For Windows, when should I turn off my VPN, if ever?

Hello Techlore community. I have a low threat model. When I put my Windows 11 (cue the comments) desktop to sleep, I turn off my VPN. My gut tells me unless shutdown (power off), my computer is still communicating with the Internet. Therefore, I am guessing my VPN ought to be on because I am now exposing my IP and unencrypted data to my ISP, etc.

Thoughts on best practices when a VPN should ever be turned off for similar loiw threat models with Windows devices?

PS: Thanks to the support of the community for folks like me who are newer to privacy and security topics. We have to start somewhere. #grateful

Get mullvad and use always on vpn. Which makes vpn stay on all the time and when you disconnect you will need to choose a location to connect to the internet again

To be honest, the main thing a VPN protects against is your ISP seeing what you do. Everyone else will see or not see the same information about you as they would without a VPN, except for the different IP.

What should you ask yourself in this situation?

  1. How much of a threat, if at all, do you consider your ISP to be? That will determine whether you need to protect against them with a VPN.
  2. Do you trust your VPN provider more than your ISP?
  3. Are you fine with any potential hits to performance this will cause? This of course depends on whether you even take a hit to performance.

I’m specifically talking about the idea of always running your VPN. If you’re connecting to a public or untrusted network, 100% I would use a VPN.

If I were you, I would not run a VPN 24/7. In general, they are usefull, but you should have a realistic approach on what they can and can’t do. The websites you visit are most likely able to identify you without knowing your exact IP adress by browser fingerprinting. Also, running a VPN constantly might cause issues with your accounts or even lock you out of them (the security systems might think that your account was compromised beacuse of the different IP address. This actually happened to me once) . Hardening your browser is nice thing to do, but its not perfect and might cause some inconveniences (some websites will not work properly). You can verify how unique your fingerprint is on amiunique(.)org

If you are a normal person, you probably should not care that much. If you want to research something very sensitive, use Tails or Whonix for that.

You might be also interested in split tunneling. This essentially allows you to run only specified apps with your VPN. It is extremely easy to do on android, and pretty easy to do on other desktop operating systems with docker. Some clients support it out of the box. I personally used to use deluge container made by binhex.