I haven’t posted about VPNs for a long time (the first and last time was in May 2023, in this post (https://onlinesafety.substack.com/p/you-should-use-a-vpn). But a recent article (https://cybernews.com/security/ai-chat-vpn-extension-spying/) about a “free VPN Chrome extension” that was actually malicious software impacted 8M people’s privacy, reminding me that it’s a topic worth addressing again.

In this case, the extension Urban VPN Proxy, which had a 4.7-star rating on the Chrome Store and millions of users, was found by researchers to contain code that intercepted and exfiltrated conversations across all major AI platforms. Another way to say that is this extension was stealing users’ data. Obviously, this defeats the purpose of a VPN, and why the cardinal rule of VPNs is: NEVER USE A FREE VPN!

What is the purpose of a VPN?

There are really three reasons why people use VPNs.

Security protection. Because VPNs encrypt your Internet traffic on your device before it leaves, you gain security protections against monitoring on the network your device is on (cell phone or WiFi). Privacy protection. Since VPNs route your traffic through their servers first, this prevents websites you visit from knowing your IP address and location, and prevents your Internet Service Provider from tracking which websites you visit. Location obsfucation. Because your traffic is routed through the VPN servers, the websites you are visiting think you are coming from the VPN. Some VPN companies let you choose where a server is located (i.e., select a location), so you can deliberately set your location to appear to be somewhere else. This is commonly used to circumvent location restrictions imposed by websites and Internet services (e.g., Netflix) or by government censorship (e.g., in China). VPN adoption drastically increases in countries where censorship increases (https://www.techradar.com/vpn/vpn-privacy-security/119-countries-saw-vpn-usage-soar-in-2024-during-times-of-political-crisis)

How do VPNs work?

VPNs are complex systems that cost money to operate, but conceptually, how they work is simple. There are two parts: VPN software on your device, and VPN servers.

VPN Software. This is usually an application. What this software does is encrypt the Internet traffic leaving your device and sends it to the VPN server. VPN Server. The VPN server receives your traffic, decrypts it, and routes it to the intended destination.

What are the downsides of using a VPN?

Speed. Because VPNs add additional steps in the routing of your traffic and decryption, they can slow down your Internet connection. User experience. VPNs are not always the smoothest experience. Sometimes VPNs stop working and need to be restarted. Although relatively simple to install, they can sometimes have confusing settings.

Should you use a VPN?

Yes, a VPN is a good tool that makes sense for most people, provided you have the disposable income to pay for one, because they provide strong security and privacy benefits. VPNs offer another layer of privacy and protection for your Internet traffic from anyone lurking on the network (e.g., public WiFi or your ISP) or from the destination of your traffic. VPNs protect you from being analyzed by your network traffic.

Of course, the VPN knows what you are doing, which is why it’s absolutely essential that you trust the VPN provider you are using. This is why we say it’s so critical to pay for a VPN. VPNs cost money to operate, so if it’s offered for free, they are monetizing in some way — and remember, if it’s free, you’re the product.

How to use a VPN

The safest option with the most benefits is to use a VPN on all your devices, all the time. However, not everyone will find this tenable, and may experience user experience or speed issues. At a minimum, you should use a VPN when connecting to any WiFi that isn’t your home network, and ideally on your cell phone when connecting to your cell phone service. You should also update your DNS settings to improve your privacy at home (see my post for more details). Your DNS settings are exposing your privacy: the hidden danger of default DNS settings and how to protect yourself Tate Jarrow · September 10, 2025 Read full story

How to choose a VPN.

Trust the provider. Choose a VPN company that is based in a country that you trust to maintain the rule of law and where a company can be held accountable (aka sued) if it misuses data or fails to follow up on customer promises. Don’t use VPNs from countries with undue influence over companies (e.g., China and Russia). Do research and read reviews. Many reviews compare VPNs available. Here are two good guides: Tom’s Guide, NY Times Wirecutter. Use VPNs from established companies that have been around for a long time. Pay for your VPN. A reminder — never use a free VPN. If it comes as part of a paid bundle, that’s okay. But a standalone free VPN is a HUGE RISK. No Logs! Ensure that the VPN you get does not keep logs of your Internet traffic. If they are keeping records of your Internet traffic, then a VPN defeats its purpose! Look at their privacy policy to see how they log data.

What I use and some safe options.

I use Mullvad. They are based in Sweden, which has strong privacy laws, and have a reliable track record. I also like their feature set.

Here are some other popular options that are safe to use. Check out reviews (linked above) for more options.

NordVPN ProtonVPN - Note: they have a free tier, but that’s a strategy to get people to convert and buy — it’s not ONLY free, so it’s okay.

Stay Safe!

Tate