VPNs have become a huge market in recent years, with all of them offering essentially the same service but branded differently.
I’ve talked about VPNs before and how you likely don’t need one if all you care about is “privacy”. Otherwise it has some usecases for like downloading torrents or accessing geo-blocked content but that’s about it.
To synthesize, the VPN owners can see what you do instead of your ISP when you use a VPN. You better trust that they don’t keep logs and encrypt your traffic.
Who do you trust more, some VPN company, or your ISP? That’s a personal question only you can answer.
Privacy and “security” is what VPNs advertise heavily on. Security is nonsense from their part; there is no additional security to using a VPN. NordVPN for example likes to talk about the evil hackers in starbucks that will hack your wifi, but that literally never happens (not never never but not enough to justify paying them money for it).
In any case, all VPN rankings omit one very important fact: fed involvement. that’s security 101.
The CIA controlled an encryption company for decades (established after WW2): Crypto AG. They sold encryption machines to embassies around the world under this name, and it was only found out they were CIA in the 2010s.
We’ve known since Snowden about backdoors in Windows that allow the NSA to bypass encryption and spy on anyone they want.
And it’s a very glaring issue. Look at any of those rankings and they’ll talk about privacy and encryption protocols, and never once mention potential fed involvement or other causes for concern.
Even worse, if they do talk about it, they often talk about “Chinese” involvement. How the fuck did the discourse get so bad in just 10 years? They don’t even have anything to back it up. Meanwhile we have evidence of NSA and CIA involvement in encryption and surveillance.
NordVPN especially is strange. They advertise a LOT and always sell at a discount (which makes the VPN cheaper than most competition). ProtonVPN too, I don’t trust anything Proton ever since they surrendered info to the feds about one of their clients (an eco-activist). Secondly they are a “Swiss” company like Crypto AG, but were not founded by Swiss people.
So again, who do you trust more? Some VPN company trying to sell you a product under false pretences, or your local ISP company?
Proton may or may not be an intelligence OP. They popped up conveniently in the aftermath of the Snowden leaks. On the one hand a bunch of physicists who care about privacy would have a good time launching a privacy company that moment and from a pure business logic point of view it makes sense, on the other hand with NSA operations exposed they/CIA would have great interest in a new honeypot to draw all the new users of encryption into.
Put it this way. My ISP as do all ISPs in US and 5-eye states cooperates with the NSA. They scan all traffic, they save all traffic, they hand it over in bulk and will hand it over to less privileged groups like feds and local cops with a simple and badly done warrant application. In other words your ISP is 100% spying on you. Not only for the feds but many of them surveil you to sell your info and interests to ad companies as they occupy the ideal position to snoop. They also retain logs for all data for at least a year in most jurisdictions (NSA logs of the same are retained forever).
By contrast a VPN may be compromised by the feds. But as it is a plausibly deniable, hidden asset it cannot be directly used against you (because doing so would expose it, cause the rats to flee the ship and incur expenses for setting up a new one plus permanent increased paranoia from targets which makes surveillance harder). FBI can’t in open court charge you without complicated, expensive and time consuming parallel construction that can be uncovered by good lawyers which will result in them throwing the case. Oh if it’s an NSA op it all goes in your seditious person file for sure but if you don’t use one they put it in that file anyways direct from your ISP. Those who claim not to retain logs cannot help the feds nail you for activity done months before a search warrant to them without immediately exposing the fact they are liars and causing all rats to jump ship and so on and so forth as set out above.
So a VPN may or may not be spying on you but your ISP absolutely is.
The one downside to a VPN is if it is a honeypot you’re placing yourself in a self-selecting smaller group of increased interest persons/targets and if you don’t have a target on your back already, then using one and doing interesting things may paint one if you’re using a honeypot service.
If you are particularly targeted services like tor are your best bet. BUT tor is very likely partially compromised to a certain extent as it is widely understood/believed that Israeli intelligence, NSA, and eyes partners run or have compromised a large number of exit and other nodes to allow timing correlation attacks and de-anonymizing. However that is top, top secret and not something they will ever risk blowing in open court. If you’re fair game for a drone strike based off it I’d be worried but if you’re not they probably won’t notice you.
All in all VPN services (setting aside certain sketchy ones owned by ad companies) do not hurt your privacy or safety. At least ones not targeted explicitly towards serious criminals, I would be very wary of any such service marketed not to pirates but to serious criminals as likely being a police sting likely to roll up on all users within a few years. But your general purpose long-standing ones are either legitimate companies or deeply concealed intelligence fronts.