That’s the thing with anything cybersecurity is trust. Unless you wrote all of the firmware and software and websites and webservers yourself you are ultimately placing trust in another entity.
VPNs are just a technical means of shifting trust. Corporations use VPNs for remote work because the VPN connects the employee to the corporate network which they already trust, rather than trusting whatever wifi the employee happens to connect to. For a consumer using a commercial VPN the only thing you’re doing is shifting your trust from the network provider to the VPN provider. You’re not even really hiding anything from websites thanks to modern browser fingerprint techniques, they just see “user #64742258 but from a known VPN endpoint instead of the usual Spectrum residential network in Maryland, 86% match”
That’s the thing with anything cybersecurity is trust. Unless you wrote all of the firmware and software and websites and webservers yourself you are ultimately placing trust in another entity.
VPNs are just a technical means of shifting trust. Corporations use VPNs for remote work because the VPN connects the employee to the corporate network which they already trust, rather than trusting whatever wifi the employee happens to connect to. For a consumer using a commercial VPN the only thing you’re doing is shifting your trust from the network provider to the VPN provider. You’re not even really hiding anything from websites thanks to modern browser fingerprint techniques, they just see “user #64742258 but from a known VPN endpoint instead of the usual Spectrum residential network in Maryland, 86% match”
luckily not everything, but i think about this every time i am using android keepass implementation written by god knows who 😆