7 VPN Myths That Won't Die

Most VPN myths started life as a half-truth that got compressed into a slogan. The slogan stuck; the nuance didn't. Some of the resulting beliefs are too optimistic, treating a VPN as a universal cloak of invisibility. Others are too cynical, treating the whole category as marketing fluff. Both extremes get in the way of using the tool well.

This post walks through seven of the most stubborn VPN myths and what's actually going on underneath. The goal isn't to sell you on a worldview. It's to give you a clear-enough mental model that the next privacy claim you read, ours included, has somewhere honest to land. If you want a refresher on the basics first, see what is a VPN.

Myth 1: A VPN makes you anonymous

The myth: Turn on a VPN, vanish from the internet.

The reality: A VPN encrypts the network path between your device and a server you've chosen, then forwards your traffic from that server's IP address. That's a real and useful change. Your internet provider stops seeing the domains you visit. Sites stop seeing your home IP. On a coffee shop network, the person sniffing the air stops seeing anything legible.

What a VPN does not do is rewrite the rest of your digital identity. If you sign into Gmail, Google knows it's you. If you log into your bank, your bank knows it's you. Browsers can still be fingerprinted — the combination of your screen size, fonts, time zone, and hardware quirks is often unique enough to identify a returning visitor without a single cookie. Apps embed analytics SDKs that report device-level identifiers regardless of which IP the packets come from. And every payment you make carries your real name through the card network.

A VPN is a network-layer tool. Anonymity, in the strong sense, is a behavioral and account-level problem. Use the VPN to control what the network sees. Use separate accounts, browser hygiene, and payment care to control what services see. The two layers don't substitute for each other.

Myth 2: Free VPNs are fine

The myth: Privacy is privacy. Why pay?

The reality: Servers, bandwidth, engineers, and abuse handling all cost money. If you're not paying, the cost is being recovered somewhere else — and the obvious candidate is the traffic flowing through the service. That's not paranoia; it's documented. Multiple free VPN providers have been caught logging browsing activity, injecting ads, selling aggregated user data to brokers, or quietly turning subscribers' devices into exit nodes for other people's traffic.

There are a few defensible free tiers — usually run by paid providers as a limited preview, with the same infrastructure and the same log policy. Those aren't the ones to worry about. The category to be cautious of is the standalone “free forever” app with no obvious revenue model and a permissions list that asks for more than a VPN needs.

For a tech reader: the threat model with sketchy free VPNs isn't just data sale. It's that you've routed your entire device's traffic through a server operated by someone whose incentives you don't understand. TLS protects the contents of HTTPS sessions, but the metadata (which servers you connect to, when, how often, from where) is exactly what an ad-tech buyer wants. A privacy product whose business model depends on watching you isn't a privacy product. It's a different kind of surveillance dressed up as protection.

Myth 3: All paid VPNs are equal

The myth: You're paying, so privacy is handled.

The reality: Paying eliminates the worst incentive problem, but it doesn't normalize the rest. Paid VPNs differ on four axes that actually matter.

Account model. Some providers require an email and password. Some let you pay with a card linked to your real name. Others — including Snap VPN — bind the subscription to your platform account (Apple ID, in our case) and never collect an email or create a user identifier on our side. The less identity material a provider holds, the less there is to leak, subpoena, or correlate.

Jurisdiction. Where the company is incorporated, where the servers physically sit, and which legal-assistance treaties apply all shape what can be compelled and under what process.

Log policy. “No logs” means different things to different providers. The serious version specifies what is and isn't recorded — connection timestamps, source IP, bandwidth counters, DNS queries — and ideally backs it up with an audit. See VPN no logs.

Architecture. A provider that runs every connection through a small, central, multi-tenant choke point has more aggregation risk than one that issues per-device configurations and minimizes what any single server knows about any single user.

Read each of those four before treating a price tag as a privacy guarantee.

Myth 4: A VPN dramatically slows your internet

The myth: Turn on a VPN, cut your speed in half.

The reality: Slowdown exists, but the size of it depends almost entirely on the protocol you're using and how far away the server is. Older protocols like OpenVPN carry meaningful per-packet overhead and lean hard on a single CPU core, which is where the “halves your speed” reputation comes from. On a modern phone running WireGuard against a nearby server, the cost is usually in the 5–15% range for throughput, and the latency hit is a handful of milliseconds.

For a tech reader: WireGuard's advantages are mostly structural. The handshake is short, the crypto is fixed (no negotiation overhead), the kernel-side implementations are tight, and the codebase is small enough to actually reason about. It's also stateless in a way that makes roaming between networks cheap. Snap VPN uses WireGuard by design — not because it's trendy, but because the performance profile is the one most users would actually choose if they understood the tradeoffs. For the deeper comparison, see WireGuard vs OpenVPN.

What still hurts speed: picking a server on a different continent, routing through a congested data center, or relying on a provider that oversubscribes hardware to keep margins up. None of those are intrinsic to VPNs. They're choices.

Myth 5: “No logs” is just marketing

The myth: Every VPN claims it doesn't log. They're all lying.

The reality: Some of them have been. Some of them, when court-ordered to produce records, have produced nothing because there was nothing to produce. Both have happened publicly. Treating the entire category as dishonest is as wrong as taking every claim at face value.

What separates a credible “no logs” claim from a marketing line is whether the claim is verifiable. Three things make it so. First, the policy says specifically what is and isn't retained, not just the word “logs.” Second, the policy is specific enough that an independent reviewer could verify it against the implementation. Third, the architecture makes it hard to log even if someone wanted to: minimal data collection at the edge, no user-identifier-to-traffic linkage in the database, and short retention windows on operational data.

For a tech reader: the architectural piece is the one that's easiest to evaluate from outside. If the provider's account system requires no email, no personal identifier, and stores no record linking a subscription to a session, the surface area for meaningful logging shrinks dramatically — there's simply less to write down. That's the model we run. See anonymous VPN no email.

A blanket “they're all lying” stance is convenient but lazy. Read the specifics.

Myth 6: You need a VPN 24/7

The myth: Turn it off for a minute and you're exposed.

The reality: It depends entirely on what you're protecting against. Always-on is a reasonable default if your priority is keeping your real IP and ISP-visible browsing pattern off the record across every session. It's also reasonable on devices that move between networks you don't fully trust — see public Wi-Fi risks.

But the doom framing — “you're naked without a VPN” — overstates the day-to-day risk for someone on a trusted home network browsing HTTPS sites. The padlock in your browser already means the contents of those sessions are encrypted end-to-end. Your ISP sees which domains you visit; it doesn't see what you do on them. That's a privacy concern worth caring about, but it isn't an emergency.

For a tech reader: the threat model that genuinely benefits from always-on is metadata aggregation — the long-term profile your ISP, mobile carrier, or coffee-shop network can assemble by watching which domains you hit and when. Encrypted DNS helps. A VPN helps more, because it hides both the queries and the destinations behind a single endpoint. But “helps more” isn't “you'll be hacked without it.” Make the call based on which adversary you actually care about, not the loudest framing in the room.

Myth 7: A VPN ends all tracking

The myth: VPN on, trackers off.

The reality: A VPN changes your IP address. That's the layer it operates on. Almost every meaningful form of online tracking operates on layers above it.

Cookies persist in your browser regardless of which IP they were set from. If you're logged into a site, that login is the tracker — your IP is incidental. Browser fingerprinting uses signals that don't change when your network does: fonts, canvas-rendering quirks, time zone, language, screen resolution, the precise version of every plugin. App SDKs report device-level identifiers (or stable surrogates) straight from inside the app, regardless of network routing. And cross-site identity graphs are mostly stitched together from logged-in sessions and email addresses, not IPs.

For a tech reader: the practical upshot is that a VPN is one layer of a three-layer privacy stack. The network layer (VPN, encrypted DNS), the browser layer (tracker blocking, fingerprint reduction, container/isolation features, careful login hygiene), and the account layer (separate identities for separate purposes, minimal data shared with services). Skip any of them and the other two leak. Use all three and the picture meaningfully improves — the iPhone privacy checklist walks through the device-side pieces.

A VPN that promises to “stop all tracking” is overselling. A VPN that quietly does its job at the network layer, doesn't pretend to do more, and doesn't undermine the other layers by collecting your identity itself — that's the useful version.

Bottom line

A VPN is a focused tool, not a force field. It controls what the network sees. It doesn't control what services, browsers, or apps see — those are different layers of the problem, with different fixes. The honest pitch is: use a VPN that's clear about what it does, runs on a protocol that doesn't punish your battery, and doesn't ask for identity material it doesn't need.

Most of the persistent VPN myths come from collapsing those layers together. Separate them and the decisions get easier.

A note on Snap VPN

Snap VPN is built around the model implied by the answers above. WireGuard for performance. iOS-native, with macOS coming. No email signup. No traffic logs. No user identifiers tied to a real person. Subscription via your Apple ID, so the account material that does exist sits with Apple, not with us. It won't make you anonymous on its own — nothing can — but it won't quietly become part of the problem either. That's the bar we try to hold. If you're ready to set it up, the VPN on iPhone guide walks through the steps.