at the network level, regardless of what the VPN company itself logs.

When You Should (and Shouldn’t) Use a VPN

Good reasons to use a VPN:

You frequently use public Wi-Fi networks
You want to prevent your ISP from logging your browsing history
You need to access geo-restricted content
You live in or travel to countries with internet censorship
You want to prevent IP-based tracking across the web
You’re torrenting (legal) content and want to keep your IP private

Bad reasons to use a VPN:

You think it makes you “unhackable” (it doesn’t)
You saw a YouTube ad saying hackers will steal your identity without one
You think it replaces antivirus software
You believe it makes everything you do online completely anonymous
You want to commit crimes without getting caught (just don’t)

When a VPN might hurt:

Online banking sometimes flags VPN usage as suspicious activity
Some streaming services actively block known VPN IP addresses
Gaming through a VPN adds latency, which means higher ping
CAPTCHA challenges become more frequent because VPN IPs are shared and often flagged

VPN vs Proxy vs Tor

People often confuse these three. Quick distinction:

VPN encrypts ALL your device’s traffic and routes it through a remote server. Works at the OS level.

Proxy routes only specific application traffic (usually just your browser) through a remote server. Usually NO encryption unless it’s an HTTPS proxy.

Tor bounces your traffic through three volunteer-operated nodes, with each layer of encryption stripped at each hop. Much slower than a VPN but provides much stronger anonymity because no single node knows both your identity and your destination.

For most people, a VPN provides the best balance of speed, usability, and privacy. Tor is for situations where you need genuine anonymity (journalists, activists, whistleblowers). Proxies are mostly useful for casual geo-spoofing.

We have a detailed comparison at VPN vs Proxy if you want the full breakdown.

How to Choose a VPN (Without Getting Scammed)

The VPN industry is plagued by affiliate marketing. Most “best VPN” review sites are paid to promote specific providers. Here are the things that actually matter:

Jurisdiction: Where the VPN company is incorporated affects what laws govern data retention. Some privacy-friendly jurisdictions include Switzerland (ProtonVPN), Sweden (Mullvad), Panama (NordVPN), and the British Virgin Islands (ExpressVPN).

Independent audits: Has the VPN been audited by a reputable security firm? Not just their privacy policy, but their actual server infrastructure and code?

Protocol support: Does it offer WireGuard? If they’re still defaulting to older protocols in 2026, that’s a red flag.

Server network: More server locations means more options for geo-unblocking and better speeds (since you can connect to a nearby server).

Kill switch: If the VPN connection drops, a kill switch blocks all internet traffic until the VPN reconnects. Without this, your real IP can leak during brief disconnections.

Price: Good VPNs cost money. If you’re not paying, you’re the product. Budget around $3 to $5 per month on longer plans.

How to Check If Your VPN Is Working

After connecting to a VPN, verify it’s actually doing its job:

Visit whatismyip.technology and check that the displayed IP is NOT your real IP
Run a DNS leak test to make sure DNS queries go through the VPN
Check for WebRTC leaks (some browsers leak your real IP through WebRTC even with a VPN active)

If your real IP shows up anywhere in these tests, your VPN isn’t configured correctly.

Test It Yourself

Check Your IP Address

Connect your VPN and verify it's working. See what IP address and location websites see.

Open Tool →

Frequently Asked Questions

No. A VPN hides your IP address and encrypts your traffic, but you can still be identified through browser fingerprinting, account logins, cookies, payment information, and behavioral patterns. A VPN is one layer of privacy, not a magic invisibility cloak.

Mostly no. Free VPNs need to make money somehow, and that usually means selling your browsing data, injecting ads, or providing minimal encryption. Some free VPNs have been caught installing malware. The exceptions are limited free tiers from reputable paid providers (like Proton VPN's free tier), but even those have restrictions.

Your ISP can see that you're connecting to a VPN server and that your traffic is encrypted, but they cannot see what websites you visit or what data you're sending. Some VPNs offer 'stealth' or 'obfuscation' modes that disguise VPN traffic as regular HTTPS traffic, making it harder for ISPs to detect VPN usage.

Usually yes, at least a little. Your traffic has to travel to the VPN server first (adding distance and latency), and encryption/decryption takes processing time. With a good VPN provider and a nearby server, the speed loss is typically 10 to 20%. With a bad provider or a faraway server, it can be much worse.

In most countries, yes. VPN usage is legal in the US, UK, EU, Canada, Australia, and most other countries. It's restricted or banned in China, Russia, Iran, Iraq, North Korea, Belarus, Turkmenistan, and a few others. Even in countries where VPNs are legal, using one for illegal activities is still illegal.