The VPN Lie Everyone Keeps Believing
Save the silver bullets for vampires, not your encryption needs.
VPN: A Silver Bullet?
Watch almost any YouTube video and you will eventually encounter an ad for a VPN service. Each one promises “total privacy,” “secure browsing,” and the ability to watch Netflix shows from other countries. They often bundle password managers and other “security features,” all for a low monthly price.
Sounds great, right? Well, not exactly.
So What Is a VPN?
A VPN (Virtual Private Network) is a cryptographically secure connection between your computer or router and a remote endpoint. It creates a tunnel that protects your data as it travels across untrusted networks.
This tunnel allows your unencrypted traffic to reach the VPN endpoint securely, preventing local observers from seeing what you are sending.
Unencrypted traffic includes any communication not wrapped in an encryption layer like TLS. Common examples include older forms of email, unprotected websites, or legacy business applications.
No VPN Solution
/--> [ Internet Backbone ] --> [ Dating ISP ] --> [ Dating Site ]
[ Computer ] ~~> [ Router ] ~~> [ ISP ] ~~+ ==> [ Internet Backbone ] ==> [ Twitter ISP ] ==> [ Twitter ]
\==> [ Internet Backbone ] ==> [ Banking ISP ] ==> [ Banking ]
Legend:
~~ Mixed Traffic
- Unsecure Traffic
== Secure Traffic
Overview
In this diagram, your traffic originates from your computer and passes through your router and ISP before reaching its destination. Without a VPN, the traffic is a mix of secure and unsecure data.
Every middle point along the route (your ISP, backbone providers, and destination ISPs) can potentially see or log parts of that traffic.
You can view this path yourself by running a traceroute command:
>traceroute google.com traceroute to google.com (142.250.190.110), 30 hops max, 60 byte packets 1 _gateway (192.168.86.1) 7.882 ms 7.869 ms 7.863 ms 2 fedtel.stellarllc.net () 8.070 ms 7.853 ms 7.848 ms 3 162.211.40.217 (162.211.40.217) 7.843 ms 7.838 ms 7.833 ms 4 100ge1-cns.neweffington.stellarllc.net (66.234.123.234) 24.021 ms 24.017 ms stlr9k-be50.hoffman........ ms 5 stlr9k-be60.brandon.mn.stellarllc.net (66.234.112.233) 15.950 ms 15.945 ms 15.941 ms 6 100ge1-cns-w.511.stellarllc.net (66.234.112.237) 20.070 ms 16.186 ms 16.175 ms 7 AS15169.micemn.net (206.108.255.141) 27.091 ms 19.916 ms 27.066 ms 8 108.170.243.225 (108.170.243.225) 30.580 ms 30.574 ms 108.170.244.1 (108.170.244.1) 23.402 ms 9 142.251.60.207 (142.251.60.207) 180.509 ms 142.251.60.205 (142.251.60.205) 180.489 ms 180.475 ms 10 ord37s35-in-f14.1e100.net (142.250.190.110) 180.469 ms 180.462 ms 405.390 ms
Each “hop” represents a system that handled your traffic before it reached Google.
Concerns
Local Network
Devices on your home or local network can see unencrypted traffic and its destinations.
ISP
Knows your source and destination IP addresses
Can view unencrypted data sent to insecure sites
Internet Backbone Providers
See source and destination IPs
Can view any unencrypted data passing through
Service Provider ISPs and Websites
See your IP address and the contents of any unsecured traffic
In short, everyone in the network chain knows something about your activity. Even if your data is encrypted, your destinations and traffic patterns remain visible.
VPN Solution
/--> [ Dating ISP ] --> [ Dating Site ]
[ Computer ] =====================> [ VPN Server ] ~~> [ VPN ISP / Backbone ] ==> [ Twitter ISP ] ==> [ Twitter ]
\==> [ Banking ISP ] ==> [ Banking ]
Legend:
~~ Mixed Traffic
- Unsecure Traffic
== Secure Traffic
Overview
Here, the VPN creates a secure tunnel between your computer and the VPN server. All traffic between you and the VPN is encrypted. Once it reaches the VPN server, it exits to the internet like any normal connection.
This means your ISP and local network cannot see the details of your activity. However, the VPN provider and the destination websites can still view the same information your ISP once could.
Concerns
Local Network
Sees only encrypted traffic to the VPN server
ISP
Sees only encrypted traffic to the VPN server
Internet Backbone
Sees only encrypted traffic to the VPN server
VPN Provider
Knows your true IP address and all destination IPs
Can view any unencrypted data that exits its network
Service Providers (Websites)
See the VPN’s IP and any unencrypted data as usual
In essence, you have moved trust from your ISP to your VPN provider. You are still depending on another organization to protect and respect your data.
Pros
Privacy from your local ISP: Prevents logging and tracking at the ISP level.
Access flexibility: Allows bypassing of regional restrictions or censorship.
Public Wi-Fi protection: Keeps your data secure on untrusted networks.
But there are tradeoffs. When you change your IP address regularly, some services that use IP tracking for account security cannot verify legitimate logins as easily. This can lead to extra authentication steps or weaker location-based protection when your credentials are stolen.
Summary
A VPN is not a silver bullet. It is a tool with specific use cases: hiding your traffic from local observers, bypassing restrictions, or securing data on public networks.
For most users in developed regions, a VPN provides minimal benefit compared to what modern encryption standards already offer.
If you have specific privacy or access needs, use a VPN wisely. If not, save your money and put it toward something that actually improves your digital life.