For $5/month you can roll your own OpenVPN server with Digital Ocean and it will. [0] Bonus: your cellular ISP can't see your traffic and you're automatically protected at coffee shops.
Downside: Battery life takes a slight hit due to encryption.
Digital ocean has not nearly as much of an incentive in selling or tracking the huge amounts of traffic that goes over most of their B2B customers, while your ISP wants to up that ARPU number from every B2C customer in every way possible. And you can switch your cloud server provider easily, your local monopoly ISP not so much. Digital ocean has far more to lose by doing that, while ISPs have a captive audience.
DO will forward those torrent scare / spam server abuse emails ASAP, so they won't be good for that kind of stuff.
Sure. Someone can see my traffic. You're never anonymous on the Internet. But, as other commenters have said, it's a matter of aligning incentives: the likelihood that DigitalOcean will take any notice of my measly account is much lower than my ISP, which would love to know what I'm up to. If that incentive estimation changes, I'm off to a different solution.
It's true. You can reduce risk by using an ethical company. I recommend Prgmr.com over DO. Not just cuz they kindly host Lobste.rs for free. Ive watched one's comments for years plus how they discuss downtime or vulnerabilities kn their blog. They consistently seem like straight-forward, honest business. Low likelihood of nefarious stuff.
Good to know. I experienced the same when I set up algo on Scaleway recently. I considered Digital Ocean as an alternative, but ended up using Hetzner Cloud (which I now prefer, since it is cheaper and based in Germany). No access issues with appleid.apple.com anymore.
If many hosts get abused (usually due to people setting up a quick VM for a task and forgetting to update it manually and not setting up automatic security patching) even a reputable hosting service becomes a script-kiddie farm.
Perhaps this has happened with DO and Apple have blocked its host address ranges from the API due to unwitting past involvement in hack/DDoS attempts?
This is common with public VPN services that people I know have used. I have the luxury of fixed addressing and decent bandwidth at home, so I run my VPN there and have thus far not noticed any such issues. This also means that services that are location sensitive work as if I'm at home (not some random other place the VPN endpoint appears at).