Confused about VPNs? Learn how VPNs really work, different VPN Protocols, what they hide, what they don’t, and how to judge VPN providers.

VPNs are often sold as a “privacy silver bullet,” but that framing causes more confusion.

A VPN does not make you anonymous.

It does not stop cookies, logins, browser fingerprinting, or payment-based identification.

What a VPN actually does is much narrower and more technical:

  1. It encrypts your internet traffic in transit
  2. It prevents your ISP or local network from seeing which destinations you connect to
  3. It makes websites see the VPN server’s IP instead of your real one
  4. That’s privacy at the network level, not identity hiding.

I wrote a detailed blogpost. Check it out.

  • dan@upvote.auEnglish
    22·
    13 hours ago
    1. It encrypts your internet traffic in transit

    Note that most sites use TLS these days, so your data is already encrypted in transit.

    • sentientRant@lemmy.worldOPEnglish
      3·
      8 hours ago

      Yeah but app dns requests and background services are sometimes not TLS. When using VPN all traffic is encrypted. Thus safer.

    • theunknownmuncher@lemmy.worldEnglish
      20·
      13 hours ago

      True, however TLS does not encrypt the hostname/IP address of the servers that you are connecting to, so your ISP can monitor the servers you visit. A VPN provides an encrypted tunnel for your traffic, so your ISP can only see that you are communicating with the VPN server. However, the VPN provider can see the hostname/IP of the servers in order to forward the traffic to its destination.

      Ideally the VPN provider does not monitor or keep logs of the connections, but this is not always the case. A VPN offers privacy from the ISP or from other clients connected to the local network when using public WiFi.

      It can also provide some level of anonymity, because the server that you are connecting to will only be able to see the VPN IP address connecting to them, instead of your home IP address. It is possible to still be identified by other means besides your IP address, like using cookies or browser fingerpinting.

      • dan@upvote.auEnglish
        3·
        11 hours ago

        The hostname will be encrypted eventually (ESNI) but you’re right that the IP address is visible.

        Destination IP is starting to mean less and less these days, given there’s a large amount of sites that use shared IPs rather than dedicated ones (for example, if they use Cloudflare, Vercel, Netlify, AWS CloudFront, etc.)