> but aren’t you just re-routing your connection via the VPN provider’s network?

Yes, you are just doing that.

> Is this inherently better for data privacy? Or are you just choosing to trust somebody else (the VPN provider vs your internet provider) with your data?

You are choosing to trust the VPN provider, and still your internet provider with anything which leaks around the VPN (e.g. if it doesn’t connect quickly or drops out occasionally). The VPN provider may well be in a foreign country with different data/consumer protection laws (better or worse for you), or they might be malicious or incompetent:

– [SuperVPN leaking user details](https://www.techradar.com/news/this-free-vpn-leaked-data-from-millions-of-users-online-find-out-if-youre-affected).
– [DoubleVPN was storing logs of user activity](https://www.techradar.com/news/this-crooked-vpn-service-was-collecting-user-data-the-whole-time).
– [UFO VPN, Fast VPN, FreeVPN, Flash VPN, Secure VPN, Rabbit VPN pledged no logs, but were keeping logs](https://www.pcmag.com/news/7-vpn-services-found-recording-user-logs-despite-no-log-pledge).
– [NordVPN found using Google Analytics user tracking](https://old.reddit.com/r/assholedesign/comments/n1ve6k/spyware_free_nordvpn_collecting_data_from_its/).

Tom Scott on why VPN advertising isn’t very accurate: https://www.youtube.com/watch?v=WVDQEoe6ZWY

That’s not to say they are a *terrible* idea, but they aren’t magic.

No, not really.

VPN services generally are sold as being something that they are not.

All you really doing is masquerading the origin point of your requests on the internet. This is good if you are trying to get around geo-blocking on things like streaming sites, or need to hide illicit activity on the internet like Piracy. The problem is VPN services can’t really advertise themselves this way so they make this smoke and mirrors pitch about protecting your privacy.

There’s an argument to be made if you are out and about at say a coffee shop a VPN can prevent hackers in the vicinity from snooping on your activity, yet the majority of what you do online is encrypted these days anyway so it’s kind-of irrelevant. A hacker could potentially see what websites you are going to, but they couldn’t see what you are doing there.

>I understand why people would want to use a VPN to change their location and access region-specific content.

That’s the primary reason to use a VPN

>I also understand that it is a good way of hiding your activity from your internet provider, but aren’t you just re-routing your connection via the VPN provider’s network?

Correct

>Is this inherently better for data privacy?

No not really

>Or are you just choosing to trust somebody else (the VPN provider vs your internet provider) with your data?

yup, exactly

And can you really trust the VPN provider?

The VPN nodes are located in random datacenter around the world. Most of the nodes are known, there are lists of known VPN nodes being updated all the time.

So what’s to stop a government entity from going into one of those datacenters and inspecting all traffic going in and out of one of those VPN nodes? Who’s to say they aren’t already doing that?

The main purpose of a VPN is to appear as if you are in a different country, and to access content that is available there, but not where you actually are. Think: watching some specific Netflix series, etc.

The second one is to cover your IP address for downloading from illegal sites, or file sharing in networks. Though I wouldn’t rely too much on this, if I was you.

Of course, they can not say that in their ads. That’s why they come up with “data privacy”.

If you don’t know how a VPN works, and what kind of data this covers and more importantly, what it doesn’t, then a VPN is not going to help you with your privacy. It will still let you watch these Netflix series that haven’t been released in your home country, though.

If you roam around a lot – coffee shops, airports, etc – it MIGHT have some value to your privacy if you suspect something is up. Your internet provider has an idea of what you’re doing, but arguably so does that coffee shop and airport as well.

But most of the internet is already encrypted. As an evil ISP employee, I can see that you are visiting Facebook, and downloading large quantities of data. I can infer that this means you’re watching a video. Transmissions are minimal, so you probably are not sending anything, like photos of your own. But that’s the extent. I can’t see what you’re doing, only who with (as a big company like Facebook) and how much. I certainly don’t know who your friends are.

A VPN adds more protection. Now said evil ISP employee (me) knows you are using XX VPN service… and that’s it. And yes, now XX VPN service knows you’re downloading videos from facebook even if I don’t. Etc.

All that said, don’t forget about other security concerns. Your ISP can’t see your friends, but if you’re actually in an airport which has security cameras or just people wandering around, beware someone or something behind you just looking at your screen. No VPN or encryption can protect against that. Software only provides so much protection.

Let’s say you visit 25 different websites today.

Normally, you would trust your Internet Service Provider (ISP), which would know every site you visit. Plus, you kind of trust each of the 25 different websites, but each website only knows that you visited that particular website; they don’t know about the other sites. (Disregarding things like tracking cookies).

With a VPN, you trust your VPN provider, which knows every site you visit. Your ISP knows that you’re talking to your VPN but nothing else. The websites don’t know that you’re requesting a page from them; they see a request from the VPN instead of from you. (Unless you log in using your username or whatever.)

While everything people have said is usually true, there is one situation where using a VPN can be genuinely better than not and that’s security flaws.

Attackers can use what’s called a wifi-pineapple to exploit security flaws. This is a device that connects to wifi (such as at coffee shop), and makes everyone connect through-it. The attacker can then monitor all the traffic going through. Generally they won’t be able to do much. They can see what your ISP sees, but if you’re using HTTPS, not much else. But then there are security flaws. There was one recently with AI chatbots where researchers were able to recover a lot of the chat even when encrypted. Another one that was just announced (Blast-RADIUS) was in RADIUS which is a very old authentication method still used for lots of systems today. It hasn’t been used yet, but it’s also likely to not be fixed anytime soon.

Both of these security flaws (ant a ton of previous ones) could be mitigated by using a VPN. Yes someone who broke into the VPN system could still exploit them, but a hacker with a wifi-pineapple couldn’t.