apple_badger

anonymouse said:

I don't think any public VPNs should be considered "safe". Not if you mean "safe" as protecting your data and privacy better than not using a VPN. VPNs weren't developed for that purpose, and they don't really serve it.

Edit: And to clarify, by "public" I mean meant to "serve" the general public — i.e., not internal organizational VPNs.

Very enthusiastically seconding this. The solution for moving data across untrusted (that is all) networks, is TLS. VPNs serve different purposes. The fear mongering that public VPN providers use in their ads is so very misleading. If it's not safe to do over public WiFi or the open Internet without a VPN then it's not safe to do it with one either. 

Apart from region hopping to get around geographic copyright/distribution agreement restrictions or something SD-WAN-like (like Tailscale), I can't think of any good reason to use a consumer (not-employer-provisioned) VPN service. Advice about public WiFi requiring the use of a VPN is at least a decade out of date: If it's not safe to do over the open Internet (or over a public, not-encrypted WiFi network) without a consumer VPN, it's not safe to do it's not safe to do it with one either. You're just transferring the risk you face from the people who can access your network traffic before it reaches the VPN exit node (including the relatively tiny number of people on your local WiFi network) to the people who can access it at or beyond the VPN exit node (including the VPN provider, subsequent network transit providers, and potentially various governments).