FOSSOS I'm glad to hear that PIA seems to be doing well on that front.
I at least hope that the average GOS-enjoyer is not an average Joe ;), YMMV. And yes, as I said there are various different and very valid reasons to use a VPN, some of which you mentioned above, just that none of them apply to me sadly (or maybe fortunately?).
On that note, I am also fully aware that most modern apps and websites will rather use browser fingerprinting, keystroke patterns, screen taps/swipes, WebRTC and other much more modern and accurate techniques, none of which will be reduced or mitigated by a VPN. It certainly feels like an uphill battle, but this is where my utmost attention is right now. I feel like the knowledge about all of this can help the average Joe step up their game far outside the scope of just relying on a VPN.
As a closing note, I hope this is some food for thought for everyone reading this thread and to bring awareness that everything isn't as simple. Especially for beginners it can be quite overwhelming, so focussing on a VPN as a first measure is probably a good idea before tackling all the other issues.

      DeletedUser87 I could not agree more. When you step into the world of (I'm going to use the word Semi here because we are talking about mostly money hungry data harvesting that will to everything to defeat your perfect privacy setup) Semi-Privacy in the current state of the internet you are dazzled with choices. GOS is not created and maintained to solely support the more advanced user but also to drastically increase the security and privacy of the average Joe.
      But yes, unfortunately there are many kinds of fingerprinting methods. There are billions of dollars working towards (or already working with?) fingerprinting methods we haven't even heard of yet (speculation but plausible). All that we can currently do is rely on GOS, rely on opensource projects to increase our privacy. If you want some more privacy and security while browsing using GOS try to use browsers like Vanadium for security or Brave for security and some form of privacy by badness enumeration. While it breaks my heart not to mention Firefox anymore it's not the best choice unless you use Tor or maybe Mull (I don't know enough about the hardening to recommend it).

      VPN recommendations will stay subjective like I said before but they can slightly or drastically (depending on your ISP) enhance your privacy and security. However, it doesn't onion, garlic, or in any other way try to create anonymity online. It might help but it does not actively try to do this by bouncing you around through layers of encryption.

      A VPN is a very useful tool to circumvent censorship and can help boost privacy and security. Regardless of suggested VPN providers (which is subjective based on current state and personal experience) if you find a service that does not log, has nothing to show in court, blocks trackers, ads, malware etc on a DNS level, and has your trust, it can increase your privacy and overall browsing experience. More so if combined with the right browsers and privacy friendly apps.

        DeletedUser87 these companies do not rely on IP addresses and haven't for years. They can utilize browser fingerprinting and stuff like WebRTC, among many other techniques, to identify you. Having the IPs is just the icing on the cake for them.

        Hiding your real IP address is crucial for privacy and anonymity, but it alone is not enough against the larger sites on the internet that have capabilities to fingerprint your browser or app too. For that you need a browser or app with fingerprint resistance too.

        But most smaller sites and services on the internet, including all open source ones, only routinely log IP addresses and user agent strings. That is the only logging most server software supports doing out of box. For those, a VPN plus Vanadium (or other reputable open source app) should be way enough to get a high level of privacy and anonymity.

        One can always do more to protect oneself. If just a VPN isn't enough, one can switch to trusted open source apps instead or use the service entirely in a browser, but it may sacrifice usability a bit. If not enough, one can use apps or browsers with fingerprinting resistance, but there aren't many options to pick from, and some services and sites won't let you in if you try to conceil your identity to that degree. If not enough, you can disable all script execution like JavaScript too, and all dynamic loading of resources. This will remove almost all fingerprinting vectors and attack vectors, but most services and sites will break. If this is not enough, one can switch to using Tor Browser instead, but not only will most sites and services not work with Tor, but things will be slow, and you will have to login again every single time. But Tor Browser is so secure only state sponsored attackers can reliably deanonymize you or track you, and they need weeks if not months of targetting you specifically. And if that is not enough, you can always stop using internet altogether.

        So it is all about choosing how far it is warranted to go. Getting a VPN is always the first step, and fairly easy to do, in the journey towards privacy and anonymity.

          2 months later

          So far I have used Proton, Mullvad and IVPN. Since I did not want all eggs in one basket I downgraded from Proton Unlimited to Mail Plus and took IVPN and Mullvad for a test drive.
          Since I can't get direct notifications with Mullvad when reconnecting after a good night sleep I decided to go back to IVPN for a while.
          BTW I read the policy of my ISP, I'd suggest to do that :)
          Since then I have rarely been without VPN and then there is this recommendation:
          https://discuss.grapheneos.org/d/11553-grapheneos-network-requests-and-privacy-policy/31
          Which is another reason I stay on VPN wherever possible

          Everyone should use a VPN. If nothing else it stops your telecom from being able to turn over every site you visit to the authorities upon request.

          Mullvad is generally the recommendation for a general use VPN.

          PIA is useful for the dedicated VPN feature. That allows the establishment of a persistent IP to tie to a distinct persona. Hosting your own VPN on a server paid for via Monero is a better choice but setup is more difficult.

          Surfshark is an alright choice if you are running a low threat model simply because it supports unlimited devices, so you can just cram it on anything you don't need better for.

          Orbot is the most secure but is slow.

            Xtreix
            None of that changes the fact that Orbot is still the most secure VPN option at the moment. Unless you know of a better way to force all traffic through Tor in a user friendly manner?

                JollyRancher Mullvad is much more secure and their developers are much more trustworthy. Orbot just acts like a glorified VPN and isn't an official Tor project, but of course you're free to use whatever you like.

                  Why have the FBI etc decided that we shouldn’t use a “private VPN” (not sure exactly what that is) and then they talk about free VPNs.

                  What am I not understanding here?

                    Blastoidea don't use a free one from a nobody company. A VPN can access your traffic so obviously it's preferable to have a reputable one.

                        wuseman
                        Okay, thanks.

                        FBI telling folks to stop using a VPN made the BS Detector ring loudly.

                          Rizzler that is concerning, and as a long time customer of theirs, I feel stupid for not investigating this early on.

                              DeletedUser87 most modern apps and websites will rather use browser fingerprinting, keystroke patterns, screen taps/swipes, WebRTC and other much more modern and accurate techniques, none of which will be reduced or mitigated by a VPN. It certainly feels like an uphill battle,

                              Amazing how hostile many sites, apps, companies, etc. are to anonymity. G**gle especially. What explains this desperation?

                                  I use Wireguard VPN to my home network. If you're asking about commercial VPN, then no. It doesn't protect you the way you were told it would. Most sites are HTTPS now, and there is no boogeyman behind your router sucking up all that juicy data.

                                  Go on here, https://www.doineedavpn.com/, to see if it applies to you.

                                  router99
                                  Money.

                                  In many ways it's easier to duck fingerprinting on a computer than it is on a phone. I run Mullvad Browser in Windows Sandbox. On shutdown the entire VM is deleted and on startup a brand new one is created that is just slightly different. Different enough that WebRTC and similar browser techniques will be thrown off.

                                    Currently... NordVPN, ProtonVPN and about 2000 company VPNs. Because I can I use 3-5x multihop configurations.

                                    However, Nord has made my poop list with ads to windows app and social logins. It doesn't appear to be any worse than others for routers and manual configs, but trust has been broken and I won't be renewing when my (3 year) sub expires in March.

                                    I switch between Mullvad VPN along side IVPN at times.

                                    treenutz68 If using a VPN, it's best to swap out your DNS Servers from whatever the VPN host uses, to an encrypted DNS referrer, like Cloudflare (1.1.1.1), Quad9 (9.9.9.9) or Adguard (94.140.14.49).

                                    If your VPN is on 100% of the time then there's no point configuring private DNS on your browser, like Brave, or using the private DNS option under Internet settings on your Graphene phone. Your VPN connection will cover it.