The "You don't need a VPN" absolutists are completely missing what people go to VPNs for. The supposed debunking usually is along the lines of "TLS protects you well enough anyway", which doesn't work for:

- People who have ban-happy governments,

- People whose ISPs use DPI to harvest data on what they are accessing, and

- People who need to evade region blocks.

It's simple: you get a VPN if your threat model is your ISP or your government. Unlike my IPS, which has a quasi-monopoly in my area, if the VPN I use keeps logs I can take my business elsewhere, and many VPNs have had their no-logging provisions audited and tested in courts. I despise both my ISP and my government, and so I'm perfectly happy paying for a VPN.

Even for the so-called normies who are buying VPN subscriptions, it is rarely because they think it's more secure and almost always for evading region blocks. Every VPN that advertises on YouTube content creators has completely changed their marketing to emphasize this.

I pay for my VPN provider because I love the way they work, with Open Source clients, fancy docs like how to set up a mullvad wireguard VPN on an OpenWRT router etc. And they come across as convinced security nerds to me. It needs no registration (it just generates a code) and you can pay in cash :)

This is by no means a reason to trust them of course. But I see no big difference to trusting my ISP so they're my go-to solution for my guest network at home and a better feeling when browsing in public Wi-Fi, even if that's just a leap of faith.

That said, there are quite some reasons to pay for VPN. Using Tor for my router is no more secure as exit nodes could be operated by anyone. Using my cellular data as suggested by the article is falling back on my ISP.

And so would be setting up a VPN to my home network, which unfortunately isn't even covered in this article even though that is not too difficult either (for some, at least).