Is using a VPN really that good for keeping my data safe

I get why people want to use a VPN to change where they appear online and access content that is only available in certain areas. I also see how it can help hide what you do from your internet provider. But isn’t it just sending your data through the VPN provider’s network instead?

Does that really make it any better for data privacy? Or are you basically choosing to trust someone else, the VPN provider instead of your internet provider, with your information?

But isn’t it just sending your data through the VPN provider’s network instead?

Yes, that’s exactly what’s happening.

Does that really make it any better for data privacy? Or are you basically choosing to trust someone else (the VPN provider instead of your internet provider) with your information?

You are indeed choosing to trust the VPN provider, and you still have to consider your internet provider whenever there is a leak (like if the VPN drops). The VPN provider might be in a country with different laws about data protection that could be better or worse for you. They might also be untrustworthy or not very skilled:

Tom Scott explains why VPN ads can be misleading: https://www.youtube.com/watch?v=WVDQEoe6ZWY

I’m not saying VPNs are bad, but they aren’t a magical fix.

@Axel
Thanks for this detailed response. I really appreciate all the information you added here :slight_smile:

Robin said:
@Axel
Thanks for this detailed response. I really appreciate all the information you added here :slight_smile:

You captured how a VPN works perfectly. There might still be reasons to move your trust from an ISP to a VPN provider, but it doesn’t provide the same level of privacy that many people believe.

I personally use a VPN. My main reasons are to be in a different region online. Another reason is for gaming; not to hide from game servers but to get around slow connections. If the game server’s data is wayward due to a frustrating routing node, switching on the VPN can often work around it. I also use it when I travel but, remember, most online traffic is already encrypted, which isn’t what most VPN ads claim as discussed in the Tom Scott video.

I have a work VPN too, and it’s essential for accessing files and emails. If I’m not connected to it and also using my work laptop, I can’t get any work done. This is purely to keep work in control of their network.

EDIT: Some ISPs have throttled specific content types in the past, like bitorrent which can be legitimate. One US ISP was found to throttle Netflix traffic intentionally, showing another valid use case for a VPN.

Robin said:
@Axel
Thanks for this detailed response. I really appreciate all the information you added here :slight_smile:

Or are you just choosing to trust someone else (the VPN provider instead of your internet provider) with your information?

Remember that data is mostly metadata. Only you and the site you are visiting know (1) the specific page you are on; (2) what is on that page, regardless of having a VPN or not.

While metadata is still important, know that many VPN ads suggest they’ll protect your passwords or sensitive information, and that is just false.

Robin said:
@Axel
Thanks for this detailed response. I really appreciate all the information you added here :slight_smile:

No problem at all. Have you tried a VPN yourself? I’m curious about your personal experiences, whether they were good or bad.

@Teal
Wait a moment…

@Axel
This user made a lot of great points that I would have shared too, so I’m giving you an upvote.

If you often move around - coffee shops, airports, etc. - using a VPN might help protect your privacy if you have concerns. Your internet provider knows what you do online, but so do places like coffee shops and airports.

Most of the internet is already encrypted. As a bad employee, I can see that you’re visiting Facebook and downloading large files. Based on that, I might think you are streaming a video. I can’t see what you’re actually doing, just who you’re with (like Facebook) and the amount being used. I wouldn’t know who your friends are.

A VPN gives you extra security. Now I, the ISP employee, know you are using XX VPN service… and that’s it. And yeah, XX VPN service knows you’re watching videos on Facebook even if I don’t.

Keep in mind other security issues as well. Your ISP won’t see your friends, but if you’re at an airport with cameras or just people nearby, be careful of someone looking over your shoulder at your screen. No VPN or encryption can prevent that. Software has limits on protection.

While what everyone else said is usually correct, there’s one situation where a VPN could help more than not having one, and that’s due to security risks.

Attackers can use devices like a wifi-pineapple to exploit security holes. This device connects to a public Wi-Fi (like in a coffee shop) and tricks everyone into connecting to it first. The attacker can then watch all the traffic.

Usually, they can’t do a lot. They see what your ISP sees, but if you’re using HTTPS, they can’t see much else. However, security issues do happen. Recently, some researchers found a way to see chat history from AI chatbots even when it was encrypted. Another recent issue (Blast-RADIUS) was with RADIUS, an older authentication technique still in use. This flaw may not get fixed anytime soon.

These security issues could be avoided with a VPN. Yes, a hacker who broke through the VPN could still cause trouble, but someone using a wifi-pineapple wouldn’t be able to.

Imagine visiting 25 different websites today.

Normally, you trust your Internet Service Provider (ISP) to see all the sites you access. You trust each of the 25 websites too, but those sites only know when you visit them individually; they won’t know about the others. (Ignoring tracking cookies).

With a VPN, you’d trust the VPN provider with the knowledge of every site you visit. Your ISP only knows you’re connected to the VPN, but not what you’re doing there. The websites can’t tell that you requested their pages; they see requests from the VPN and not you. (Unless you log in using your details).

Not really.

VPN services are often marketed as something more than they truly are.

All you are really doing is hiding the origin of your requests online. This can be helpful for getting around geo-blocking on streaming platforms or for hiding illegal activities. The downside is VPNs can’t advertise this truthfully, so they use misleading claims about privacy protection.

Some might say if you’re out in public like in a coffee shop, a VPN can protect you from nearby hackers snooping on your activities; yet, much of what happens online is encrypted today, making that less relevant. A hacker may see the websites you’re visiting, but not the content.

I see why people want a VPN to access region-specific content.

That’s the main reason.

I understand it can hide your activities from your internet provider, but aren’t you just routing your connection through the VPN provider instead?

Yes, that’s correct.

Is this inherently better for data privacy?

Not really.

Or are you just trusting another party (the VPN provider instead of your internet provider) with your information?

Exactly.

Can you really trust the VPN provider?

The nodes are held in data centers worldwide. Most nodes are known; there are often lists of them that get updated.

So, what’s preventing a government from going to one of those data centers and inspecting the traffic? Who’s to say they aren’t doing it already?

The main point of a VPN is to give you a secure way to connect to a network not open to the public, like a company network. I honestly can’t do my job without being connected to a VPN, since it’s the only method to access what I need. It does mean the company can see what sites I’m viewing, but as long as I’m browsing work-related content, it’s not an issue because it’s all based on trust. (Sometimes, this makes it look like I’m in a different country too.)

Switch that mutual trust with a random VPN, and replace work sites with content you shouldn’t access. What do you really know about this VPN? How much can you trust them not to keep track of your activities? How do you know they won’t share your info with anyone who asks?

Iman said:
[deleted]

That’s not true. VPNs were created mainly for companies wanting more secure connections (Microsoft was particularly interested). Accessing content in other regions became a secondary use that gained popularity later. Protecting data privacy, which means hiding your activity from your ISP, was always the primary goal and remains so.

Iman said:
[deleted]

Thanks for explaining that. It’s fascinating that they market their service for one reason while knowing consumers typically use it for another.