The VPN Illusion: Are You Really Safer Online?

VPNs Aren’t the Privacy Shield You Think They Are

Virtual Private Networks (VPNs) are everywhere. YouTubers push them. Reddit swears by them. Ads make them sound like an essential security tool.

And it makes sense—nobody wants their Internet Service Provider (ISP) selling their data or hackers snooping on public Wi-Fi. So people install a VPN, flip it on, and assume they’re safe.

Except… they’re not.

VPN marketing has convinced people that using one makes them invisible online. That’s a fantasy. A VPN doesn’t erase tracking. It doesn’t stop surveillance. And depending on which VPN you use, it might actually be making things worse.

But that’s the part nobody talks about.

Most people assume a VPN is a one-click solution for privacy. The reality? VPNs are a tool, not a fix—and most people are using them completely wrong. Worse, some people would be better off not using one at all.

And yet, “Always use a VPN” is some of the worst security advice out there.

Let’s talk about why.

The Truth About VPNs (That VPN Companies Won’t Tell You)

VPN ads all say the same thing: they encrypt your traffic, hide your IP, and make you anonymous. But most of these claims are misleading at best and outright false at worst.

A VPN does encrypt your internet traffic—but that doesn’t stop websites from tracking you. They still see your device fingerprint, cookies, and browsing behavior. They still run scripts that follow you across the web.

A VPN just changes your IP address. That’s it.

A VPN does hide your browsing from your internet provider—but now your VPN provider sees everything instead. The only thing that’s changed is who you’re trusting.

And let’s talk about anonymity. People love to say, “A VPN makes you anonymous.” No, it doesn’t. If a website wants to track you, it still can. Log into your usual accounts? Use the same browser? Interact with the same sites? Nothing has changed.

If VPN companies were honest about these limitations, it wouldn’t be such a big deal. But instead, they let influencers push the fantasy that a VPN is all you need for privacy.

That’s not just misleading—it’s dangerous.

The “No-Logs” Lie

VPN companies love to brag about their “no-logs” policies.

• “We don’t track anything.”

• “Your data is safe with us.”

• “Trust us.”

Except… some of them are lying.

A few years ago, PureVPN got caught handing over user logs to the FBI—after advertising a strict no-logs policy. Turns out, they did log user data. They just didn’t define “logs” the way their users thought.

That’s the loophole a lot of VPNs exploit. Some don’t track your browsing history, but they still log:

• When you connect

• What device you’re using

• How much bandwidth you consume

• What VPN IP address was assigned to you

This metadata is just as valuable as actual browsing logs—and it’s enough to identify you.

If you’re using a VPN to hide from surveillance, but the VPN itself is logging metadata, guess what? You’re not hiding from anything.

And it gets worse.

VPNs Are a One-Stop Shop for Subpoenas

A lot of people assume a VPN protects them from government surveillance. That if someone tries to track them, the VPN will block it.

But what they don’t realize is that VPNs concentrate all of their users’ internet traffic through a single provider—making them a prime target for subpoenas and government orders.

If law enforcement wants to track someone without a VPN, they have to deal with multiple ISPs, data brokers, and websites.

But if that person is using a VPN? Suddenly, all of their internet activity is in one place.

And here’s the real problem:

If a VPN operates in a Five Eyes, Nine Eyes, or Fourteen Eyes country (like the US, UK, or Australia), they can be forced to hand over user data.

Some VPNs have secretly complied with law enforcement requests while publicly claiming they keep no logs. Others have silently handed over user data under sealed court orders.

So the real question isn’t:
Can I trust a VPN more than my ISP?

It’s:
Can I trust this VPN at all?

The Free VPN Trap

By now, you might be thinking, “Fine. I’ll just find a VPN I trust.”

But if your solution is a free VPN, you’ve just traded one bad situation for another.

Free VPNs don’t exist out of generosity. If they’re not making money from subscriptions, they’re making it from you.

Did you know 75% of free VPNs are secretly selling your data?

That’s why some free VPNs:

• Log everything and sell your data to advertisers

• Inject tracking scripts into your traffic

• Turn users into exit nodes for botnets—without their knowledge

It happened with HolaVPN. Users thought they were getting a free, unlimited VPN. What they didn’t know? Hola was selling their bandwidth to the highest bidder.

If you wouldn’t trust a free, sketchy app with your personal data, why would you trust a free VPN?

How VPNs Can Actually Make Your Privacy Worse

By now, you know a VPN doesn’t make you anonymous. You know VPN companies stretch the truth about their “no-logs” policies. You know using a VPN shifts your trust from your ISP to a single provider that may or may not deserve it.

But it gets worse.

Not only do VPNs fail to provide the security people expect, but in some cases, they can actually make users more vulnerable. And thanks to aggressive marketing, most people don’t realize they’re exposing themselves to new risks instead of protecting their privacy.

Let’s break down why.

Your VPN Might Be Logging You More Than Your ISP

People use VPNs to stop their internet provider from tracking them. The logic makes sense—your ISP can see every website you visit, and in many countries, they sell that data to advertisers.

But here’s the problem: VPN providers aren’t subject to the same regulations as ISPs. While ISPs operate under telecommunications laws and privacy protections (even if they violate them), VPN companies exist in a legal gray area. There’s less oversight, and for some providers, that means more opportunities to track you without consequences.

Most ISPs don’t log your exact IP address alongside your browsing history. Some VPNs do—and they bury it deep in their privacy policies. That means if a government agency, a hacker, or even a rogue employee at the VPN company wants access to your data, it’s all conveniently stored in one place.

Unlike ISPs, which have legal obligations and established reputations, many VPN providers are based in countries with little to no consumer protection. If they decide to start logging more data or sell user information, there’s often nothing stopping them.

Who Actually Owns Your VPN?

Here’s something VPN ads never mention: many of the biggest "privacy-focused" VPNs are owned by data collection firms.

Companies that profit from tracking users have quietly acquired VPN services and continued the exact surveillance users are trying to avoid.

For example, Kape Technologies—a company previously involved in adware and browser hijacking—owns ExpressVPN, CyberGhost, Private Internet Access, and ZenMate. A company with a history of tracking users and injecting ads now controls four of the most well-known VPNs.

They aren’t the only ones. Some VPN companies operate under vague parent companies, hiding their true ownership structure. Others have been caught selling user data despite marketing themselves as privacy-friendly.

If a VPN refuses to disclose who owns them, where they operate, or how they make money, that’s a red flag.

VPNs Can Make You Easier to Track

Most people assume that because a VPN hides their IP, it automatically stops tracking. But that’s not how modern surveillance works.

Websites, advertisers, and government agencies don’t need your IP address to follow you online. They use far more sophisticated methods:

• Device fingerprinting – Your browser settings, screen resolution, installed fonts, and even the way you move your mouse create a unique profile that identifies you.

• Cookies and tracking scripts – Most sites load third-party trackers that follow you across the web. A VPN doesn’t block them.

• Account logins – If you’re using a VPN but still logging into Google, Facebook, or Twitter, those services still know exactly who you are.

And here’s the kicker—some websites flag and block VPN users because VPN IPs are often shared by thousands of people. That means:

• You’re more likely to get stuck in endless captchas.

• Some services force extra identity verification when they detect VPN usage.

• Many platforms already have your real IP from previous logins, making the VPN ineffective for privacy.

In some cases, using a VPN actually makes your traffic stand out more, not less.

Why Always-On VPNs Are a Bad Idea

Some people assume that if a VPN is good, using it all the time must be better. But in reality, leaving a VPN on permanently often creates more problems than it solves.

Many services—especially banking sites and government portals—block VPN traffic. This means you’ll constantly have to disable your VPN just to access basic accounts.

Some websites treat VPN users as high-risk, forcing additional verification steps, restricting access, or outright banning logins from known VPN IPs.

Depending on where your VPN provider is routing your traffic, you might suddenly find yourself locked out of services for "suspicious activity" because your connection appears to be coming from another country.

Always-on VPN usage can also:

• Slow down your connection, since encryption and rerouting traffic through distant servers introduce latency.

• Interfere with apps and websites that require a stable local IP address.

• Create a false sense of security, making people careless about real threats like phishing, malware, and weak passwords.

The internet has changed. Most modern traffic is already encrypted by HTTPS, and DNS-over-HTTPS prevents ISPs from spying on your browsing history. A VPN is no longer a must-have for everyday use.

So if "always use a VPN" is bad advice… when should you use one?

That’s what we’ll cover next.

When Should You Actually Use a VPN? Most People Get This Wrong

By now, it should be clear: a VPN isn’t a magic shield. It won’t make you anonymous, and in some cases, it can actually make tracking easier. So does that mean VPNs are useless?

Not exactly.

VPNs do have legitimate uses—but only when applied strategically. The problem isn’t the tool itself. It’s that most people are using them in the wrong situations while ignoring security measures that actually matter.

So when should you use a VPN? When does it help? And when does it just get in the way?

Let’s break it down.

When a VPN is Actually Useful

A VPN won’t solve all your privacy problems, but there are a few cases where it’s the right tool for the job.

Untrusted Public Wi-Fi

A decade ago, public Wi-Fi was a major security risk. Many websites didn’t encrypt traffic, meaning anyone on the same network could intercept your data. But today, thanks to HTTPS and end-to-end encryption in messaging apps, most of your online activity is already protected.

That said, if you’re using an unsecured or unknown network—like an airport, hotel, or coffee shop Wi-Fi—a VPN can still be useful. It encrypts your traffic so that even if someone is snooping on the network, they can’t see what you’re doing. If you trust the network, though, a VPN isn’t doing much for you.

Bypassing Censorship and Geo-Restrictions

In some countries, governments block access to news, social media, and messaging apps. A VPN allows you to route your connection through another country, restoring access.

It can also be useful for accessing geo-blocked content, like streaming services that limit shows based on location. But keep in mind that many streaming platforms actively detect and block VPN traffic, and some even suspend accounts that use them.

Stopping ISP Tracking and Throttling

Some ISPs log user activity and sell that data to advertisers. A VPN encrypts your traffic, making it harder for your ISP to see what you’re doing.

A VPN can also prevent ISPs from throttling certain types of traffic, like streaming or torrenting. Since the ISP can’t see the type of data you’re transmitting, it’s harder for them to selectively slow down your connection.

But if your ISP isn’t actively selling your data or throttling your speed, a VPN won’t make a difference.

Secure Access for Remote Work

This is one of the best use cases for a VPN—because it’s what VPNs were originally designed for.

If you work remotely and need to access company systems, your employer might require you to use a VPN. In this case, the VPN encrypts your connection to the company’s network—not just the internet in general.

If your company provides you with a VPN, use it. Just don’t assume that a personal VPN gives you the same level of security.

When a VPN is Unnecessary—or Even a Bad Idea

Despite what marketing suggests, most people don’t need a VPN for everyday browsing. If you’re just reading the news, checking email, or scrolling social media, a VPN does almost nothing for you.

Modern internet security has improved dramatically. Like I already mentioned, most websites already encrypt your traffic with HTTPS, preventing ISPs from seeing what you do. DNS-over-HTTPS (DoH) encrypts your site requests. And most apps already use end-to-end encryption, making VPNs irrelevant for most basic tasks.

In some cases, a VPN can actually make things worse.

Everyday Browsing

If you’re just reading articles or watching YouTube, a VPN isn’t adding much security.

It can even cause problems:

• Banking apps and government services often block VPN traffic, requiring you to turn it off just to log in.

• Streaming platforms detect and block VPNs, making it harder to access content.

• Some websites see VPN usage as suspicious, forcing you to go through extra verification steps.

If your traffic is already encrypted and you’re not trying to hide your location, a VPN just adds friction.

Needing Anonymity

A VPN hides your IP address, but websites use other methods to track you:

• Browser fingerprinting – Your device, screen size, installed extensions, and even the way you move your mouse create a unique profile that identifies you.

• Cookies and tracking scripts – Websites load third-party trackers that follow you across the internet.

• Account logins – If you’re signed into Google, Facebook, or Twitter while using a VPN, those services still know exactly who you are.

If anonymity is your goal, a VPN isn’t enough. You should be using Tor instead.

Using a VPN From an Untrustworthy Provider

Not all VPNs are created equal. Some log user activity while falsely claiming they don’t. Others are owned by companies that profit from surveillance.

If a VPN provider:

• Refuses to disclose who owns them,

• Has never undergone an independent security audit,

• Is based in a high-surveillance country,

• Offers lifetime deals (a major red flag for shady business models),

…it’s not a company you should trust with your data.

And if you’re using a free VPN, you’re almost certainly the product. Many free VPNs track and sell user data, inject ads into web pages, or even reroute traffic through compromised servers.

How to Choose a VPN That Won’t Sell You Out

If you’re going to use a VPN, choosing the right one is critical. Many VPNs claim to be private, but only a handful have actually proven it through independent audits, strong security policies, and transparency.

Here are some of the best options:

• Mullvad VPN – No email required, strong no-logs policy, independently audited.

• ProtonVPN – Created by the team behind ProtonMail, based in Switzerland, with a strong privacy record.

• IVPN – Transparent ownership, no shady parent companies, and independent audits.

• AirVPN – Run by privacy activists, highly customizable security settings.

• NordVPN – Independently audited, RAM-only servers, but owned by Kape Technologies, which has a controversial history—so proceed with caution.

These VPNs aren’t perfect, but they’re among the least compromised options. If you’re going to use a VPN, pick one that has actually proven it can be trusted—not just one that paid for a bunch of YouTube ads.

What Actually Improves Privacy?

A VPN is just one tool. If you really want to improve your privacy, you need a layered approach.

A hardened browser like Firefox (with extensions like uBlock Origin and Privacy Badger) does far more for your security than a VPN ever will. Enabling DNS-over-HTTPS (DoH) stops ISPs from seeing which websites you visit. Using a search engine like DuckDuckGo or Startpage eliminates Google’s tracking.

For account security, a (paid!!) password manager and two-factor authentication will protect you far more than a VPN. And if you need real anonymity, use Tor, not a VPN.

A VPN is just one piece of the puzzle. If you’re relying on it alone, you’re missing the bigger picture.

Final Thoughts: Use a VPN When It Makes Sense—Not as a Default

VPNs aren’t useless, but they’re not what most people think they are. They don’t make you anonymous, they don’t stop modern tracking, and they aren’t a replacement for real security measures.

That doesn’t mean you should never use one. If you’re on untrusted Wi-Fi, trying to bypass censorship, or protecting yourself from ISP throttling, a VPN makes sense. But leaving it on 24/7 isn’t necessary—and in some cases, it can do more harm than good.

If you take anything from this, let it be this:

• A VPN doesn’t make you invisible online.

• A VPN isn’t a one-stop privacy solution.

• A VPN should be used strategically, not out of habit.

Instead of blindly trusting a VPN, focus on understanding when it actually helps.

Stay Curious,

Addie LaMarr

🔎 Want access to the 40 pages of research that informed this newsletter?

Most of it never made it into the final article, but you can dive into the full, unfiltered deep dive—packed with technical insights, real-world context, and everything I uncovered about VPNs.

📖 Get the full research here