What Does a VPN Actually Hide, and Who From?
Using a VPN can hide your IP address, your geographic location, your web browsing activity and much more.
A VPN does this by encrypting your traffic and using a remote VPN server as the middleman between your device and the website or app you’re using.
The tricky part is understanding who this information is hidden from.
It’s not enough to know that a VPN hides your location, you also need to know who it is hidden from and who it is not hidden from. Otherwise, you could put yourself at risk by believing you’re protected when you’re not.
In this section, we’ll detail precisely what a VPN hides, who it is hidden from, and who it is not hidden from. We’ll also explain why it is beneficial to hide this information with a VPN.
First, here’s a full summary of what a VPN hides:
- Your IP Address – Websites and apps use your IP address to track your activity, create personalized content, increase prices, impose bans and restrictions, and to collaborate with advertisers and law enforcement agencies.
A VPN hides your IP address from these websites by tunneling your traffic through a VPN server. This makes it appear as though your traffic comes from the VPN server’s IP address, thereby keeping your personal IP address hidden from view.
- Your Location – Your IP address also contains information about your rough geographic location. Because of this, some websites and services use it to enforce regional restrictions. For example, Netflix determines which movies and TV shows it is licensed to show you based on the country associated with your IP address.
By hiding your IP address, a VPN can also change the way your location appears to certain websites, apps and services; most notably, from streaming services.
- Your Browsing History – Your ISP tracks and records everything you do online. It can then share that information with governments and police, sell it to advertising networks and data brokers, or use it to throttle (or even block) your connection.
A VPN encrypts your traffic, which hides your browsing history from ISPs and anyone they distribute information to. VPN encryption also hides your online activity from WiFi administrators at work, school, college, home, and in airports and coffee shops.
- Your Personal & Sensitive Data – Cybercriminals use unsecured public WiFi networks to hack into your connection and steal personal and sensitive information, including passwords, credit card numbers, and medical details. These are known as man-in-the-middle attacks and can take many different forms, such as DNS spoofing and session hijacking.
By encrypting your data, a VPN protects you from these attacks and keeps your personal information safe and hidden.
- Your Torrenting & P2P Activity – Torrenting without a VPN poses a threat to your privacy and security. Your IP address is exposed to hackers and copyright trolls every time you download or upload a file. Also, your ISP can see when you visit torrenting sites and is likely to pass that information on to police and copyright holders.
When you use a VPN for torrenting, the encryption hides your activity from your ISP and only the VPN server’s IP address gets exposed in the ‘torrent swarm’.
- The VPN Itself – When you use a VPN normally, your ISP, government, and WiFi administrator won’t see your browsing activity. However, your ISP can see that a VPN is being used. This may lead to censorship, legal problems, or a scolding from your employer or school administration.
To overcome this, the best VPNs can hide the very fact you are using a VPN. They do this with VPN obfuscation technology, which camouflages your traffic among regular HTTPS traffic.
We’ll now take a more in-depth look at these, one-by-one. You can use the links above to jump straight to the information you’re interested in. Alternatively, you can skip to our next section on the information VPN services will not hide.
1. Your IP Address From Websites & Apps
Your IP address is the unique sequence of numbers assigned to you and your internet connection. It works like an online passport, revealing details of your identity as you browse.
Your IP address is tied to sensitive information, such as your Internet Service Provider (ISP) and your rough geographic location. If you know someone’s IP address, it’s also possible to scan their router for open ports, which are vulnerable to malware.
Websites and apps use your IP address to register when you visit their site. This means they can record your activity and then link it back to you each time you return.
Websites regularly share this information with other websites, advertising networks, data brokers and online trackers, too. Collectively, they form comprehensive profiles of you and your browsing habits, using your IP address to tie it all together.
These entities can then track you across the internet, targeting you with personalized advertising, collecting additional information about you, and surveilling your browsing activity.
A VPN protects you from these advertising and surveillance networks by hiding your IP address as you browse.
When you use a VPN, your traffic goes via a VPN server on its way to the website or service you’re accessing. From the website’s point of view, this makes your traffic appear as though it is coming from the IP address of the VPN server, thereby hiding your personal IP address.
Using a VPN does not stop websites and advertisers from seeing what you do online, but it stops them from linking that activity back to you via your IP address. It therefore becomes much harder for them to gather information about you or surveil you.
Your browsing habits can be tracked using cookies, too. These are small files that are downloaded into your web browser whenever you visit a website or click a link. They stay in your browser and then send information back to the website when you return, enabling it to re-identify you.
If you have been mistakenly banned, then using a VPN will let you regain access to the service because it hides your original, banned IP address from the website.
NOTE: A VPN does not hide your IP address from your ISP, government, employer, network administrator, or cybercriminals on the local network. It is only hidden from the websites you visit and any third-parties that they choose to share information with.
2. Your Physical Location From Websites & Apps
Websites and apps can vary their content based on your geographic location. Netflix, for example, has a different catalog of movies and TV shows for US users than it does for Japanese users.
These websites typically use your IP address to determine which country-specific content to show you. This is a process known as IP-based geolocation.
By replacing your IP address with the VPN server’s IP address, a VPN will hide your location from the websites you visit. This means you can trick streaming services into thinking you are physically located wherever the VPN server is located.
This allows you to change your Netflix region and gain access to streaming content from the VPN server’s geographic region.
Importantly, most VPNs let you choose which server location to connect to. This means you can pick which region-restricted content to unblock. For example, if you want to watch BBC iPlayer but you are not located in the UK, you simply have to choose a UK-based VPN server and you’ll be able to stream BBC content from outside the UK.
NOTE: Different VPNs offer different VPN server locations. They also differ in how effective these servers are at unblocking streaming services. To find out which VPN you should use, read our review of the best VPNs for streaming.
Streaming is not the only reason to hide your physical location from websites, either. Other forms of internet censorship typically rely on IP-based geolocation too. For example, Microsoft Bing has been found to censor autofill suggestions whenever the user’s IP address shows them to be located in China.
A VPN will hide your physical location from the websites and services you visit, but not from your ISP or employer. These entities still see the (encrypted) communication between your device and the VPN server. That means they still know your personal IP address and, thus, your rough physical location.
EXPERT TIP: IP-based geolocation is not the only way that websites and apps can track your physical location. Apps like Uber and Google Maps use GPS information to determine your location. In these cases, hiding your IP address with a VPN does not work to spoof your location (although there are some exceptions).
3. Your Browsing History & Search Activity From Your ISP
A good VPN hides your web browsing history from your ISP. This includes:
- The websites you visit and the apps you use
- What you do on those websites and apps (if they are not HTTPS encrypted already)
- How long you spend on them
- The timestamps for when your session started and ended
- Any files you download or upload
The VPN hides your browsing activity from your ISP by encrypting your traffic. That means it converts the contents of your traffic into an unintelligible string of letters and numbers that only the VPN server knows how to interpret.
Instead of seeing details about which websites you’re using and how long you’re spending on them, your ISP now sees a stream of indecipherable jargon. The only information available to your ISP is the IP address of the VPN server and the total amount of data being transferred along the connection.
The same is true for anyone with router-level access. That means using a VPN can hide your browsing activity from employers, parents, landlords, school and college administrators, Starbucks, and anyone else eavesdropping on an unprotected WiFi network.
EXPERT TIP: One common misconception is that a VPN hides your Google search history from your ISP. In fact, your Google searches are already hidden from your ISP, even when you don’t use a VPN. That’s because Google uses HTTPS to secure your searches, which means your ISP can detect that you’re using Google but it can’t see the specifics of your query.
Most ISPs keep logs of your browsing history whenever you don’t use a VPN. In many countries, such as the UK and Australia, they are required to do so by law. This poses a number of different threats:
- Privacy. ISPs can share these browsing history logs with anyone they choose to. It is likely that your ISP is passing over information about your browsing habits to data brokers who then sell on to willing buyers – usually advertising companies.
- Freedom. ISPs may be compelled to share your browsing records with government agencies and police forces too. Not only does this facilitate global mass surveillance, it also allows governments to implement censorship regimes that limit your freedom online.
ISPs often work with governments to censor content and penalize individuals who access restricted information. They may even allow police to monitor your web traffic in real-time.
- Security. Your ISP likely keeps logs of your historical web browsing activity in a database. If cybercriminals were to hack into these servers, they would gain access to that sensitive information.
Unfortunately, these security breaches are not unheard of, either. Austria’s largest ISP, A1 Telekom, suffered one in 2019. In 2017, 8.9 million people had their data exposed when a Russian ISP was breached.
- Performance. ISPs have been known to throttle the speeds of internet users engaging in high-bandwidth activity, such as online gaming and P2P file-sharing. While there are certainly legitimate reasons for internet throttling, it is thought that ISPs may also use throttling as a revenue stream.
NOTE: Using a VPN prevents some forms of internet throttling but not all. Your ISP can still see the total amount of bandwidth you are using, even if it can’t see what you’re using it for. Your connection may still be throttled if you are deemed to be using too much. You can learn more about this in our guide to VPN data usage.
VPN encryption hides your browsing activity from your ISP, allowing you to avoid censorship, surveillance, throttling, data theft, and personalized advertising.
If your ISP can’t see what you’re doing online, then it can’t throttle your gaming traffic, work with governments to implement censorship measures, or let police track you in real-time.
Furthermore, a VPN prevents your ISP from recording logs of your browsing history which can leave you susceptible to data breaches, be shared with advertising networks, or used to support government surveillance.
It’s important to note, however, that VPNs can’t erase ISP records of your previous, unprotected search history. In other words, if your ISP has logs of your web browsing activity from before your traffic was encrypted, then using a VPN is not going to delete those records retroactively.
EXPERT TIP: With a VPN turned on, your ISP can’t see your browsing activity, but it can tell that you’re using a VPN. This is because it needs to know the VPN server’s IP address in order to send your traffic there.
This means that the government, police, and anyone else your ISP shares information with also knows that you’re using a VPN. This is important, because VPNs are not legal everywhere.
Does a VPN Hide Your Browsing History From Employers, Your Router & Other WiFi Administrators?
VPN encryption can hide your browsing history from WiFi administrators, too. This includes:
- School & College IT Technicians
- Public WiFi Owners (e.g. Starbucks and airport staff)
In theory, anyone with router-level access is in the same position as your ISP: they can see that your traffic is going to a VPN server, but they cannot see where it goes after that.
A VPN also has the added benefit of letting you bypass any firewalls on the router, which may allow you to unblock certain websites at school and on college or workplace networks.
It is important to remember, however, that WiFi administrators can still detect that you are using a VPN, even if they can’t see what you’re using it for. You may therefore get into trouble if personal VPNs are banned in your place or work or study.
You should also be aware that a VPN is unlikely to hide your browsing activity when using a work or school computer. This is because administrators often have a way of monitoring your screen directly, either through remote access software, keylogging technology, or a screen monitoring program that is pre-installed onto the device.
NOTE: A VPN doesn’t prevent IT technicians from physically looking at the search history on the computer after you have logged out, either. You therefore need to remember to delete your browser history, cache, and cookies at the end of every session, even when using a VPN.
Does a VPN Hide Your Search History From Google?
Using a VPN cannot hide your search history from Google or any other search engine. Google will always see your search queries because you’re using its service to make them. The question, however, is whether Google can link those searches back to you.
If you’re signed in to your Google account, then the answer is yes. Google is able to associate each search with your account and your previous search history. Thus, the first step toward hiding your search history from Google is to log out of your account.
Once you’re logged out and are using a VPN to hide your IP address, it becomes much harder for Google to link your search history back to you.
Even then, it’s likely that Google uses other ways to link your search history back to you, without needing to know your IP address or account details.
For instance, they can deploy sophisticated algorithms that use your device type, screen resolution, GPS location, behavioral patterns, and many other factors to identify you, if they so wish. It is therefore safest to assume that your VPN is not hiding your search history from Google.
The best way to stay hidden from Google is simply not to use it. We recommend using an alternative search engine like DuckDuckGo and a privacy-focused browser instead.
NOTE: Google doesn’t only know your search history, it also knows which websites you visit by tracking the search results you click on.
4. Your Personal Data from Hackers & Cybercriminals
Using a VPN helps to keep your personal and sensitive data hidden from hackers and cybercriminals in a number of different ways.
We have already seen that hiding browsing activity from your ISP can reduce the risk of data theft from security breaches, and that a VPN prevents vishing, doxing and DDoS attacks by hiding your IP address. But these aren’t the only ways a VPN keeps you safe and secure online.
A VPN also keeps your sensitive data hidden on unsecured public WiFi networks. In particular, it protects you from two main forms of man-in-the-middle attack:
- DNS Spoofing: On unsecured public WiFi networks, it is relatively easy for attackers to hijack your DNS requests. They can then re-route your connection to a website under their control, without you knowing.
A VPN can protect you from DNS spoofing attacks by encrypting your requests and resolving them on the VPN provider’s own DNS server. This stops the attacker from seeing your DNS request, let alone spoofing it.
- Session Hijacking: Hackers might also steal the ‘session cookies’ that appear temporarily whilst you’re connected to a website’s server. These are small text files stored in your browser that authenticate and facilitate an individual session on that website.
On unsecured WiFi networks, attackers can use packet sniffing or fake hotspots to steal these cookies and take over your session. If you were online banking, then they could even make bank transfers from your account.
By encrypting your connection, a VPN makes your traffic unreadable to everyone except the VPN server. This includes hackers on a public WiFi connection. It therefore keeps your personal information safe and hidden from criminals.
EXPERT TIP: Some VPN protocols, such as PPTP, are no longer fit for purpose and can be easily hacked. If your VPN service is using PPTP then your personal data is at risk and you should stop using the VPN immediately. For more information, read our full guide to VPN protocols.
5. Your Torrenting Activity From Your ISP, Police, & Copyright Holders
A good VPN hides your torrenting downloads and P2P file-sharing activity from your ISP. This is helpful because ISPs often throttle (or even block) P2P traffic due to its high-bandwidth nature.
By encrypting your data, however, a VPN can hide the fact you are torrenting from your ISP, leaving you free to enjoy fast download and upload speeds.
It also means your torrenting activity stays hidden from police and copyright holders, too. Your ISP would typically work with law enforcement to issue you with DMCA notices, fines and legal action, should you ever mistakenly download any copyrighted material. VPN encryption stops your ISP from logging your P2P activity in the first place, which means it has no relevant information to pass on to these authorities.
Using a VPN will also help keep you safe from other torrent users on the P2P network. That’s because downloading and uploading torrent files normally means exposing your IP address to everyone in the ‘torrent swarm’.
A VPN keeps you safe while torrenting by hiding your IP address behind the IP address of your VPN server. This means that the IP address seen in the torrent swarm, and the one associated with the torrents you download, is the VPN server’s IP address and not your real one.
6. The VPN Traffic Itself From Your ISP
ISPs and WiFi administrators can’t see the details of your browsing activity when you use a VPN, but they can see that a VPN is being used. To do this, they can check the connection’s port number or, most commonly, use a tool known as Deep Packet Inspection.
Deep Packet Inspection (DPI) is an advanced method for analyzing network traffic. It uses sophisticated pattern-matching techniques to classify and categorize the ‘type’ of data being transmitted over the network, and is very effective at identifying normal VPN traffic.
The best VPN services can hide the fact you’re using a VPN from your ISP, government, and WiFi or network administrator. To do this, they use VPN obfuscation.
VPN obfuscation refers to the capacity of a VPN server to disguise your traffic as regular HTTPS traffic. When you use VPN obfuscation, DPI is much worse at detecting and identifying the VPN because your traffic becomes camouflaged amongst normal web traffic.
Here is our DPI analysis of VPN traffic without obfuscation:
Here is our DPI analysis of VPN traffic with obfuscation:
As you can see, our DPI tool was unable to detect VPN traffic when the connection was obfuscated.
A VPN can therefore hide itself from ISPs, governments, employers and WiFi administrators by using obfuscation.
EXPERT ADVICE: Certain apps and websites also block your connection if they detect you are using a VPN. This is common practice for streaming services, airlines and other eCommerce sites.
VPN obfuscation doesn’t usually help you evade these sorts of blocks. That’s because websites don’t typically use DPI to detect VPN users. Instead, they can often tell you’re using a VPN based purely on the VPN server’s IP address.
In this case, the best solution is to use a VPN that works to recycle its IP addresses for use with those platforms. Alternatively, you can use a VPN with a static IP address.