How does a VPN actually protect me?

So right now, I am writing this post on a VPN, I have it, so I’ll use it.

My physical IP address is in Australia

My VPN address is in Switzerland

According to my computer, I am writing this to a reddit server at 151.101.65.140 which geolocates to San Francisco

Now I understand that this creates an encrypted pipe between my computer and the computer at the other end in Switzerland

But doesn’t that mean that the bit between the computer in Switzerland and the computer in San Francisco isn’t in the VPN network, and therefore not encrypted?

Likewise, my bank Geolocates to Sydney, NSW, Australia

So if I use a VPN to “Protect my data from hackers, spies, and middlemen”, is my data going from my computer in Brisbane, QLD, Australia via an encrypted pipe to Zurich, Switzerland, and then via an unencrypted pipe back to my bank in Sydney, NSW, Australia?

What stops a hacker seeing the bit between the computer at the other end of my encrypted VPN pipe and my bank?

Or the other end of my VPN pipe and Reddit?

I mean, doesn’t this make VPN providers a better place for hackers to target? I mean, if I connect to my bank via my connection it makes it’s own way from my house to the bank, hacker needs to find somewhere between me and the bank to get my data.

But if I use a VPN, why can’t the hacker just sit at the end point for the VPN’s and just attack everything that comes out of the end of the VPN?

Do VPN’s just aggregate the data and make it easier for attackers to attack at the end point?

Should I be using a VPN and something like TOR as well? So that I layer my protection? So like set my VPN to Australia but have TOR set to somewhere random like Kazakhstan? Or would that not work?

Most vpns wouldn’t actually protect you in a meaningful way. But if a business runs a VPN like a sonicwall, fortigate, ect. They can control all the traffic that comes through thus hindering any known bad actors.

Some companies that advertise a secure VPN do the same thing, they control what data comes through specifically stopping bad actors.

If you are just using your own VPN to reach your home network from the coffee shop and you don’t have any rules set up, there really isn’t any protection.

Also, whoever you use as a VPN provider can see all your data so keep that in mind as well.

So this is a big topic but I’ll try to cover a few points you brought up. VPNs that can help protect you in a few ways:

• Protects your machine’s various connections. Most computers spend a lot of energy talking to many servers in many places. Unfortunately, some of those servers are secure and privacy-respecting but some aren’t. By pushing everything through a secure connection, you can share less data about yourself overall.

• Are run by people who know security well. They’re generally setup on secure, well managed networks. That helps avoid you being more of a target.

• Prevent ISP surveillance. Internet service providers in some countries can sell user data about their customers. Notably there’s no law against that in the US. VPNs help avoid some of that data sharing.

• Integrate things like quality, well managed DNS tools. This can bring some security benefits.

They do not make you anonymous, they do not protect you from misconfigured websites, and they do not prevent you from downloading viruses. It’s also possible someone could set themselves up just outside of the VPN and monitor traffic. This has been a problem on TOR exit nodes, but that’s a whole other topic.