HolyGhost logoHolyGhost
← cd ..
Learn

What Is a VPN? What It Really Protects, and What It Does Not

VPNs are sold as magic privacy shields. A clear headed beginner guide to what a VPN actually does, the legitimate uses, and the things it cannot do that the ads imply.

HolyGhost··9 min read

You have almost certainly seen the adverts. A sponsor read on a podcast, a banner before a video, a confident voice promising that one download will make you invisible online, unhackable, and untraceable, usually while a cartoon hacker throws his hands up in defeat. It is a lovely story. It is also mostly wrong. A VPN is a genuinely useful tool, but it protects a much narrower slice of your online life than the marketing suggests, and believing the hype can leave you feeling safe while you are not.

So let us clear the fog. This is a straight, beginner friendly explanation of what a VPN actually does, where it genuinely helps you, and where it does precisely nothing despite what the ads imply. By the end you will know when reaching for one is smart, and when it is just theatre.

The core idea

VPN stands for Virtual Private Network. Strip away the jargon and it does one thing: it creates an encrypted tunnel between your device and a server run by the VPN company. Encryption means scrambling data so that anyone who intercepts it sees meaningless noise instead of the real contents. A tunnel is just a friendly word for a protected path that outsiders cannot peer into.

Your traffic travels through that tunnel to the VPN server, comes out there, and then continues on to wherever it was going, an ordinary website, an app, a game. The reply comes back the same way.

Without a VPN:  you  ->  your network / ISP  ->  the website
With a VPN:     you  ==encrypted tunnel==>  VPN server  ->  the website

Two things change as a result, and they are the whole point of the exercise.

First, your local network and your internet provider can no longer see the contents or the destinations of your traffic. Your ISP, the company you pay for your internet connection, can still tell that you are connected to a VPN, but not what you are doing beyond it. Everything inside the tunnel is scrambled.

Second, the websites you visit no longer see your address. They see the VPN server's address instead. To them, your traffic appears to originate from wherever that server sits, which might be a different city or a different country entirely.

What is an ISP, and why does it see so much?

Your Internet Service Provider is the company that connects your home or phone to the internet. Because every request you make passes through them, they can normally see which sites you visit, and they may log it or even sell aggregated data about it. A VPN moves that visibility away from your ISP, which is one of its real and honest benefits.

What a VPN genuinely does

Set aside the invisibility fantasy and there is a solid, practical toolkit here. These are the jobs a VPN really does well.

  • It hides your traffic from the local network. On public WiFi at a cafe, hotel, or airport, you are sharing a network with strangers, and the person who runs it can potentially watch what passes across it. A VPN wraps your traffic in encryption so nobody on that network, including its owner, can read it. This is the single most useful everyday reason to use one.
  • It hides your destinations from your internet provider. Your ISP sees an encrypted stream heading to the VPN and nothing more. The individual sites beyond it are out of their view.
  • It changes your apparent location. Because you exit the tunnel at the VPN server, sites believe you are located wherever that server is. This is how a VPN lets you reach content that is locked to a particular region, or check how a website looks to visitors in another country.
  • It provides secure remote access. This is the original corporate purpose, and it is still huge. Staff working from home can tunnel into the company's private network as if they were sitting at a desk in the office, reaching internal systems safely across the public internet.

Public WiFi is the classic use case

If you take one practical habit from this article, make it this one. When you connect to WiFi you do not control, a cafe, an airport lounge, a hotel room, switch your VPN on before you do anything sensitive. That is the scenario a consumer VPN was genuinely built to help with, and it does the job well.

What a VPN does not do

This is the part the marketing quietly skips, and it is the most important section on this page. Believing a VPN does these things, when it does not, is how people get a false sense of security.

A VPN does not make you anonymous

It moves trust, it does not remove it. Your traffic is hidden from your local network and ISP, but the VPN provider can now see it instead. You have simply chosen to trust them rather than your ISP. A VPN also does nothing to stop the sites you log into, or the trackers and cookies they use, from identifying you.

Let us go through the specific myths one at a time, because each one trips people up.

It does not protect you from malware or phishing. A VPN encrypts the pipe your data travels through. It does not inspect what flows inside that pipe. A phishing link, a message that tricks you into handing over a password or downloading something nasty, is exactly as dangerous over a VPN as without one. The tunnel will faithfully and securely deliver the trap right to you. If you would like to understand the trick itself, our guide on phishing is a good next read.

It does not replace HTTPS. You know the little padlock in your browser's address bar. That padlock means the connection between you and that specific website is already encrypted end to end, the whole way, using a protocol called HTTPS. A VPN only encrypts the stretch between you and the VPN server. After that, your traffic continues to the website in its normal form. So the two protect different sections of the journey, and a VPN is not a substitute for the padlock. When you log into your bank, HTTPS is what protects the login itself, VPN or no VPN.

It does not make you untraceable. The moment you log into an email account, a social network, or a shopping site, you have told that service exactly who you are, tunnel or not. On top of that, sites use browser fingerprinting, a technique that identifies you from the unique combination of your device's settings, and the VPN provider itself keeps at least some records of the connection. Stack these together and you are a long way from true anonymity.

Free VPNs can be worse than no VPN

Running a VPN service costs real money, so ask yourself how a free one pays its bills. Too often the answer is by logging your activity and selling it, which is the exact opposite of what you downloaded it for. If you are going to trust a company with all of your traffic, a free product with no clear business model is the last one you should choose.

Choosing and using one sensibly

Because a VPN concentrates all of your traffic through one company, the choice of that company matters enormously. Here is how to think about it.

  • The provider is now your trusted party. You are handing them the same visibility you took away from your ISP, so pick one with a genuine reputation and a clear, ideally independently audited, no logging policy. No logging means they promise not to keep records of what you do, and an audit means an outside firm has checked that the promise holds. A claim on a marketing page is not the same as a verified one.
  • Match it to a real need. Public WiFi, remote work access, and shifting your region for legitimate reasons are all solid uses. "Becoming anonymous" is not something a VPN can actually deliver, so do not buy one expecting that.
  • Layer it with the basics. A VPN is one specific tool, not a whole security plan. It does not replace multifactor authentication, keeping your software patched, or a healthy scepticism towards messages that ask you to click, log in, or download in a hurry.

A quick way to decide

Ask yourself: who am I trying to hide from? If the answer is "the stranger running this cafe WiFi" or "my ISP", a VPN helps. If the answer is "the website I am about to log into" or "advertisers tracking me across the web", a VPN does almost nothing, and you want other tools for that job.

The takeaway

A VPN builds an encrypted tunnel to a server that your traffic exits from. That genuinely protects you from your local network and your internet provider, and it lets you shift your apparent location, which makes it a real asset on public WiFi and for remote work. Those benefits are honest and worth having.

But a VPN shifts trust to the VPN provider rather than removing it, and it does nothing against malware, phishing, or the sites tracking you the instant you log in. It is not a replacement for HTTPS, and it will not make you anonymous. Treat it as a useful, specific tool with a clearly defined job, choose a trustworthy provider, and keep the security basics in place around it. Do that, and a VPN earns its place. Just do not mistake it for the invisibility cloak it is sold as.