[LeoPanthera]

I've been forwarding all outgoing connections on port 80 (and a selection of other commonly-unencrypted ports) through a VPN (in the router) for a while now - but leaving all other ports (including most importantly 443) connecting directly.

It feels like a good compromise between privacy and speed.

(I realise this is not the subject of the article exactly but I figured it's a related issue.)

[MaxBarraclough]

Interesting approach.

It has the happy property that the performance penalty will trend toward zero over time, as fewer and fewer holdout websites stick with unencrypted HTTP. Even Netflix streaming uses HTTPS these days.

By the end of the year I figure we'll have virtually no such holdouts. https://www.theregister.co.uk/2018/02/08/google_chrome_http_...

[brigade]

Why do you feel that way? VPNs are vastly more likely to actually read your traffic than any ISP.

[oger]

Not an issue when you run your own VPN with a cheap VPS - meaning the data is exiting in a datacenter in a location of your choice. While they or their upstream providers will certainly have some 'lawful interception' capability they are usually not interested in analyzing / selling the data on their wires as the consumer-facing ISPs.

[deltaprotocol]

Can you provide more background on your blanket statement?

There are good and bad VPNs but ISPs are much larger corporations with direct ties to governments. I fail to see how a good VPN is worse than ISP + Governments.

[pasta]

Depends on where the VPN connects to.

[LeoPanthera]

I control the other end of the VPN, I'm not using a public VPN service. All I care about is routing around my ISP. (Which is Comcast - whom I do not trust.)