A virtual private network (VPN) can make a big difference to your online privacy and security. It can help prevent sites from knowing where you are and tracking your online activity. It can protect you from criminals and evade state censorship.

And it can evade the geographical blocks that won’t let you see something funny on YouTube. But can a VPN still be unsafe? Can you really trust a VPN to protect your privacy? Let’s find out.

What a VPN does

A VPN secures and encrypts your online activity so it can’t be intercepted, read or tampered with by third parties, including your own ISP. That means your ISP can’t analyse your network activity and use that information to throttle specific services, and it can’t sell your browsing data to third party organisations.

A VPN also passes your internet traffic through its own network of servers, disguising your real IP address. That’s the address that sites can use to work out where you are in the world and which ISP you use. You may be browsing from a Bolton bedroom, but the site you’re visiting may think you’re connecting from Bulgaria or Burundi.

Some VPNs also enable you to filter traffic. For example we’ve set up a VPN that also includes a proxy server we can use to stop really irritating, age-inappropriate ads being sent to the kids’ tablet.

Why that keeps you safe

Let’s say you want to do some browsing using a public Wi-Fi network. How do you know it’s legitimate, or that its traffic isn’t being intercepted? With a VPN enabled your data is secure from snooping.

VPNs can also help you evade tracking by ad networks and social networks (more of them in a moment). And they can ensure that when you send an important document to somebody else, it can’t fall into the wrong hands. That’s particularly important in parts of the world where there’s really strict political censorship: in some countries online privacy can be quite literally a matter of life and death.

Why you don’t want logs

There’s no point in using a VPN to stop third parties from logging your online activity if your VPN is logging what you do instead, especially if that VPN is located in a country where the courts or security services can demand it hands over user data. Look for a no-logging policy and make sure it means no logging of any kind: a VPN that doesn’t log your activity data but that does log your IP address isn’t operating a no-logging policy.

A related issue is jurisdiction: where a provider is located will dictate what laws it’s subject to and what law enforcement requests it has to honour. Pay particular attention to the “five eyes” countries – the US, the UK, Australia, Canada and New Zealand – who have formed a security alliance to share surveillance data and who seem awfully keen on the idea of finding and sharing backdoors in networks’ security.

A VPN provider with a no-logging policy won’t have any data to hand over, but in five eyes countries in particular you can assume that providers located there may be targeted by the security services. In an ideal world the security services don’t target the wrong people or abuse their powers, but of course this isn’t an ideal world.

What will drive a truck through your VPN’s security

A VPN can only do so much. If you’re downloading software from Dodgy Dave’s Download Dungeon rather than from reputable sources you may well end up with malware that’ll invade the privacy your VPN’s trying to protect; if you log into a bunch of sites using your Facebook or Google account you’re still creating a data trail. Website cookies and email tracking pixels can also identify where you are and what you’re doing.

If data privacy is your key concern, your VPN needs to be part of a wider privacy package that includes really locking down your web browser and any other online apps you use.

Think about the big picture

If you use multiple devices, it’s worth looking at a VPN you can install on your router as well as on individual devices. That’s handy for two reasons: it enables you to protect everything on your home or work network without having to install a VPN client on them all (although remember they’ll need a VPN app if they’re then being used on other networks or on the phone network), and it enables you to protect devices you can’t get a VPN app for.