VPNs aren't invincible—5 things a VPN can't protect you from

VPN on laptop screen
(Image credit: Shutterstock)

It's happened to all of us. While watching a YouTube video or listening to an episode of your favorite podcast, a voice interrupts your show to tell you that a VPN service can solve all of your online privacy problems within a couple of clicks. Well, the truth is way more complex than that.

A VPN certainly works well if you want to boost your anonymity. It's security software able to protect you from some digital threats, in fact. For instance, it masks your virtual location so third parties cannot trace back from where you connected to the web. It even conceals your browsing habits and downloads by encrypting the data leaving your device. Nonetheless, not even the very best providers make you totally invisible online.

To stay safe online and keep harm at bay, it's truly important to be fully aware of the risks you're exposed to every time you access the internet or use an online service. There's no bigger threat than believing you're protected when you are not. Below, I look at five threats a VPN cannot hide you from—and what you should do instead. 

What is a VPN?

For starters, let's clarify what a VPN is and does

Short for virtual private network, a VPN is security software that encrypts all your internet traffic. It does so by creating a secure tunnel that your data passes through on its way to the site you want to visit—and this is where it's encrypted. This means that cyber attackers cannot compromise your connection when you use unsecured public Wi-Fi, and that your ISP won't see what you do online.

Did you know?

The IP address is like your home address for the internet. It's then a unique identifier assigned to you by your internet service provider (ISP). A VPN spoofs this original IP address with one that belongs to a VPN server.

At the same time, a VPN spoofs your location by hiding your real IP address. This enables you to appear in a completely different part of the world. That's because every time you connect to a VPN server—and the very best apps boast a huge list of international locations—it assigns a new IP address to your device. 

That's beneficial for your privacy as web tracking gets reduced, but it also allows you to access otherwise geo-restricted content, like local Netflix libraries. This is exactly why so many people use a streaming VPN to access censored sites and services.

NordVPN is currently at the top of our best VPN charts. Besides strong security features and great unblocking, I especially like that Nord offers additional protection that goes beyond most VPN capabilities—more on this below.

An illustration of a laptop screen running a VPN service, accompanied by images of a padlock, globe, and a man using a tablet.

(Image credit: Getty Images)

1. Social media leaks

While we're trying hard to hide our digital footprints, we're also happy to give away a piece of our privacy for a social media post. Social media platforms are an easy way to gather someone's personal information—law enforcement does it and, as you'd expect, hackers get in on the action, too.

While a secure VPN protects your identity, it cannot hide the personal information you voluntarily share on your social media account. This includes your name, email address, and phone number, but also the likes, shares, and posts you make.

Before posting a video or picture, you should always make sure that sensitive data (your home address, for instance) isn't visible. I also recommend revising your account's privacy settings to minimize the data you share with others.

2. Phishing attacks

Phishing is a form of online scam where bad actors use emails, text messages, and even phone calls to access your sensitive personal data. They may do so by tricking you into revealing your bank account details to commit financial fraud. Another way to do this is by making you click on a malicious link that'll infect your device with malware or viruses.

A VPN can deter a hacker from trying to intercept your internet traffic, but it cannot prevent you from landing on a scam website yourself or sharing your personal details with someone on the web.

Also, thanks to AI-powered tools, attackers can craft increasingly convincing messages at high speed. This means phishing attacks will keep happening in the future. The good news is that, despite how well-made the messages are, you can always spot a scam. As a rule of thumb, if something is too good to be true it generally is—so, beware of grand promises. I also recommend controlling senders' email addresses as attackers tend to use more general emails instead of, for example, a corporate one. Watch out for telltale spelling mistakes and other grammatical inaccuracies.

3. Malware and virus infections

Phishing isn't the only way attackers try to compromise the security of your devices. Malware and viruses are often hidden in websites and online ads, ready to make their way into your operating system and run riot. Again, a VPN usually cannot help you here. 

There are, however, some VPN services that offer malware-blocking tools. For instance, NordVPN's Threat Protection automatically prevents you from accessing dangerous websites while checking your downloads to ensure they are safe. Some other providers, including ExpressVPN and Private Internet Access, are equipped with similar advanced protections.

However, as TechRadar Security specialist Mike Williams explains: "[NordVPN] Threat Protection is a long way from being a full antivirus. It doesn't monitor processes for suspect behavior, for instance, so it's unlikely to catch the very latest threats." That's why I recommend combining your VPN's malware-blocker tool with reliable antivirus software for full protection.

Magnifying glass enlarging the word 'malware' in computer machine code

(Image credit: Shutterstock)

4. Tracking cookies

The most common type of web tracker, tracking cookies are tiny snippets of code that get stored on your browser once you access a website. Some cookies are essential to customizing your digital profile—your billing address and payment method on e-commerce platforms, for example—but others can be way more intrusive and spy on your online activities even after leaving the website.

While a VPN keeps you more anonymous online, preventing some forms of tracking, it only works at a network level. Tracking cookies, though, are stored directly on your web browser. Hence, VPNs aren't much of a help against such trackers.

To mitigate the risks, I recommend clearing the internet cookies on your devices on a regular basis. You'll lose some convenience, as it logs you out from your personal accounts, but you'll win on privacy. 

5. Online accounts digital trail

Similar to your interactions on social media platforms, a VPN cannot completely prevent your identity and activities from being tracked. This means that, for instance, Google will always know your search history if you're signed in to your account—no matter if you have your VPN turned on in the background.

As a rule of thumb, you should log out from your accounts when conducting sensitive activities. Remember, switching to the Incognito mode isn't a real solution as your online activities will be recorded anyway every time you log into your accounts. Worse still, Google was even found to have stored your incognito browsing data for years.

I also recommend switching away from Big Tech products as much as possible. For instance, you can opt for a more private and secure browser instead. There are also alternative email providers, like Proton Mail and Tutanota, which encrypt your communications while promising never to log your sensitive data. 

Bottom line

As we have seen, VPNs are not a magic wand that'll magic away cyber threats and danger. Nonetheless, this software still protects you from a great deal of risks and strongly enhances your digital posture—so, all in all, VPNs are still vital pieces of security equipment.

If you're looking to get one for yourself, remember that not all VPNs are made equal. I suggest finding one that offers some advanced security protections. These include a strict no-log policy (a guarantee the provider will never record your activities), a reliable kill switch, and strong encryption. Look out for a trustworthy provider that regularly backs up its privacy claims with thorough independent VPN audits, too. 

Chiara Castro
Senior Staff Writer

Chiara is a multimedia journalist committed to covering stories to help promote the rights and denounce the abuses of the digital side of life—wherever cybersecurity, markets and politics tangle up. She mainly writes news, interviews and analysis on data privacy, online censorship, digital rights, cybercrime, and security software, with a special focus on VPNs, for TechRadar Pro, TechRadar and Tom’s Guide. Got a story, tip-off or something tech-interesting to say? Reach out to chiara.castro@futurenet.com