ゆるテックノート

What VPNs protect and what they do not

A VPN is useful for protecting a network path, but it is not a complete security solution. It helps most when you understand what it protects, what it cannot protect, and which settings deserve attention.

What VPNs can protect 🔒

A VPN encrypts traffic between your device and the VPN server, then relays it onward. This is especially useful on networks you do not fully trust.

Common benefits

  • On public Wi-Fi, it makes traffic harder for nearby attackers on the same network to inspect.
  • It changes the IP address visible to destination services to the VPN exit IP.
  • A company VPN gives remote users a protected path into internal systems.
  • It may hide some destination details from local network operators or Wi-Fi providers.

What VPNs do not solve by themselves

VPNs mainly protect the path. They do not automatically protect everything you type into a site or the device itself.

Needs separate protection

  • Phishing pages where you enter your ID and password yourself.
  • Names, email addresses, payment data, and other information you give to the service.
  • Tracking through cookies or logged-in accounts.
  • Malware or risky browser extensions already on the device.
  • How information is handled on sites that do not use HTTPS.

You are trusting the VPN provider

With a VPN, traffic flows through the VPN server. That can reduce what the local network sees, but it means the VPN provider becomes a party you need to trust.

Things to check

  • What connection or usage logs are stored, and for how long.
  • Who operates the service, which jurisdiction applies, and whether audits or transparency reports exist.
  • With free VPNs, consider advertising, data usage, speed limits, and whether the operator is clear.

DNS leaks, WebRTC leaks, and split tunneling

Even while connected to a VPN, some information can escape outside the tunnel depending on settings and app behavior. The related options are summarized in VPN configuration types.

Common points to watch

  • DNS leak: name lookups go to the normal network DNS, leaving clues about destinations.
  • WebRTC leak: browser features may expose local IPs or alternate path information.
  • Split tunneling: only some apps use the VPN. It is convenient, but traffic may bypass the VPN unexpectedly.
  • Kill switch: blocks normal network fallback if the VPN disconnects. Consider it for sensitive use.

Company VPNs and personal VPNs have different goals

The word VPN is used for both, but company VPNs and consumer VPN services are designed for different jobs.

How to think about them

Type Main purpose Note
Company VPN Secure access to internal company systems Follow company policy and logging rules.
Personal VPN Public Wi-Fi protection, path protection, and changing visible IP Check provider trust and app settings.

Takeaway

  • A VPN is a useful protection layer, not complete anonymity or total defense.
  • Use it together with account hygiene, two-factor authentication, OS updates, and phishing awareness.
  • Separate what the VPN protects from what needs other controls.
< SSH port forwarding and VPN differences What are DNS root servers? >