Part of that confusion comes from marketing. VPN companies love selling the fantasy that downloading one app suddenly makes you anonymous. On the other side, headlines about surveillance programs, intelligence agencies, leaked documents, and governments "watching everything" have convinced people that every click they make online is being monitored in real time.
Neither extreme reflects reality.
The truth is far more nuanced, and honestly, far more interesting.
Most people use the internet every day without understanding what actually happens when they open a browser, connect to public Wi-Fi, send a message, upload a file, log into an app, or simply search for something online. Your data moves through multiple layers of infrastructure before it reaches its destination. Along that path, internet providers, advertisers, platforms, app developers, cloud providers, and sometimes governments can all have visibility into different pieces of information depending on how you browse, what services you use, and what country you live in.
After spending years working in offensive security, I've learned something that most privacy conversations completely miss: people often worry about the most dramatic threats while ignoring the very real, very common security failures happening every day. They worry about intelligence agencies while reusing passwords across multiple platforms. They worry about surveillance while downloading random apps that request excessive permissions. They worry about government tracking while trusting companies that can barely secure their own infrastructure.
The internet has a surveillance problem. It also has a software security problem. And those two things are becoming increasingly connected.
What actually happens when you visit a website
When you open your laptop and visit a website, your request usually follows a simple path:
Your device - your router - your internet service provider - internet infrastructure - website server
That entire process happens in milliseconds, which is why most people never think about it.
Your internet provider sits in a very powerful position in this chain because it acts as the bridge between your home and the wider internet. Providers like Telefonica, Comcast, or Verizon can often see metadata such as when you connect, how long your sessions last, how much data you consume, and in many cases where your traffic is going.
Thanks to HTTPS encryption, they usually cannot read the actual content of your messages, passwords, or what you type inside encrypted websites. But metadata is far more revealing than people think. Repeated visits to certain platforms, specific usage patterns, geographic behavior, and recurring connections can tell a very detailed story about your life.
That's where many people begin looking into VPNs.
What a VPN tunnel actually means
Think of your normal internet traffic like driving on a public highway with transparent windows. Your ISP can see where your car is going, which exits you take, how often you travel, and sometimes more than you'd be comfortable with.
A VPN creates a private tunnel on that highway.
Instead of your traffic being openly visible as it travels toward websites, your data gets wrapped in an encrypted layer before it leaves your device. That encrypted traffic then travels directly to the VPN provider's server.
Your ISP can still see that your car entered a tunnel. They can see when you entered. They can see when you exited. They can see how much traffic moved through that tunnel. What they typically cannot see is everything happening inside that tunnel or which exact websites you visited while you were using it.
Once your traffic reaches the VPN server, it exits that tunnel and continues toward the final website or app you're using. That means your trust shifts. Instead of your ISP seeing more of your browsing activity, the VPN provider becomes the intermediary routing that traffic. That's why choosing a trustworthy provider matters so much.
Where a VPN actually enters the picture
Without a VPN: You - ISP - Website
With a VPN: You - ISP - VPN provider - Website
Your ISP can still see that you're connected to a VPN provider, how long the connection lasts, and roughly how much bandwidth you're using. What changes is that they typically lose visibility into the exact websites you're visiting through that encrypted tunnel. The websites you visit usually see the VPN server's IP address instead of your home IP address.
This is where many people misunderstand privacy. Privacy is not about hiding all the time. It's about understanding when privacy matters and when it doesn't.
Using a VPN on hotel Wi-Fi, airport networks, coffee shops, conferences, shared coworking spaces, or while traveling internationally makes complete sense. Those are environments you often shouldn't fully trust. Using one when you want to reduce how much visibility your ISP has into your browsing activity can also make sense.
But if you're logged into your Google account all day, scrolling social platforms, shopping with your personal credit card, and logging into services directly tied to your identity, a VPN doesn't magically make you anonymous. Those companies already know who you are because you're voluntarily authenticating into their ecosystems.
The real skill is understanding when privacy tools solve a real problem and when people are simply adding friction because marketing convinced them they need maximum anonymity to browse YouTube.
Why we've personally used Proton for years
We've personally used Proton for years, long before any partnership existed, and one thing that consistently stood out was how polished the product feels.
A lot of privacy tools feel like they were built for engineers who enjoy confusing interfaces and outdated dashboards. Proton feels modern. Their UI and product design are clean, intuitive, and simple enough that you actually enjoy using the tools. That sounds minor until you've spent years testing cybersecurity products that feel painful to use.
Speed also matters far more than privacy communities like to admit. A VPN becomes useless if it slows your connection enough that you eventually disable it. Proton has consistently been fast enough for streaming, work calls, large downloads, travel, and daily browsing without constantly reminding you it's active.
From a privacy perspective, Proton publicly states that it follows a strict no-logs policy. They say they do not store browsing activity, connection timestamps, session duration, original IP addresses, or DNS activity that could identify what users are doing online. Their apps are open source, they've undergone independent audits, and they offer features like Secure Core routing, Kill Switch protection, NetShield ad and tracker blocking, leak protection, and support for modern protocols like WireGuard and OpenVPN.
They're also based in Switzerland, which is one reason privacy-focused users often look at them. That doesn't make them perfect. It means they've built more transparency than most companies in this space.
Why people talk about Five Eyes
The term "Five Eyes" constantly appears in privacy discussions. It refers to an intelligence-sharing alliance between the United States, United Kingdom, Canada, Australia, and New Zealand.
Public awareness around these surveillance concerns grew significantly after Edward Snowden exposed programs connected to agencies like the NSA and GCHQ. Those leaks revealed mass metadata collection programs, infrastructure interception, intelligence-sharing systems, and efforts targeting encryption systems. For many people, that was the first time they realized how much surveillance infrastructure already existed behind the internet they used daily.
Governments in many countries can legally compel companies to provide user data through warrants, subpoenas, lawful access requests, and court orders. Jurisdiction matters because where a company operates often determines what legal obligations it may face. That's one reason companies based in places like Switzerland often attract privacy-conscious users.
The bigger problem nobody talks about: insecure software is everywhere
After spending years working in offensive security, this is where things get far more concerning.
People spend endless time worrying about advanced surveillance operations while using products built by companies with terrible security practices.
I've seen production databases storing sensitive customer information in plain text. I've seen admin dashboards accidentally exposed to the public internet. I've seen developers hardcode credentials directly into production applications. I've seen cloud storage buckets full of private files left open. I've seen organizations delay obvious security fixes because product deadlines mattered more than protecting users.
And now there's a new layer to this problem. AI is dramatically reducing the time it takes attackers to identify weak systems. Developers already made mistakes before AI entered the picture, but now attackers can move faster when looking for insecure code patterns, exposed secrets, vulnerable APIs, forgotten endpoints, leaked credentials, and potential backdoors. What used to require significant manual effort can now be accelerated, which means weak systems are becoming easier to discover and abuse at scale.
Sometimes your biggest privacy risk is not a government surveillance program. Sometimes it's a startup storing your personal files in an exposed cloud bucket. Sometimes it's a fintech app with terrible backend security. Sometimes it's a healthcare company treating security as an afterthought. That reality is far more common than people think.
What actually improves your privacy
Real privacy improvements are usually far less exciting than marketing campaigns make them seem. Most people don't need extreme anonymity tools. They need better digital habits.
Using strong unique passwords dramatically reduces your risk. A password manager helps eliminate credential reuse. Multi-factor authentication stops a huge percentage of common attacks before they escalate. Using encrypted messaging platforms like Signal reduces unnecessary exposure. Being selective about what apps you install matters far more than most people realize.
And most importantly, understanding your own behavior matters. You do not need to hide everything. You need to understand what deserves privacy.
Use a VPN when you're on networks you don't trust. Use one when you travel. Use one when you want to reduce unnecessary ISP visibility. Don't assume it magically solves every privacy issue in your life.
Privacy should be intentional. Not performative.
Final thoughts
Perfect privacy online does not exist. But reducing unnecessary exposure is very realistic.
Understanding how your data moves, where software fails, when privacy tools actually help, and when they don't puts you in a far stronger position than fear-driven marketing ever will.
There are plenty of VPN providers on the market that may offer similar features and protections. We recommend the services we mention because we've personally used them for years and genuinely trust them. More recently, we partnered with them because we already enjoyed their products long before any business relationship existed, they've maintained a strong reputation without major incidents, and they remain one of the better alternatives available today.
Disclosure: Some links in this article are affiliate links, which means we may earn a commission if you purchase through them at no additional cost to you. We only recommend products we've personally used for years and genuinely trust. It helps support this project while allowing us to keep creating honest content like this.
