Your data still travels across the internet unencrypted. It only protects you on the LAN level.
Your data still travels across the internet unencrypted. It only protects you on the LAN level.
While ISPs are in many jurisdictions obligated to log your connections (data retentions laws), VPN providers are not.
It’s not just all about encrypting traffic. Many people connect to the internet over a static IP most of the time from their home network. A VPN provides protection against tracking in this case.
A VPN doesn’t do much to protect HTTP connections.
That, unlike your ISP, isn’t obligated by law to log the connections you make (‘data retention’). Depending on the jurisdictions.
HTTPS, sure. But your ISP can and will create a pretty comprehensive social graph about you using only metadata (server IPs or hostnames). Where I live, all home networks basically have a static IP. Also, besides a commercial incentive, ISPs are also mandated to log your connections. VPNs are not.
I don’t know how likely that is. But I was a bit too quick in my judgement, on public networks a VPN does ass significant protection to HTTP connections. Not really on home networks, mobile networks or well-secured public/office networks though.
I honestly don’t know how much risk your data is at after leaving the tunnel. Luckily most things are HTTPS now.