Think You Don't Need a VPN? Use One Anyway

Use a VPN When It's Unsafe
There are some very obvious instances when it's a good idea to use a VPN. When you're traveling, for example, you don't have a lot of choices about where you'll get your internet, and a VPN is a necessity.
Coffee shops are the preeminent example, but really any place where you don't control the Wi-Fi network isn't really safe. I'm talking about airports, airplanes, busses with fancy Wi-Fi connections, hotels, AirBnBs, libraries, and anywhere the network isn't directly controlled by someone you personally trust. Wi-Fi networks in public spaces may not be correctly configured, or not be serviced often. That gives attackers ample opportunity to take control of these naturally occurring honeypots and intercept whatever data is moving across the networks.
Of course, there's no reason why a bad guy would need to bother attacking an existing Wi-Fi network. They could simply set up shop nearby and create their own network with a name that closely resembles the real network. Who among us can say that they have never, in desperation, clicked on a shady looking Wi-Fi network?
Use a VPN When You Only Think It's Safe
Ideally, your office is probably one of the safest, best-run networks you'll encounter. At the PCMag labs, our IT guys will track me down less than an hour after I connected some unauthorized devices for completely legitimate purposes. Despite, or rather because, of that, you should definitely use a VPN on your personal devices in the office. It's the prerogative of your employer to monitor its networks. That means the company can monitor the traffic from your personal devices if you connect to the company's network.
Many devices will automatically connect to Wi-Fi networks they've seen before. When you take your laptop home, it seamlessly finds and connects to your home network. Unless you periodically prune the list of networks on your device, you probably have a few easily guessable network IDs in there. Boingo runs Wi-Fi networks at many airports across the country, and many of those networks have exactly the same name. All an attacker would have to do is set up a rogue access point with the same name as one of these commonly found networks and devices will quietly connect, sometimes without the owners even realizing it.
A more exotic attack relies on "overly chatty" devices that advertise what networks they're looking for. Instead of having to guess an SSID, the attacker can use a specialized device that pretends to be whatever network a device is looking for. I was shown one such attack in progress at Black Hat. The company that spotted it estimated that the rogue network had fooled some 35,000 devices.
Use a VPN When You're Safe
A solid quarter of PCMag's readers use a VPN service to stream video, so it's safe to assume they're using a VPN at home. If they're not, they should be. But that's not the reason why I use a VPN in the comfort of my mist-shrouded Hudson Valley mansion. I do it because I loathe my internet service provider.
There are two halves to my hatred: the first is the generalized anger most people have towards a faceless corporation that milks me for cash on a monthly basis. I'll never have warm and fuzzy feelings toward a company that routinely raises my rates, provides crummy service, and tacks on unnecessary "features" to my bills.
The other (and more relevant) half of my tumor of ire is that, despite all the ways my ISP is already sucking my wallet dry, it's also selling my data. There was a time, not long ago, when ISPs were forbidden from selling anonymized user data, but they wanted a piece of the surveillance capitalism pie that has served Google, Facebook, and sundry ad networks so well for the past decade and a half. Congress gave it to them, and now my data (along with a bunch of other people's) is lumped together and sold off for ad intelligence, or who knows what big data grift.
I'm not a fan of paying for things with my data, but at least in the case of Facebook and Google, their services don't cost anything. I'm already paying my ISP, and the company still feels entitled to make even more money off me. Moreover, I could theoretically do without Google or Facebook but I don't have a lot of choice in my ISP. In fact, some people in the great city of New York have only one broadband provider to choose from.
If that's not a good enough argument for you, consider the lengths that law enforcement and governments have gone to to intercept people's data. From the NSA to your local police, there are plenty of powerful organizations eager to get a peek at what you're doing. Maybe you have nothing to hide, but laws can change and I, for one, would like the people performing domestic surveillance to actually have to work at it.
VPN download