VPN marketing is relentless β "hackers on public Wi-Fi will steal everything!" But the reality is more nuanced. VPNs are useful in specific situations and unnecessary (or even counterproductive) in others.
What a VPN Actually Does
A VPN encrypts traffic between your device and the VPN server, and makes websites see the VPN server's IP address instead of yours. That's it. It does not make you anonymous, does not protect you from viruses or phishing, and does not stop websites tracking you through cookies and fingerprinting.
When a VPN Genuinely Helps
Public Wi-Fi is the main legitimate use case. Coffee shops, airports and hotel networks are on shared infrastructure. A VPN prevents other users on the same network from intercepting your traffic. This matters more if you're accessing work systems or doing banking on public Wi-Fi.
ISP privacy is relevant if you don't want your internet service provider (Telstra, Optus etc.) seeing your browsing history. Australian ISPs are required by law to retain certain metadata for 2 years.
Accessing geo-restricted content (streaming services in other countries) is by far the most popular use.
When a VPN Doesn't Help Much
At home on your own Wi-Fi, a VPN provides minimal security benefit. Most web traffic is already encrypted with HTTPS. The main thing a VPN does at home is shift trust from your ISP to the VPN provider β which may or may not be an improvement.
A VPN does nothing to protect against phishing, malware, weak passwords, data breaches, or social engineering attacks β which cause the vast majority of real-world security incidents.
If You Want a VPN
Mullvad, ProtonVPN and IVPN are well-regarded for privacy. Avoid free VPNs β if the VPN is free, your data is the product. Several "free" VPN services have been caught selling user data or injecting ads.