VPNs are often sold as a “privacy silver bullet,” but that framing causes more confusion.
A VPN does not make you anonymous.
It does not stop cookies, logins, browser fingerprinting, or payment-based identification.
What a VPN actually does is much narrower and more technical:
- It encrypts your internet traffic in transit
- It prevents your ISP or local network from seeing which destinations you connect to
- It makes websites see the VPN server’s IP instead of your real one
- That’s privacy at the network level, not identity hiding.
I wrote a detailed blogpost. Check it out.
You don’t get the “s” until you have the “https”. Your DNS request which turns www.TheWebsiteYouDoNotWantKnown.com into its IP address happens before you have the “s” in “https”. By default, that request is sent in plaintext, and frequently by default, to your internet service provider. So an outside monitor may not be able to see the contents of the website once you establish your https connection, they likely know that you went there and have a good idea how long you stayed on it.
While its also possible to encrypt the DNS request with DoH or DoT, its not on by default and requires the user to take configuration actions in their browser. If they’re looking at VPNs for the first time, they likely don’t know this and are sending their DNS requests in the clear.