> Given the amount of advertising for vpns you might think they are a scam.
Tom Scott did a video in 2019 entitled "This Video Is Sponsored By [redacted] VPN" where he explains why a lot of the ad copy at that time was often misleading, and why he didn't take money from them:
Tom Scott is still producing podcast and/or gameshow via Lateral and The Technical Difficulties. It's certainly not a British guy in a red t-shirt explaining interesting trivia, but it's still entertaining.
One of the main reasons you see so much advertising for them is because it's very easy to sell and very easy to get a partner account. They hand out those custom promo links to creators like candy.
More like "scareware", maybe not quite to the term, but they generally advertise on 'aren't you scared of the threats on the web?? well here they are so you should be scared! buy product' kind of thing. There are legitimate uses, but they can be so benign and almost irrelevant to whatever security pitch (like...getting around georestrictions)
If you know you're in honey then you act accordingly. If you think you aren't in honey then you're more likely to let your guard down and get into trouble.
For instance, an embassy with clear telephone and telegraph lines knows they're being listened to, and subsequently is very careful about what they transmit. An embassy who has bought Crypto AG (https://en.wikipedia.org/wiki/Crypto_AG ) equipment thinks they are secure and transmits information they would never dream of sending if they knew they were being listened to.
Basically, yeah. Unless it's your server in your basement and/or colo, you have no way of knowing for sure. Plus reselling that data could be very lucrative, as there are a lot of companies (and governments) that would be quite interested in that data...
Specifically:
* there is a presumption that a VPN, esp. a commercial one used by the average person for non-work related activities, is doing something shady. not entirely unfounded, though "shady" could simply be watching Brazilian Netflix
* the ISP can't see what you're doing, but the VPN can, and they're almost certainly using some sort of specialty firewalls / VPN aggregators / custom devices. Chances are those devices can do some deep packet inspection, and any lag would be perceived as using the VPN. Might even be able to MITM connections, maybe.
* DNS is often just as interesting or damning as actual traffic, and most VPNs will configure you to use their DNS to prevent leaks. but that means they know you're looking up "totally-legit-bitcoin-trade-site.com", or maybe "hardcore-gay-pronz.net" 3 times a day. they don't know what you're looking at while on those websites -- maybe you're ssh-ing to their server to fix apache? -- but they can make assumptions.
Depending on what you need them for. Privacy? Your VPN provider will know your traffic but your ISP won't. Circumvention of georestrictions? Preventing problems when torrenting? Circumventing the GFC? There are many applications.
I use AirVPN myself. It is not as comfortable and convenient as Astrill but works for me. (Disclaimer: No affiliation and I have not tried AirVPN in China yet)
I am not sure why my post was downvoted. I have no affiliation with AirVPN.
I am not in China anymore but Astill was always the VPN of Choice. But 2 years are now 300 USD if I remember correctly.
Tom Scott did a video in 2019 entitled "This Video Is Sponsored By [redacted] VPN" where he explains why a lot of the ad copy at that time was often misleading, and why he didn't take money from them:
* https://www.youtube.com/watch?v=WVDQEoe6ZWY
In 2022 he made video with an ad read from a VPN provider with more honest claims about their use cases:
* https://www.youtube.com/watch?v=uXlQuTRSmzc