So Why I Finally Bothered
Okay so I was sitting at this cafe near Koramangala, the kind of place where the Wi-Fi password is written in chalk on a little blackboard next to the counter, and my friend Rohan who does something in information security was telling me about how people on the same Wi-Fi network can basically watch what everyone else is doing online. Not in some movie-style hacking way. He said you just need a laptop and a free programme that anyone can download, and you can see which websites the person sitting two tables away is visiting. I had opened my HDFC netbanking app maybe ten minutes before he told me this. I remember putting my phone face-down on the table like that would help.
I had been telling myself I would set up a VPN for about two years at that point.
Two full years. I kept picturing it as this big technical project. I thought there would be config files, maybe I would need to type in server addresses manually, or there would be some terminal-window situation involved. I do not know where I got this idea. Maybe from the one time I tried to set up a VPN on my laptop in 2019 using some tutorial that involved editing network settings and I gave up after step four because I could not find the menu they were describing. That memory just sort of stuck and it convinced me that VPNs were complicated, which, I now know, is completely wrong. On Android it is laughably simple. I felt embarrassed when I finally did it because I had been avoiding something that took less time than ordering food on Zomato.
Anyway, some quick context on what a VPN actually does, because I had a fuzzy understanding of it before and I think a lot of people do. When your phone connects to the internet normally — say through cafe Wi-Fi or your Jio data — the data travels from your phone through that network and then out to whatever website or app you are using. Anyone who controls or has access to that network can see what you are doing. Your internet service provider can see it. The cafe owner can see it, technically. Some random person sitting in the cafe with the right software can see it.
A VPN puts an encrypted tunnel between your phone and a server somewhere else in the world. Your phone sends all its internet traffic through that tunnel first. The data is scrambled before it leaves your phone, travels through the tunnel to the VPN server, and only then goes out to the actual internet. The cafe Wi-Fi sees encrypted gibberish going to one IP address. Your ISP sees the same thing. Neither of them can tell if you are checking your bank balance or watching YouTube or reading the news. They just see scrambled traffic going to one destination.
Does a VPN make you invisible? No. The VPN company itself can theoretically see your traffic, which is why picking the right one matters, but I will get to that. Does it stop someone from sending you a phishing link? Also no. It does not protect you from bad decisions, just from people snooping on your connection. But does it mean the person at the next table cannot watch what I browse, and Airtel cannot keep a detailed record of every website I visit? Yes. And for me, sitting in that cafe, that was enough. I went home and did it that same evening.
The thing that actually pushed me was not Rohan's explanation. It was the feeling. I sat there for another twenty minutes after he told me, and I could not bring myself to open any app that had my login information. Not email, not banking, nothing. I just scrolled Instagram because that felt low-stakes. That feeling of not trusting the network you are on, that is what made me stop procrastinating.
I should mention that I am not a very technical person. I write about privacy and security, but I am not an engineer. I do not code. When people start talking about protocols and encryption standards my eyes glaze over a bit. If I can set up a VPN, you can set up a VPN. That is the whole reason I am writing this down. Not because the process is interesting, but because it is boring, and boring is the point. It should not be intimidating.
Tried Three Apps Before Finding One That Worked
The Google Play Store has hundreds of VPN apps and most of them are terrible. I am not exaggerating. There was an academic study from a few years ago. Researchers at CSIRO in Australia analysed 283 free VPN apps on Android and found that 38% of them contained some form of malware or adware. Almost 20% of them did not even encrypt your traffic at all, which defeats the entire purpose. Some of them were logging everything you did — every website, every search, every connection — and selling that data to advertising companies and data brokers. You install a privacy tool and it turns out to be the thing spying on you. Beautiful.
I went into the Play Store and searched “free VPN” and the top result had something like 100 million downloads and a 4.6-star rating. I installed it. The interface was colourful, there was a big button that said “Connect,” and I pressed it. It connected. Then a full-screen ad appeared. I closed the ad. I opened Chrome and tried to load a website. It took about fifteen seconds. I tried another site. Same thing. It felt like being on 2G internet in 2012. Then another full-screen ad. I used it for about twenty minutes and then deleted it because life is too short. The speed was unusable and the ads were constant and I remember thinking, okay, this company is clearly making money from showing me ads and probably from my data too, so what is the point of this.
The second one I tried was recommended by a colleague. It was faster, I will give it that. The interface was clean, no ads on the free version. But something felt off so I went and read the privacy policy, which I almost never do, but I was specifically installing this app for privacy reasons so it felt appropriate. The privacy policy said, and I am paraphrasing, that they collect and store connection timestamps, the amount of bandwidth you use, and the server you connect to. They said they do not log the specific websites you visit, but the fact that they keep any logs at all made me uncomfortable. If a government or a court order asks for those logs, the company has to hand them over. And connection timestamps plus bandwidth data can reveal more than you think. If someone knows you connected to a VPN server at 9:47 PM and transferred 2.3 GB of data, and then a particular website recorded a visitor at 9:47 PM who downloaded 2.3 GB, the math is not hard.
So I deleted that one too.
The third app I tried was ProtonVPN, and I have been using it since. The free tier gives you access to servers in five countries. There is no data cap, which is unusual for a free VPN. Most free VPNs limit you to 500 MB or 1 GB per month, which is nothing if you watch any video at all. ProtonVPN free has no ads, no data limit, and works on one device at a time. It is made by the same company that makes ProtonMail, which has been around since 2014 and has a decent track record on privacy. Their no-logs policy has been audited by an independent security firm called Securitum, and the audit confirmed that they do what they claim. No activity logs, no connection logs, nothing.
The paid version costs about 280 rupees per month if you get the yearly plan, and it gives you access to servers in over 60 countries, faster speeds, and you can use it on up to 10 devices. I have been on the free tier for months and it is fine for regular browsing, social media, and streaming at standard definition. If you want to stream in HD or you need to connect from a specific country, paid is worth it. But for just protecting your connection on public Wi-Fi and keeping your ISP from logging your browsing history, free is enough.
There are other good options too. Mullvad VPN is excellent if you are willing to pay. It costs about 450 rupees a month, does not require an email to sign up, and you can pay with cash if you mail them an envelope. I am serious. They do not want to know who you are. IVPN is another solid one with a similar philosophy. But ProtonVPN is the only one I know that offers a genuinely usable free tier with no data caps, which is why I ended up there and stayed.
One more thing about choosing a VPN. If a VPN app is completely free, has no paid tier at all, and runs ads, be very skeptical. Running VPN servers costs real money. The bandwidth, the server hardware, the maintenance. If the company is not charging you anything and is not showing you ads, they might be doing something noble, or they might be surviving on venture capital money and will change their policies later. But if they are showing you ads, they are almost certainly profiling your browsing to target those ads, which means they are watching what you do. The business model is the product. You have to think about how the company makes money, because that tells you what they are doing with your data.
The Actual Setup (Embarrassingly Easy)
Okay so the actual installation. Open the Google Play Store on your phone. Search for “ProtonVPN.” The developer name should say Proton AG. It has millions of downloads. Install it. The app is about 40-50 MB so it downloads fast even on a slow connection.
Open the app. It will ask you to create an account or sign in. Tap “Create Account.” You need an email address and a password. No phone number needed for the free tier, which I appreciated because I did not want to hand over my number to yet another company. If you are feeling cautious, make a new email address just for this. I used my regular Gmail because I was too lazy to go make a new email account, and honestly it probably does not matter much since ProtonVPN already knows your IP address when you connect to their server anyway.
Once you are logged in, the main screen shows a map of the world and a big button that says “Quick Connect.” Tap that button. The first time you do this, Android will pop up a system dialog that says something like “ProtonVPN wants to set up a VPN connection. Do you trust this application?” Tap OK. This is a standard Android security prompt that appears for every VPN app. It is Android asking for your permission to let the app create an encrypted tunnel for your traffic. You only see this once.
And that is it. You are connected.
There will be a small key-shaped icon in your notification bar at the top of the screen. That icon stays there as long as the VPN is active. If you pull down the notification shade, you will see a persistent notification from ProtonVPN showing you which server you are connected to, how long you have been connected, and how much data you have used.
When I connected for the first time, it put me on a server in the Netherlands because that was the default for Quick Connect. I opened Chrome, loaded a few websites, scrolled through Twitter, watched a YouTube video. Everything worked normally. Speed was maybe 10-15% slower than without the VPN, which honestly I did not notice until I ran a speed test to check. The Japan server tends to be fastest from India on the free tier, from what I have experienced. You can manually pick a server by scrolling through the country list in the app, or you can just let Quick Connect choose the least busy one for you.
I want to talk about a setting I did not discover until about a week later, because it matters. Android has a built-in feature called Always-on VPN. What it does is this: if your VPN connection drops for any reason — you walk out of Wi-Fi range, you switch from Wi-Fi to mobile data, your phone restarts, the VPN server has a blip — Android will automatically reconnect the VPN without you having to open the app and press anything. Without this setting turned on, there is a gap between when your VPN disconnects and when you notice and reconnect. During that gap, your traffic is unprotected. With Always-on VPN, Android handles reconnection immediately, in the background, so you are never exposed without knowing it.
To turn it on, go to your phone’s Settings, then Network & Internet, then VPN. You should see ProtonVPN listed there. Tap the gear icon next to it. Toggle on “Always-on VPN.” There is a second toggle underneath called “Block connections without VPN.” That one is more aggressive. If the VPN is not connected, your phone will refuse to use the internet at all. No VPN, no internet. I eventually turned that on too, but I would suggest waiting a week or two after you start using the VPN just so you know everything is stable and you are not accidentally cutting off your own internet.
I also want to mention the protocol setting because it made a noticeable difference for me. In the ProtonVPN app, go to Settings and look for the Protocol option. By default it was set to OpenVPN on my phone. I switched it to WireGuard. WireGuard is a newer protocol that uses less battery, connects faster, and in my experience gives slightly better speeds compared to OpenVPN. The difference was especially noticeable when switching between Wi-Fi and mobile data. With OpenVPN, there was a 3-4 second pause while the VPN reconnected. With WireGuard, the reconnection is almost instant. I do not fully understand the technical reasons behind this, but the practical effect is that your phone feels snappier with WireGuard on.
One thing that tripped me up and might trip you up too: after you enable Always-on VPN, you might see your phone struggle for a few seconds when it first wakes up or when you switch networks. This is normal. The VPN is reconnecting in the background. It takes one to three seconds usually. If you have “Block connections without VPN” turned on, you might see a “No internet” notification flash briefly during those seconds. Do not panic. It goes away once the VPN reconnects. I panicked the first time and thought I had broken something.
Do I Even Notice It Running?
Two days after setting everything up, I was at a kirana store near my flat trying to pay for groceries with Google Pay. The payment kept timing out. I tried twice, three times. The shopkeeper was giving me that look. I turned off the VPN and tried again. It went through instantly.
What happened is that Google Pay detected I was connecting from the Netherlands, because that is where my VPN server was, and it flagged the transaction as suspicious. Same thing can happen with PhonePe, Paytm, and most banking apps. They use your IP address as one of several signals to verify that the payment is legitimate, and if your IP suddenly says you are in Europe while your phone's GPS says you are in Bangalore, the app gets confused and blocks the payment.
This could have been a dealbreaker for me. I pay for almost everything with UPI. If the VPN breaks UPI, the VPN is useless no matter how good it is at protecting my privacy.
But ProtonVPN has a feature called split tunneling that solves this completely. Open the ProtonVPN app, go to Settings, find Split Tunneling, and toggle it on. Then you get a list of all the apps on your phone. You pick which apps should bypass the VPN and connect directly to the internet without going through the tunnel. I excluded Google Pay, PhonePe, Paytm, my HDFC banking app, my ICICI banking app, Swiggy (it needs your real location for delivery), Uber, and Ola. Everything else on my phone goes through the VPN. Browser, email, Instagram, YouTube, WhatsApp, Twitter, Reddit — all of those go through the VPN. Payment and delivery apps get a direct connection.
Setting up split tunneling took me about three minutes. I have not had a single UPI payment fail since. It is the feature that makes using a VPN actually practical for daily life in India, where we pay for everything with our phones. Without split tunneling, I think most people would give up on VPNs within a week because of the UPI issues.
Anyway, the battery question. Everyone asks about battery drain. My phone is a Redmi Note 11 Pro, not exactly a new phone at this point, and the battery is probably not what it was when I bought it. After using the VPN for about three weeks, this is roughly what I noticed: on days when I use Wi-Fi most of the time, the VPN adds maybe 4-5% extra drain over the course of the day. On days when I am out and about on mobile data with the VPN reconnecting multiple times as I move between cell towers, it might be 7-8% extra. Switching from OpenVPN to WireGuard improved this. WireGuard is lighter on the battery because it does less processing per packet of data.
On any phone from the last three or four years with a battery of 4,000 mAh or more, you will probably not notice the difference. If you are on an older phone with a 3,000 mAh battery that already struggles to last the day, you might want to keep the VPN off when you are at home on your own Wi-Fi and only turn it on when you connect to networks you do not trust. The Always-on VPN setting makes this inconvenient, though, since the whole point is that it stays on all the time. It is a trade-off, and you have to decide what matters more to you.
There is something I wish someone had told me before I started, and I am going to tell you now because it took me an embarrassingly long time to think of it on my own. After you set up your VPN and connect for the first time, go to whatismyipaddress.com in your phone browser. It will show you your current IP address and the approximate location associated with it. With the VPN on, it should show a location in whatever country your VPN server is in. If it shows your actual city in India, the VPN is not working properly and something is leaking. Turn it off and on again, try a different server, or check your split tunneling settings to make sure your browser is not excluded.
Then go to dnsleaktest.com and run the extended test. DNS is the system that translates website names like google.com into IP addresses. Even if your VPN is working, sometimes your DNS requests can leak through your ISP instead of going through the VPN tunnel. If the test results show servers belonging to Jio, Airtel, Vi, or BSNL, you have a DNS leak. In ProtonVPN, this should not happen because the app handles DNS automatically, but it is worth checking once. My friend was using a different VPN app for three weeks before he ran this test and discovered his DNS had been leaking the entire time. Every website he visited was being logged by his ISP despite the VPN being “on.”
I also want to mention speed testing because I was curious and you might be too. I ran speed tests on my Airtel connection with the VPN off and then with the VPN on, connected to different servers. Without VPN, I was getting about 45 Mbps download and 12 Mbps upload. With VPN on the Netherlands server, I got about 32 Mbps download and 8 Mbps upload. With VPN on the Japan server, about 38 Mbps download and 10 Mbps upload. The Japan server was consistently faster from India, probably because it is geographically closer. These speeds are more than enough for anything I do on my phone. I do not notice the difference in daily use. Websites load fine, videos buffer fine, video calls work fine. The only thing that might be noticeable is if you are downloading a very large file, where the speed difference adds up over time.
Anyway, one last thing. A VPN is not a magic shield. It does not protect you from phishing. If someone sends you a fake SBI login page and you enter your credentials, the VPN cannot help you. It does not protect you from downloading malware. If you install a sketchy app from outside the Play Store, the VPN is irrelevant. What it does is protect the connection between your phone and the internet from being monitored by your ISP, by the owner of whatever Wi-Fi network you are on, and by anyone else who might be watching traffic on that network. That is a specific, limited, but genuinely useful thing.
I think of it like locking the door to your flat. Locking your door does not prevent all crime. Someone could break a window. But not locking your door would be silly when the lock is right there and takes two seconds to use.
That is basically it. Took me maybe ten minutes. I do not know why I put it off for two years. Probably the same reason I put off everything that involves settings menus.
Comments (0)