Skip to content

Does a VPN hide everything? An honest inventory

No — a VPN hides exactly two things well: your IP address from the sites you visit, and your destinations from your ISP and local network. Everything else in the marketing gets an asterisk, and the trust you took from your ISP lands on the provider instead. A VPN is genuinely useful because those two things matter, but relying on it for what it doesn't do is how people get surprised. Here's the full inventory, verifiable pieces first.

Maintained by the ipconfig.io team · Reviewed 1 July 2026

What it hides — verify, don't trust

bash
curl ipconfig.io/json

Connected, the ip, country, city and asn_org fields should all belong to the VPN server — that's the site-facing half of the promise, and the leak test verifies it holds on IPv4 and IPv6. The ISP-facing half you can't see directly, but it follows from the tunnel: your ISP's view collapses from every domain you visit to "an encrypted stream to one VPN server."

The honest table

A VPN hidesA VPN does not hide
Your real IP (and its location/ISP) from sitesWho you are once you log in — the account is the identifier
Your destinations from your ISP and local networkCookies and tracking that already know your browser
Your traffic content from networks on the pathYour browser fingerprint — fonts, canvas, screen, timezone
Your identity from casual per-IP correlationPayment details, shipping addresses, phone numbers you enter
Malware, phishing, scams — a tunnel isn't an antivirus
Your activity from the VPN provider itself

The pattern in the right column: a VPN swaps your network identity. Your browser identity (cookies, fingerprint) and account identity (logins, payments) travel with you across any IP — which is exactly how tracking survives an address change.

Where the trust goes

The tunnel doesn't delete the privileged observer; it relocates the role. Your VPN provider now sees destinations, timing and volume for everything you do — the view your ISP had. Three questions decide whether that's an upgrade: does the provider log (a no-logs policy), has anyone checked (independent audits), and where can it be compelled (jurisdiction). An audited no-logs provider in a strong jurisdiction is a real improvement over a default ISP; an unaudited free VPN is frequently a downgrade wearing a privacy costume — if the product is free and expensive to run, your traffic is the revenue.

Two operational caveats complete the honesty: the promise only holds while the tunnel does (test the kill switch), and only if nothing routes around it (DNS and WebRTC are the classic bypasses).

So what's it actually for?

Precisely the two things it does well: not showing your real IP to every server you touch, and not showing your browsing metadata to your ISP or the coffee-shop Wi-Fi. If your goal is broader — not being tracked across the web, or true anonymity — a VPN is one layer, combined with browser-side defenses (cookie hygiene, fingerprint-resistant browsers) or Tor for the strong version.

Frequently asked questions

Does a VPN hide everything? No — your IP from sites and your destinations from your ISP, done well. Logins, cookies, fingerprints, malware and provider-side visibility are all outside the tunnel.

Can I still be tracked on a VPN? Yes: accounts, cookies and fingerprints identify you across IP changes.

Does the provider see my traffic? Destinations, timing and volume — the ISP's old view. Audited no-logs is what makes that acceptable.

Is it still worth it? For its two real jobs, yes — provided you verify the tunnel actually covers you.

Next steps

Geolocation by MaxMind GeoLite2. No tracking, no keys.