[majewsky]

What do you want to protect against? If it's ISPs injecting ads into your webpages, or blackhats on the same coffee shop Wifi stealing your credit card data, then HTTPS is enough.

The one thing that a VPN can really help with is hiding your website history (as in: which domains you visit) from your ISP. However, the VPN provider then gets this full insight, so it comes down to whether you trust any particular VPN provider more with your data than your ISP.

Since HTTPS has gained wide adoption, 90% of what VPNs are advertising is bullshit. All these scare ads on YouTube along the lines of "your internet browsing is unsafe unless you go through NordVPN/SurfShark/whatever" are there because they need the subscription fees from casual browsers to offset the bandwidth costs from those customers that actually need a consumer VPN to stream Netflix from $FOREIGN_COUNTRY or do illegal filesharing.

[aww_dang]

VPNs are a centralized point (of failure?) for people who feel they have something to hide.

The incentives at play are interesting to say the least.

Wasn't there a leak of a VPN provider's logs awhile back?

[themarkers]

HTTPS anywhere by now, how ISP doing hijack, I didn’t see anything that can stop privacy leak except source ip.

[majewsky]

Even if you run DNS over an encrypted line (e.g. DoH), the ISP can see which IPs you're talking to, which in many cases translates back rather cleanly into which services you're using (which makes for a rather interesting profile already if you take into account time patterns and bandwidth usage).