A VPN (Virtual Private Network) is one of the most misunderstood technologies among non-technical people. In fact, I have encountered many technical people who completely misunderstand what a VPN is and is not. These days, the term VPN is often touted as a solution for all security issues and is advertised by vendors as a one-size-fits-all security solution. This is a misconception and creates a false sense of security. A VPN is not a magic shield for online safety; it is primarily a privacy tool, not a security tool. While privacy and security do overlap, they are distinct concepts. Privacy is about protecting your personal information and activities from being observed, whereas security involves protecting your data and devices from unauthorized access and threats. Let’s take a closer look at what a VPN is and is not.
What VPN is?
Simply put, VPN creates an encrypted network tunnel between your device (laptop, phone etc.) and a VPN server. All your data pass through the tunnel in an encrypted form to the VPN server to make it harder for anyone to track your online activity and most importantly where you are located. The websites you visit will only see the VPN server’s IP address not your device’s IP address. It is this aspect that allows journalists, activists and the like to hide from governments that watch everything they do. Similarly, cyber criminals can leverage this to mask their identity. It also allows people who want to get access to services (for example: video streaming) that are "geo-fenced" i.e. not allowed from certain countries due to regulation etc. Finally, corporations use VPN to prevent sensitive corporate data travelling from employee laptop via public network and to provide access to company resources. That is pretty much VPN is in a nutshell.
What VPN is not?
VPN does not protect you from cybercriminals or viruses or trojan or spam or adware or identity theft etc. Remember I mentioned above that VPN would prevent anyone from tracking your online activity? Well, it is not entirely true. Logged-in accounts and browsing habits can still be tracked (see my earlier blog on 3rd party cookie) by websites you visit. In addition, your VPN provider knows which sites you visit and has logs, even though many claim they don't log. As mentioned earlier VPN isn't antivirus! So even with VPN running, you still need separate protection from malware, virus, trojan etc. Also, there is no guarantee on complete safety, as leaks can happen at the VPN server and some VPN providers log your activity and hand over to authorities when requested depending on local and international laws.
Do you need VPN?
The short answer is no, unless you have a specific reason to hide your online activity. For most everyday users, this isn't necessary. With the widespread adoption of https protocol, which encrypts data between your browser and the websites you visit, VPN adds little value for general online safety. In fact, using a VPN can significantly reduce your bandwidth despite the vendor’s claims of a "fast" solution. About 15 years ago, when the https protocol was not widely implemented, using a VPN was the only way to encrypt data from prying eyes -- up to the point where the VPN tunnel ended. However, this is no longer the case today, as all websites are protected by end-to-end secure connectivity.
Ultimately, whether you use a VPN or not, inherent risks are associated with using public Wi-Fi, which is beyond the scope of this blog. Unless your device runs on a secure operating system, such as Linux or Apple’s macOS, there is always a risk of compromise on public networks — even with an active VPN. It’s possible for someone sitting nearby in a coffee shop to hack into your device.