For years, VPNs have been marketed as one of the simplest ways to protect your privacy online. They can hide your IP address, encrypt your traffic on public Wi-Fi, and help reduce the amount of tracking carried out by websites, apps, and internet providers. But a new warning from Washington suggests there may be an uncomfortable catch – at least for Americans.
A group of six U.S. lawmakers, led by Senator Ron Wyden, has asked Director of National Intelligence Tulsi Gabbard to tell the public whether using a commercial VPN could in some cases make Americans more vulnerable to warrantless government surveillance, not less. Their concern is that when a VPN obscures a user’s real location, intelligence agencies may struggle to tell whether that traffic belongs to an American or to someone overseas. And under current U.S. surveillance rules, that distinction matters a great deal.
The issue centres on Section 702 of the Foreign Intelligence Surveillance Act and Executive Order 12333. In simple terms, these authorities give U.S. intelligence agencies broad powers to collect communications linked to foreigners abroad. Americans are supposed to have stronger protections. The problem, the lawmakers argue, is that declassified surveillance procedures appear to treat people whose location is unknown as presumptively foreign unless there is evidence to the contrary. If that is how the rules are being applied in practice, a VPN user who routes traffic through a remote server could end up looking less like a domestic user and more like a foreign one.
That does not mean every VPN user is suddenly being watched by the NSA. Nor does it mean VPNs are useless. The lawmakers themselves do not claim to have proof that this is happening on a mass scale. Their complaint is that the public has not been told clearly enough whether this legal risk exists, how serious it is, and whether there is anything consumers can do about it. In other words, this is a transparency story as much as a surveillance story.
What makes the story especially striking is the contradiction. U.S. agencies have long encouraged people to use VPNs in some situations, especially on public Wi-Fi. The NSA itself has advised users to use a personal or corporate-provided VPN when connecting on public networks. So the message to consumers has effectively been: use a VPN to protect yourself online – but perhaps without being told that doing so might also affect how intelligence systems classify your traffic.
Why should UK readers care? Because the wider lesson goes well beyond American constitutional law. British users often buy VPNs for three familiar reasons: to stream content, to stay safer on public Wi-Fi while travelling, and to reduce tracking. This latest controversy is a reminder that a VPN is not an invisibility cloak. It changes who you are trusting and which legal system may become relevant to your data. It may shield you from your broadband provider or the owner of a coffee shop Wi-Fi network, while doing much less against state surveillance than the marketing implies.
That is particularly relevant for UK travellers to the United States, expats using American services, and anyone relying on a VPN brand with infrastructure scattered around the world. The senators’ own letter notes that commercial VPN traffic is often mixed together on servers used by large numbers of people from different countries at once. That makes it hard for streaming services to know where a user really is – which is why VPN IPs are often blocked – but it may also make it harder for governments to know who is who without resorting to broad assumptions.
For the VPN industry, this is awkward but important. VPNs still have real security benefits. They can help on public Wi-Fi, can reduce some forms of profiling, and can be useful tools for privacy-conscious users. But they are not a one-stop answer to surveillance. If anything, this story reinforces the idea that privacy comes in layers: device security, browser hygiene, encrypted messaging, careful choice of provider, and a realistic understanding of what a VPN can and cannot do.
The bigger political question now is whether the U.S. intelligence community will answer the lawmakers directly, and whether the row feeds into the broader battle over reforming Section 702. That debate is already live in Washington. If the answer from the government is vague, this story could grow quickly — because it cuts straight to the heart of the VPN industry’s favourite promise: that using a VPN automatically means more privacy. In 2026, that promise looks a little less straightforward than many users were led to believe.
