I’ve heard the idea of “competing jurisdictions” advanced here: run your own Wireguard VM in China or Russia and route traffic through that box, with the goal of essentially introducing unfriendly international borders in your traffic. Ideally your Russian VM provider would be uninterested in responding to an American subpoena.
The other concept I’ve heard put out is to add layers - your traffic hits Vultr, then Hetzner, then etc etc. Conceivably if you cross enough jurisdictions you can make it very difficult for a legal adversary to attack your traffic.
Would I bet on this for activities I needed to remain exceptionally private? No - but if I needed relatively consistently low latency traffic and a decent baseline of privacy it might just work.
In the end you have to trust someone or you might as well just stay offline forever. In the US, very few people have much choice in their ISP. If you are lucky you might have more than two options. Many ISPs are known to be untrustworthy. They outright state they will mine your internet history and sell it. If I have the choice between an ISP who I know will sell my browsing history and a VPN which might, but claims not to? Well, I know which one I'm going to pick.
If ISPs don't shut down people's accounts they'll get sued for billions in fines.
There are still open court cases against multiple ISPs for not cutting enough people off from the internet. So far, courts have agreed with the RIAA/MPA who paid good money for the laws we have.
Yes, the media industry is certainly more to blame here. Although, the current ISP oligopoly means that there are less companies to sue or otherwise bully. And it doesn't help that some major ISPs are owned by companies that also produce copyrighted content they want to protect.
Moreover, why do you imagine that the VPN is not being operated by the NSA? THere are really a few different kinds of VPN operators: intelligence services, organized criminals, and legit businesses. You have no way of determining which is which.
The other concept I’ve heard put out is to add layers - your traffic hits Vultr, then Hetzner, then etc etc. Conceivably if you cross enough jurisdictions you can make it very difficult for a legal adversary to attack your traffic.
Would I bet on this for activities I needed to remain exceptionally private? No - but if I needed relatively consistently low latency traffic and a decent baseline of privacy it might just work.