VPNs are often sold as a “privacy silver bullet,” but that framing causes more confusion.
A VPN does not make you anonymous.
It does not stop cookies, logins, browser fingerprinting, or payment-based identification.
What a VPN actually does is much narrower and more technical:
- It encrypts your internet traffic in transit
- It prevents your ISP or local network from seeing which destinations you connect to
- It makes websites see the VPN server’s IP instead of your real one
- That’s privacy at the network level, not identity hiding.
I wrote a detailed blogpost. Check it out.
True, however TLS does not encrypt the hostname/IP address of the servers that you are connecting to, so your ISP can monitor the servers you visit. A VPN provides an encrypted tunnel for your traffic, so your ISP can only see that you are communicating with the VPN server. However, the VPN provider can see the hostname/IP of the servers in order to forward the traffic to its destination.
Ideally the VPN provider does not monitor or keep logs of the connections, but this is not always the case. A VPN offers privacy from the ISP or from other clients connected to the local network when using public WiFi.
It can also provide some level of anonymity, because the server that you are connecting to will only be able to see the VPN IP address connecting to them, instead of your home IP address. It is possible to still be identified by other means besides your IP address, like using cookies or browser fingerpinting.
The hostname will be encrypted eventually (ESNI) but you’re right that the IP address is visible.
Destination IP is starting to mean less and less these days, given there’s a large amount of sites that use shared IPs rather than dedicated ones (for example, if they use Cloudflare, Vercel, Netlify, AWS CloudFront, etc.)
ESNI has largely been dropped in favor of ECH
Thanks - I forgot about that.