The Truth About VPNs

October 1, 2025

Virtual Private Networks (VPNs) are widely promoted as essential tools for online privacy. They promise to encrypt your internet traffic, hide your IP address, and shield you from surveillance and tracking. While these benefits are real in many cases, the belief that VPNs offer complete security is misleading. VPNs still expose users to the same risks through data leakage, the sale of personal information, and a technique known as browser fingerprinting.

A VPN creates a secure tunnel for your internet traffic, routing it through a remote server. It encrypts your data and masks your real IP address, making it harder for your internet provider, websites, or hackers to track what you’re doing online. Think of using the internet like driving from point A to point B. Normally, anyone can see your car and track your route. Normally, anyone watching can see your car, track your route, and even guess where you’re going. A VPN works like putting your car inside a covered truck—no one can see your car or where it’s headed while it’s inside. The truck carries you through part of the journey, keeping your route hidden. But just like you’d want a trustworthy driver for that truck, you need a reliable VPN provider to make sure your privacy stays protected.

But here’s the catch: a VPN is only as good as the company behind it. If the provider isn’t trustworthy, is poorly set up, or operates in a country with heavy surveillance (like China), your privacy could be at risk.

Many users assume that using a VPN guarantees anonymity, but VPNs simply offer the illusion of security.

One of the most common issues with VPNs is data leakage, which can occur even when the VPN is active:

  • DNS Leaks: Your device may still use your ISP’s DNS servers to resolve domain names, exposing your browsing activity.
  • IP Leaks: Poorly configured VPNs may fail to mask your real IP address, especially during connection drops.
  • WebRTC Leaks: A browser feature that can reveal your IP address even when using a VPN.

These leaks often go unnoticed, giving users a false sense of security while their data is exposed.

Another major concern is the monetisation of user data by VPN providers. While premium VPNs charge subscription fees, many free VPNs rely on selling user data to advertisers and data brokers.

Investigations have shown that some VPNs track user activity across websites and collect metadata such as device info, location, and browsing habits. Many providers share or sell this data to third parties. This is especially common among free VPNs, which often operate with minimal transparency. Even some paid VPNs have been caught retaining logs or sharing data despite claiming otherwise.

VPNs in countries with strict surveillance laws may be legally required to hand over user data. For example, VPNs in the Five Eyes alliance (U.S., U.K., Canada, Australia, and New Zealand) may be subject to intelligence-sharing agreements. Providers in countries with weak privacy protections may be vulnerable to government pressure or corporate exploitation. Even if a VPN claims to have a no-logs policy, its jurisdiction may override that promise.

Browser Fingerprinting

Even with a VPN, your browser may still betray your identity through browser fingerprinting—a sophisticated tracking method that collects unique characteristics of your browser and device to identify you. Fingerprinting gathers data such as browser type and version, operating system, screen resolution, installed fonts and plugins, time zone and language settings and even hardware specifications. This combination of attributes creates a unique “fingerprint” that can be used to track you across websites, even if your IP address is hidden by a VPN.

Unlike cookies, fingerprinting doesn’t require storage on your device and is difficult to block. It’s used by advertisers, analytics firms, and even governments to monitor user behaviour. VPNs do not prevent fingerprinting because they only mask your network traffic—not your browser’s characteristics.

It’s possible to mitigate fingerprinting by taking additional steps such as using a privacy-focused browser (e.g., Firefox with anti-fingerprinting settings, Brave, or Tor). You can also disable JavaScript, though this can break many websites. The best option is to use a browser extension like Privacy Badger or uBlock Origin.

Choosing a trustworthy VPN requires scrutiny. Look for providers that have a verified no-logs policy, ideally audited by independent firms. Check they are based in privacy-friendly jurisdictions and offer leak protection features (DNS leak protection, kill switch, and WebRTC blocking).

Avoid VPNs that are free with no clear source of revenue or have vague or contradictory privacy policies. Make sure they have not been involved in past scandals or data breaches, like Facebook’s Onavo, which was banned in 2018 for violating Apple’s privacy rules by snooping on all aspects of user activity.

VPNs can enhance online privacy, but they are not a silver bullet. To truly protect your data, it’s essential to understand the limitations of VPNs, scrutinise providers carefully, and combine VPN use with other privacy practices—such as using secure browsers, disabling unnecessary features, and, most importantly, being mindful of what you share online.