VPNs create an encrypted "tunnel" or connection between your system, and an endpoint somewhere else. Provided the tunnel uses strong encryption, and most VPNs do, the traffic you're sending and receiving can't be intercepted and read or altered by third parties.
You can also "lie" about your location to geoblocking services, and to government agencies and other organisations conducting surveillance on the internet, by making it appear that you're connecting via a different IP address than the one assigned to your computer.
On the network you're on, third parties can still see that there's a connection however, going to a specific point and from that deduce that a VPN is being used. This may or may not have consequences for the VPN user.
Nevertheless, setting up a VPN is a good way to survive on shared networks such as public Wi-Fi. On those, you don't know who else is connected to the network, and you probably don't want to share unencrypted data with strangers.
This is especially true for when you're travelling in countries with lax attitudes to cybercrime and security, but which are very strict about expressing criticism or dissent. Journalists especially need to think about this, to protect themselves and their sources. Business people wanting to keep their trade secrets safe should also take note of this.
There are some pitfalls to watch out for here though. If you set up a VPN tunnel to your own trusted and safe network that you control, there's not much to worry about.
If someone can see that your system wants to know the Internet Protocol address for a certain site, they can easily guess what you're after from that particular domain.
Connect to a third-party VPN provider however, and the endpoint where your traffic joins the internet is no longer controlled by you. That VPN provider could log and keep information about your connection, and hand it over to authorities, or to commercial organisations.
Raiding a VPN provider that has logged users' connections is a convenient way to round up suspects, and that's something to be aware of.
There's also a possibility of the traffic itself being intercepted at the VPN endpoint, if it isn't encrypted with HTTPS for instance. You're trusting someone else's internet connection to be secure, basically.
You also have to be aware of how much of your traffic to and from your computer goes via the VPN. Some VPNs only tunnel traffic over the older IPv4 internet protocol and might not encrypt look ups for sites in the domain name system (DNS). If someone can see that your system wants to know the Internet Protocol address for a certain site, they can easily guess what you're after from that particular domain.
One not so obvious limitation comes from VPN providers often being a long way from users — due to the way the internet works, if you connect to a VPN in Europe, even with network tweaks, your connection isn't going to be as snappy and fast as straight from your computer or mobile device. The traffic will have to take a longer route, which adds delay and the provider's network capacity will be a limiting factor.
If you want to do some more research on VPNs, and get an idea of just how complicated it is to protect your traffic on the internet, Torrentfreak's annual overview of service providers is a good start.
Obviously, TorrentFreak's audience wants to have protected access to paid and unpaid content that's geoblocked or hosted on torrent sites (or streaming video servers), but that's not the only use of VPNs of course.
Either way, even if a VPN provider ticks all the boxes and seems secure, be aware that the protection could unravel at any point. Be careful with what you send and receive, in other words.