Many internet users believe a VPN makes them anonymous and protects all their data. This is a widespread misconception. A VPN is useful in certain contexts, but it doesn't replace end-to-end encryption. Here's why, and how to intelligently combine both approaches.
What Is a VPN?
A VPN (Virtual Private Network) creates an encrypted tunnel between your device and a VPN server. All your internet traffic passes through this tunnel before reaching its destination.
What it does:
- Hides your real IP address (websites see the VPN server's IP, not yours)
- Encrypts traffic between your device and the VPN server
- Bypasses geographical restrictions (access to content blocked in your country)
What it doesn't do:
- Protect your data on the destination server (your data arrives in plain text at Google, Facebook, etc.)
- Make you truly anonymous (the VPN provider sees all your traffic)
- Protect against trackers and cookies
- Encrypt the content of your communications (only the transport)
What Is End-to-End Encryption?
End-to-end encryption protects the content of your data, not just the transport. Your data is encrypted on your device and only decrypted on the recipient's device.
What it does:
- Makes your data unreadable to any intermediary (including the service provider)
- Protects against server-side espionage
- Ensures that even a legal seizure cannot expose your data
What it doesn't do:
- Hide that you're communicating with someone (metadata remains visible)
- Protect your online identity (your IP is still visible)
The Illustrated Comparison
Imagine a letter in an envelope:
- VPN: you take an armored car to transport the letter. No one can intercept the car en route, but once it arrives, the letter is opened normally.
- End-to-end encryption: you write the letter in a secret code. Even if someone intercepts the letter, they can't read it. The letter can travel by any means.
Both approaches are complementary, not interchangeable.
When to Use a VPN?
Public networks: on airport, café, or hotel WiFi, a VPN encrypts your connection and protects against man-in-the-middle attacks.
Geographic bypassing: accessing content available in other countries (streaming services, blocked sites).
Privacy from your ISP: your internet service provider can see all your visited sites. A VPN hides this, but shifts it to the VPN provider.
Journalists and activists: in countries with internet surveillance, a VPN can help hide certain activities.
Important VPN Limitations
Trust in the VPN provider: you shift trust from your ISP to your VPN provider. If your VPN logs your activities and sells or hands them over to authorities, you're not protected. Choose VPNs with a verified "no-log" policy, independently audited.
Partial protection: a VPN doesn't protect against web trackers (cookies, fingerprinting), your own mistakes (logging into a Google account), or malware.
Speed: a VPN slows your connection because your traffic passes through an additional server.
The Winning Combination
For maximum protection of your sensitive communications, combine:
- A VPN to protect your traffic on unsecured networks and hide your IP
- End-to-end encryption (Signal, ProtonMail, EchoPass) to protect the content of your communications
- A private browser with uBlock Origin to limit tracking
- Two-factor authentication to secure your accounts
For your most sensitive information (posthumous messages, access to your digital legacy), end-to-end encryption is the critical protection. EchoPass uses XChaCha20-Poly1305 with a zero-knowledge architecture: even if someone accesses our servers, your data remains unreadable.