Do I need a VPN? For most people, doing most things, at home: no. That is the honest answer, and it is the one answer the entire VPN industry is structurally incapable of giving you — because almost every article ranking for this question was written by a company that sells VPNs or earns a commission when you buy one.

I have spent years assessing how people actually get compromised. A VPN sits very low on the list of things that would have saved them. So before you hand over a subscription fee, let me tell you what a VPN actually does, what it quietly does not do, and the specific situations where it genuinely earns its place.

What are you actually protecting against?

Answer three questions — we'll point you straight to your answer.

Are you mostly on your own home or mobile network?
Are you about to travel, or use WiFi you don't control (hotel, airport, café)?
Are you trying to reach a service blocked or restricted where you are?

Do I need a VPN? The short, honest answer

For daily browsing on a network you control, a VPN solves a problem most people don't have. The internet changed underneath the marketing: the thing VPNs were genuinely useful for fifteen years ago has largely been fixed by the web itself, quietly, for free. I'll show you exactly where that leaves a VPN — useful in a few places, oversold almost everywhere else.

The security industry has a financial interest in making you think you need everything. A VPN is the most oversold item on that list.

What a VPN actually does

Two things, really. It encrypts the traffic between your device and a server run by the VPN company, and it swaps your real IP address for that server's. So your internet provider can see that you're connected to a VPN, but not what you're doing through it; and the websites you visit see the VPN's location instead of yours.

That's the whole mechanism. Everything a VPN can legitimately do for you flows from those two facts. Everything it can't do is what happens outside that tunnel — and that's a much longer list.

What a VPN does

  • Hides your browsing from the network you're on (your ISP, the café WiFi owner)
  • Replaces your IP address and apparent location
  • Encrypts traffic on networks you don't trust
  • Lets you appear to be in another country

What a VPN doesn't do

  • Stop malware, viruses, or sketchy downloads
  • Make you anonymous once you log into Google, Facebook, or your bank
  • Stop phishing, scams, or you clicking a bad link
  • Block cookies, trackers, or browser fingerprinting

What a VPN does NOT do

This is where the marketing quietly falls apart. A VPN is not antivirus — it does not look at a single file you download and has no idea whether it's malicious. It does not make you anonymous: the moment you log into any account, that service knows exactly who you are, VPN or not, and trackers and browser fingerprinting identify you regardless of your IP. And it does nothing about the way people actually get compromised — a convincing phishing email, a reused password, a careless click. A VPN is powerless against all of it.

That's why a VPN isn't one of the three tools in the minimum security stack that actually protects you — a password manager, a malware scanner, and two-factor authentication. Those close the gaps that get real people hacked. A VPN operates at the network layer, which, for most people most of the time, is not where the danger is.

If you take one thing from this article: a VPN will not save you from the things most likely to actually hurt you. It is a privacy tool, not a security blanket.

What your internet provider can and can't see

This is the strongest honest case for a VPN, so it's worth being precise. Without a VPN, your internet provider can see every domain you visit and can build a long-term record of it. With a VPN on, your provider sees encrypted traffic going to a VPN server and little else — but the VPN company is now in exactly the position your provider was. You haven't removed the watcher; you've changed who it is. That's only an upgrade if you trust the VPN company more than your ISP, which is a real question, not a given.

1 watcher

A VPN doesn't remove the observer — it moves it from your ISP to the VPN company

~95%

of web traffic is already encrypted by HTTPS before any VPN touches it

0

of your logins are hidden once you sign in — the service knows it's you

The public WiFi question everyone gets wrong

Here's the myth the ads lean on hardest: that café and airport WiFi is a den of hackers reading your passwords. That was true a decade ago. It mostly isn't now, because around 95% of the web is encrypted with HTTPS — the padlock in your address bar means the network can't read what you send to that site, VPN or not. (Google's HTTPS Transparency Report tracks this.)

So your coffee shop's WiFi is not the threat the ads told you it was. The honest residual value of a VPN on untrusted networks is narrower and real: it hides which sites you're visiting from whoever runs that network, and it covers the rare app or site that still doesn't use HTTPS properly. Worth it if you're on strange networks a lot. Not the apocalypse-grade necessity you've been sold.

Public WiFi is far safer than the VPN ads need you to believe. HTTPS quietly fixed the thing they're still selling you fear about.

So when is a VPN actually worth it?

There are real cases. They're just narrower than 'always, for everyone.'

Travel & untrusted networks

On networks you don't control — hotels, airports, conferences — a VPN hides your activity from the network operator and covers the gaps HTTPS doesn't.

Accessing services from abroad

Working or travelling overseas and need to reach services from home that block foreign IPs? This is the cleanest, most legitimate use of a VPN.

Censorship & throttling

In places where the network blocks or throttles services, a VPN can route around it. For many readers outside the US/UK this is the real reason to have one.

Keeping activity from your ISP

If you specifically don't want your provider logging which sites you visit, a VPN moves that visibility — provided you trust the VPN more than the ISP.

If you fall into one of those, a reputable paid VPN is worth the money — and free VPNs are not, because a free VPN monetises the very traffic you're trying to protect. A solid default for the travel and access cases is NordVPN.

Affiliate link — no extra cost to you.

Notice the pattern: every genuine use case is about a network you don't control or a location you want to change. At home, on your own network, none of these apply.

If you've decided you need one: how to choose

If one of those cases is you, here's what actually separates a VPN worth paying for from the rest.

1

Pay for it.

A free VPN funds itself by logging and selling the traffic you're trying to hide. This is the one place 'free' actively works against you.

2

Check the no-logs policy is independently audited — not just claimed.

The audit, by a named firm, is the part that matters.

3

Look at the company's jurisdiction and ownership.

Who runs it, and which country's laws can compel it to hand over data?

4

Make sure it has a kill switch.

If the VPN drops, your traffic shouldn't silently fall back to the open network.

5

Match it to your actual case.

Servers in the countries you need, and speeds that survive the encryption overhead.

💡
A VPN you trust the company behind, that's audited, paid, and matched to a real need — that's the whole checklist. Everything else is marketing.

Bottom line

So — do you need a VPN? If you're mostly at home on your own network, no, and you'll get far more security from a password manager and two-factor authentication than from any VPN. If you travel, use networks you don't control, or need to reach services blocked where you are, then yes — a paid, audited one is worth it for those specific moments.

The honest rule, short enough to remember: a VPN changes who can watch your traffic and where you appear to be — nothing more. Buy it for that, or don't buy it at all. When you're ready to spend your security effort where it counts most, start with the other everyday privacy tools that protect the things a VPN can't.

A VPN changes who can watch you and where you appear to be. Nothing more. Buy it for that — or don't buy it at all.