Do you really know what they are?
Last year we saw the UKs use of VPNs sky-rocket as a result of the Online Safety Act which in early 2026 was expanded to mandate Preemptive Scanning, essentially the introduction of pre-crime. We also saw some mutterings of trying to regulate a ban the use of VPNs as it was clear that the more tech-savvy and those who value their privacy were using one variety of VPN in an attempt to break out of the UK’s walled dragnet.
But do you really know what a VPN is? They mean different things to different people. Here’s why:
Corporate access VPN
This is the boring, legitimate kind: you connect to your employer so your laptop can reach internal systems. This is “get me into the building” VPN. Any SME who takes cybersecurity seriously will be enforcing the use of a corporate VPN for all remote workers as a matter of course, at least they should be.
Personal overlay / mesh network VPN
This is “make all my devices feel like they’re on the same private network,” even when you’re on hotel Wi-Fi or mobile data. Tools like Tailscale get shoutouts for being more like a virtual router than a “privacy potion.” This variety is popular with self-hosters and Digital Sovereignty practitioners. This is also the variety I use to access my home-run cloud services.
Consumer “privacy VPN”
This is the one in every influencer ad read: route all your traffic through a VPN provider so websites see the provider’s IP address, not yours. You’re paying to put your internet in someone else’s envelope. This variety is also used to access different content libraries of paid-for services such as Netflix and Prime Video, to make it appear to the service that you are in a different country.
What a consumer VPN actually does (and what it doesn’t)
A consumer VPN does one big, clear thing: it creates an encrypted tunnel from your device to the VPN company’s server, then your traffic exits to the wider internet from there.
That means:
- Your ISP sees less of what you’re doing (often still some metadata, unless you also cover DNS and related leaks).
- The websites you visit see the VPN’s IP, not your home IP.
What it does not magically do:
- It doesn’t “stop hackers” in some general sense.
- It doesn’t sprinkle fairy dust on “identity theft.”
- It doesn’t make you anonymous just because the word “privacy” is on the homepage.
One Open Technology Fund write-up phrases the core truth cleanly: choosing a VPN is often a trust transfer. You’re moving trust from your ISP to your VPN provider, and that has real security implications because the provider has access to your data in transit.
So the question isn’t “Do I need a VPN?” It’s “Who do I trust to be the middleman?”
The trust problem: privacy sold as a promise
A recent [H]N post](https://news.ycombinator.com/item?id=46768595) lays down a spicy philosophical dagger: “trust is antithetical to privacy.” If your privacy depends on someone choosing not to look, you don’t have privacy. You have a promise.
And the “no logs” promise has a built-in problem: you can’t directly verify it from the outside. The post points out that VPN companies tout “zero logs,” but those claims are hard to audit and history includes cases where “zero logs” didn’t mean what users assumed.
This is why a VPN can be both:
- a legitimate tool, and 0 an extremely convenient product to market with spooky words like “threats,” “hackers,” and “bank accounts” (someone on HN said friends told them they use a VPN “to protect my bank accounts,” which is… not how any of this works).
A VPN is a pipe. Pipes don’t have ethics. The people and incentives behind them do, and some of these people are loving the fact they can analyse 100% of your internet traffic and sell it to advertisers (or worse) which is probably one of things you wanted to avoid by signing-up to such a service.
Who owns the VPN is what really matters
Sometimes you really need the tunnel. Sometimes you just bought a monthly subscription to outsourcing your browsing to a stranger with better branding.
Thanks for coming to my TEDtalk, let me know if this want too much of a rant.