> At best, you replace trusting your ISP with trusting a different group of unknown people with similar motivations. At worst, it's a government agency honeypot or someone like Facebook.
You're starting with the (completely correct) observation that any VPN is not guaranteed to be secure, confidential, or private, and then making an argument as though it were the case that every reputable VPN is equivalent to every untrustworthy ISP. I think that's why your argument doesn't make sense to me: I don't think there's an equal chance that a VPN provider with a good reputation is going to sell me out as my ISP.
It's axiomatic in risk management that there is no way to completely remove all risk. Running a proxy and Tor is not a guarantee of security any more than running the world's shadiest VPN is, though it's obviously more secure by far. But, it's a question of what the acceptable level of risk is, and what the marginal cost to reduce that risk is. For many people, a $5-10 (non-shady) VPN is a perfectly reasonable step to take.
You're starting with the (completely correct) observation that any VPN is not guaranteed to be secure, confidential, or private, and then making an argument as though it were the case that every reputable VPN is equivalent to every untrustworthy ISP. I think that's why your argument doesn't make sense to me: I don't think there's an equal chance that a VPN provider with a good reputation is going to sell me out as my ISP.
It's axiomatic in risk management that there is no way to completely remove all risk. Running a proxy and Tor is not a guarantee of security any more than running the world's shadiest VPN is, though it's obviously more secure by far. But, it's a question of what the acceptable level of risk is, and what the marginal cost to reduce that risk is. For many people, a $5-10 (non-shady) VPN is a perfectly reasonable step to take.