Appearance
Does a VPN hide everything? An honest inventory
No — a VPN hides exactly two things well: your IP address from the sites you visit, and your destinations from your ISP and local network. Everything else in the marketing gets an asterisk, and the trust you took from your ISP lands on the provider instead. A VPN is genuinely useful because those two things matter, but relying on it for what it doesn't do is how people get surprised. Here's the full inventory, verifiable pieces first.
Maintained by the ipconfig.io team · Reviewed 1 July 2026
What it hides — verify, don't trust
bash
curl ipconfig.io/jsonConnected, the ip, country, city and asn_org fields should all belong to the VPN server — that's the site-facing half of the promise, and the leak test verifies it holds on IPv4 and IPv6. The ISP-facing half you can't see directly, but it follows from the tunnel: your ISP's view collapses from every domain you visit to "an encrypted stream to one VPN server."
The honest table
| A VPN hides | A VPN does not hide |
|---|---|
| Your real IP (and its location/ISP) from sites | Who you are once you log in — the account is the identifier |
| Your destinations from your ISP and local network | Cookies and tracking that already know your browser |
| Your traffic content from networks on the path | Your browser fingerprint — fonts, canvas, screen, timezone |
| Your identity from casual per-IP correlation | Payment details, shipping addresses, phone numbers you enter |
| Malware, phishing, scams — a tunnel isn't an antivirus | |
| Your activity from the VPN provider itself |
The pattern in the right column: a VPN swaps your network identity. Your browser identity (cookies, fingerprint) and account identity (logins, payments) travel with you across any IP — which is exactly how tracking survives an address change.
Where the trust goes
The tunnel doesn't delete the privileged observer; it relocates the role. Your VPN provider now sees destinations, timing and volume for everything you do — the view your ISP had. Three questions decide whether that's an upgrade: does the provider log (a no-logs policy), has anyone checked (independent audits), and where can it be compelled (jurisdiction). An audited no-logs provider in a strong jurisdiction is a real improvement over a default ISP; an unaudited free VPN is frequently a downgrade wearing a privacy costume — if the product is free and expensive to run, your traffic is the revenue.
Two operational caveats complete the honesty: the promise only holds while the tunnel does (test the kill switch), and only if nothing routes around it (DNS and WebRTC are the classic bypasses).
So what's it actually for?
Precisely the two things it does well: not showing your real IP to every server you touch, and not showing your browsing metadata to your ISP or the coffee-shop Wi-Fi. If your goal is broader — not being tracked across the web, or true anonymity — a VPN is one layer, combined with browser-side defenses (cookie hygiene, fingerprint-resistant browsers) or Tor for the strong version.
Frequently asked questions
Does a VPN hide everything? No — your IP from sites and your destinations from your ISP, done well. Logins, cookies, fingerprints, malware and provider-side visibility are all outside the tunnel.
Can I still be tracked on a VPN? Yes: accounts, cookies and fingerprints identify you across IP changes.
Does the provider see my traffic? Destinations, timing and volume — the ISP's old view. Audited no-logs is what makes that acceptable.
Is it still worth it? For its two real jobs, yes — provided you verify the tunnel actually covers you.
Next steps
- Check if your VPN is leaking — verify the half of the promise you can see.
- Tor vs VPN — when you need anonymity rather than privacy.
- Can websites track you by IP? — why the address is only one identifier among several.