VPNs are often sold as a “privacy silver bullet,” but that framing causes more confusion.
A VPN does not make you anonymous.
It does not stop cookies, logins, browser fingerprinting, or payment-based identification.
What a VPN actually does is much narrower and more technical:
- It encrypts your internet traffic in transit
- It prevents your ISP or local network from seeing which destinations you connect to
- It makes websites see the VPN server’s IP instead of your real one
- That’s privacy at the network level, not identity hiding.
I wrote a detailed blogpost. Check it out.
It does, however, make a certain level of anonymity at least possible as long as you scrub your cookies regularly, never log into the same accounts over the VPN that you were using without it, and never buy anything over the VPN.
In the end, you have to sit down and ask yourself what information you’re trying to protect from whom, and how much trouble protecting it is worth. You don’t want your nosy cousin who works at your ISP to know you look at furry porn, well, a VPN should be good enough for that (provided you don’t use the ISP’s DNS). If you’re trying to conceal your actions from a nation-state-level observer, you’ve got a lot more work to do.
As far as I understand, a certain level of data hygiene will do wonders for even a basic setup.
For example, on our server, we have a container that maintains a kill-switched connection to a subscription VPN. Several other containers, including one with a browser, can only route their traffic through that container, and we don’t use any of them for anything personal or outside their intended purpose. We basically act as if there are completely different people on that connection, like we have a secret second family. Remote activity is done through a self-hosted VPN to the home network, then VNC to the containers.
If we want to use the subscription VPN on other devices, we connect to a different location and possibly use Tor browser for extra anonymity. No activity or information overlap, ever.