Skip to content
Diese Seite gibt es auch auf Deutsch.Zur deutschen Version

Technology · Security & sovereignty

VPN: What It Actually Does – and What It Doesn't

VPN adverts promise anonymity and protection from hackers – mostly marketing. What a VPN actually delivers, and what matters when choosing one.

By Boaz Lichtenstein

Article image: VPN: What It Actually Does – and What It Doesn't

Hardly any tech product is marketed more aggressively than VPN services – and hardly any with shakier promises: “Become anonymous”, “Protect yourself from hackers”, “Military-grade encryption”. Time to bring the tool back down to its actual size – because at that size, it’s genuinely useful.

Key takeaways

  • A VPN encrypts the path between your device and a VPN server – nothing more. It doesn’t protect against viruses, phishing or account takeovers.
  • “Anonymous” is the wrong promise: websites still recognise you through logins, cookies and fingerprinting.
  • A VPN makes sense for geo-flexibility, on insecure networks, and against an internet provider you don’t trust.
  • A VPN shifts trust, it doesn’t abolish it – the VPN provider can potentially see everything the provider used to see before.
  • A free VPN is almost never the right choice: if you’re not paying for the subscription, you’re usually paying with your own data.

What a VPN technically does

What actually happens technically when a VPN is active? A VPN builds an encrypted tunnel from your device to a server run by the provider; from there, your traffic goes out onto the open internet. Two effects, nothing more: your internet provider (or Wi-Fi operator) only sees the tunnel instead of your destinations – and websites see the VPN server’s IP address instead of yours, including its location. Everything else is folklore: a VPN doesn’t protect against viruses, phishing or account takeovers, and the “military-grade” encryption is the same standard your browser already uses for every HTTPS connection anyway.

A detail that almost never comes up in advertising: the VPN server itself isn’t a neutral relay point, but a machine that someone actually operates. With a reputable commercial provider, that’s a company with a business model and – ideally – an audited commitment not to log usage data. With a self-hosted server, it’s your own machine at home. Either way, whoever runs the tunnel could theoretically look inside it – so a VPN doesn’t just shift who can see your traffic, it also shifts whom you have to trust with it.

VPN advertising promises versus technical reality

Advertising promise Technical reality
“Become completely anonymous” hides your IP address, not logins/cookies/fingerprinting
“Protects you from hackers” no protection against viruses, phishing, account takeover
“Military-grade encryption” standard HTTPS-level encryption, no real differentiator
“Makes you invisible to websites” websites still see the VPN server’s location
“Speeds up your internet” usually a slight speed loss from the detour

Where it’s genuinely worth it

So who actually benefits from a VPN? The honest list of uses: geo-flexibility – content and prices that vary by location (the classic case on holiday: your home streaming library). Privacy from your network operator – useful on restrictive networks, when travelling in countries with internet surveillance, or when your own provider monetises your browsing data. Shifting trust on unfamiliar networks – hotel and airport Wi-Fi see nothing but the tunnel. And in a work context, the company VPN as secure access to internal systems – a related but separate category. If none of these apply to you, going without a VPN costs you very little.

From experience: the most common genuinely useful everyday case isn’t the dramatic “protection from hackers”, but the unglamorous habit of switching on a VPN at the airport or hotel Wi-Fi – networks that are often poorly maintained and where strangers’ devices can end up on the same subnet. Here, a VPN delivers real, noticeable value, with no marketing hyperbole required.

What actually matters when choosing one

What should you actually base your choice of VPN provider on? The core paradox first: a VPN shifts trust – away from your internet provider, towards the VPN operator, who can theoretically see everything. That’s why the real selection criteria are trust criteria: an independently audited no-log policy, a transparent company registration and ownership, modern protocols (WireGuard), and a business model that’s clearly funded by subscriptions – never use a free VPN whose operator has to live off selling data; in that case, better to use none at all. A realistic price range for a reputable subscription is usually a few euros a month on multi-year plans – noticeably more for month-to-month plans with no commitment. If you see an offer promising “lifetime access for a one-off €20”, be sceptical: servers, maintenance and bandwidth cost money on an ongoing basis, and that money has to come from somewhere.

Commercial provider or your own VPN server?

Is a VPN subscription worth it, or is a self-hosted solution the better choice? That depends on the purpose. Anyone who mainly wants to access geo-restricted content can barely avoid a commercial provider with many server locations – a self-hosted server only has one location: your own. Anyone who mainly wants secure access “back home” while out and about, say to their own home server, can build their own VPN with WireGuard or Tailscale – no third party involved, but with somewhat more setup effort and no choice of server locations. Both routes are technically sound; the decision is a question of purpose, not security.

Setting up a VPN – step by step

  1. Clarify the purpose: geo-flexibility, network protection on the go, or access to your own devices – the purpose determines the right solution.
  2. Choose a provider or a self-hosted solution: a commercial service with an audited no-log policy, or your own server with WireGuard or Tailscale.
  3. Choose a payment method independent of your main account: with commercial providers, this increases the separation between your identity and your usage.
  4. Install the app on every relevant device: smartphone, laptop, and, if needed, at router level for complete protection across your home network.
  5. Turn on the kill switch: this feature cuts your internet connection if the VPN tunnel drops – without it, traffic keeps flowing unprotected without you noticing.
  6. Set the protocol to WireGuard, if available – more modern and usually faster than older protocols.
  7. Test the connection: compare your IP address and DNS servers before and after activation to rule out leaks.

The most common mistakes when using a VPN

Which mistakes undermine protection most often? Using a free VPN while overlooking the fact that someone has to cover the server costs – usually through selling usage data. Not turning on the kill switch, so unprotected traffic keeps flowing unnoticed if the connection drops. Confusing a VPN with antivirus software, and as a result feeling falsely secure against phishing emails or malicious downloads. Always using the same server location, even though switching often fixes speed problems immediately. Never reading the provider’s small print, and missing a logging practice that contradicts the VPN’s whole point. Leaving the VPN switched on permanently and indiscriminately across every service, even though some applications – such as online banking with strict location checks – get unnecessarily blocked or slowed down as a result; turning it on and off deliberately is often more practical than running it constantly.

The bottom line

A VPN is a solid specialist tool in the security toolkit – right alongside passkeys and regular backups, and clearly lower in priority than either. Anyone who knows the three honest use cases – geo-flexibility, distrust of the network operator, unfamiliar networks – and picks a provider on trust criteria rather than advertising promises gets a genuinely useful tool. Anyone hoping for anonymity or comprehensive protection from cybercrime will be disappointed – that requires other tools, and above all common sense when clicking.

FAQ

Frequently asked questions

Does a VPN make me anonymous online?

No – it only shifts who can see your traffic: from your internet provider to the VPN operator. Websites still recognise you through logins, cookies and browser fingerprinting; your Google account still knows it's you, VPN or not. A VPN hides your IP address and location – anonymity is a much bigger promise that it can't deliver on its own.

Do I need a VPN on public Wi-Fi?

Less urgently than in the past: since practically all web traffic is now encrypted via HTTPS, anyone eavesdropping on café Wi-Fi can only see which domains you're visiting anyway – not the content. A VPN additionally hides that list of domains and offers protection on poorly configured networks; it doesn't hurt, but the old “without a VPN you're exposed” drama is outdated. More important on unfamiliar Wi-Fi: up-to-date software and never ignoring certificate warnings.

Does a VPN noticeably slow down my internet connection?

A moderate speed loss is normal, since traffic takes an extra detour via the VPN server – with good providers using modern protocols such as WireGuard, that's often barely noticeable, but on overloaded free servers it can be significant. Anyone who regularly notices speed drops should switch server location or check whether a different protocol is available in the app's settings – it's usually not the VPN principle itself that's the problem, but the chosen server.

Is using a VPN legal in Germany?

Yes, without restriction – using a VPN is legal throughout Germany and the entire EU, regardless of the purpose of the encryption. What stays illegal is whatever would be illegal without a VPN too: a VPN obscures the origin and destination of your traffic, but it doesn't make an offence go unpunished. In some countries outside the EU, VPN use is restricted or requires permission – worth checking before you travel.

Can I use a VPN to access streaming services from other countries?

Technically often yes, in practice with limitations: many streaming providers actively detect and block known VPN server IP addresses, so access doesn't work reliably. Bypassing geo-restrictions also generally breaches the providers' terms of service, even though it's rarely enforced technically. Anyone looking for a VPN primarily for this reason should factor in that uncertainty rather than treating it as a core function.