[netwanderer3]

If you use Chrome browser or Android phone then Google is already able to build a profile on you. They have multiple ways to ID every session and individual browsing tab to link them back to your profile. VPN is completely irrelevant in their game.

[danShumway]

If Google has my data, does that mean I should also give it to Comcast?

This kind of argument comes up a lot, and I really don't understand it, at all. Privacy is a process, it's something you improve over time. The alternative is completely circular.

I shouldn't care about switching to Firefox, because my ISP is already getting all this data anyway, and I shouldn't care about using a VPN because Google is getting all of this data anyway...

If you want to go from no privacy to decent privacy, it is inevitable that there is going to be a period where you are only plugging some of the holes.

[netwanderer3]

My point is if you are trying to prevent someone to build a profile on you entirely then VPN is useless.

For majority of the public who use a VPN provider, they are essentially shifting all the risks of their personal privacy from a highly regulated industry (ISP) to one that is much less regulated (VPN providers). This is a bit similar to all the ICO scams associated with an unregulated cryptocurrency industry. ISP at least will not sell your data to questionable buyers, but there's no law in preventing a VPN provider not to do so.

If you truly believe VPN providers can survive giving you unlimited bandwidth worldwide for only a few bucks a month, without relying on other sources of revenue, then I have a bridge to sell you.

Most of them don't operate with transparency, not being audited nor being accountable or required by regulation to keep your data safe but yeah let's trust them instead!

[danShumway]

> ISP at least will not sell your data to questionable buyers

https://techcrunch.com/2019/01/09/us-cell-carriers-still-sel...

ISP regulation in the US has completely failed to prevent abuses. I'm not here to argue that you should blindly grab a 4-5$ a month VPN, but absent a technological solution like Tor, this is better than nothing.

But if you really think your ISP is more trustworthy than PIA, set up your own VPN on a Linode server and use that instead. At least then you won't have to trust your university/hotel/business Internet to be configured correctly, and at least then you won't be handing your zip code to every single site you visit.

Even a self-controlled VPN is a strict privacy/security upgrade over connecting your laptop unprotected to a hotel's wifi.

> if you are trying to prevent someone to build a profile on you entirely

If you are trying to prevent someone from building a profile on you entirely, then you are going to need to do a lot more than use a VPN. But that's in addition, not instead. You have to start somewhere.

[netwanderer3]

The only effective way, that I know of, to prevent someone to build a profile on you is by throwing a lot of useless data to confuse them. Blocking their access is not effective because they have multiple ways to get to you, especially when you're just part of a bigger target market. These conventional methods like VPN are simply too easy for them with million of other people also using it.

If you're constantly throwing useless data at them, adding irrelevant URLs or browsing patterns to the data stream then their system will be confused and unable to paint an accurate picture of your profile.

This is borrowed from a similar strategy used by professionals who have gone off-grid and wanted to avoid being tracked. They would pay multiple other people to use their credit/debit cards at various different locations around the world so the system tracking them would be confused and could not pin point their exact current location.

[stordoff]

> For majority of the public who use a VPN provider, they are essentially shifting all the risks of their personal privacy from a highly regulated industry (ISP) to one that is much less regulated (VPN providers).

But I don't like the logs that my ISP is _required_ to keep, an and the organisations that have access to them as a result. A VPN removes that.

> but there's no law in preventing a VPN provider not to do so

GDPR.

(for a UK perspective)