Security researcher Kenn White added that “for the vast majority of consumers, commercial VPN services add very little value and frankly most incur more security risk for the user.”
One risk is some VPN providers use self-signed root CAs, which allow the creator to read encrypted traffic coming from a computer.
White said this is done in the pursuit of malware prevention, but that “is just a different way of saying ‘intercepting your (otherwise) encrypted web and mail traffic.'”
Some VPNs may collect more information than users anticipate, and in some cases expose that data too.
The advice you get from Youtube influencers, which are paid to sell you a VPN, is terrible. There are very few use cases for those VPNs. It’s mostly for pretending to be somewhere else, to circumvent geo fencing.
This. If you want to secure your traffic from the current access provider (some wifi not under your control), rather get a raspi at home, install wireguard and use that. Or get a server in DE and install WG (and a pihole) there. It is easy, there are many tutorials, even a great project on GitHub: https://github.com/rajannpatel/Pi-Hole-on-Google-Compute-Engine-Free-Tier-with-Full-Tunnel-and-Split-Tunnel-Wireguard-VPN-Configs . Yes, I know, probably not for the masses.
When AVM finally starts supporting wireguard, using that on your ‘landline’ will be the easiest way to do it.