Proton is doing influencer marketing now too btw. Parallels are uncanny. All this while claiming to fight Google/big tech, but essentially offering the same products that store the same personal data.

PS. I'm from the company who's blog post this is.

There are 2 paths you can take here:

1. Roll your own VPN server on a VPS at a less common cloud provider and use it. If you're tech savvy and know what you're doing, you can get this going in <1hr. Be mindful of the downsides of being the sole user of your custom VPN server you pay for: cloud providers log all TCP flows and traffic correlation is trivial. You do something "bad", your gov subpoenas the provider who hands over your personal info. If you used fake info, your TCP flows are still there, which means your ISP's IP is logged, and deanonymizing you after that is a piece of cake (no court order needed in many countries).

2. Get a paid commercial VPN service that values your privacy, has a diverse network of endpoints and protocols. Do not use any random free VPN apps from the Play/App stores, as they're either Chinese honeypots (https://www.bitdefender.com/en-us/blog/hotforsecurity/china-...) or total scams (https://www.tomsguide.com/computing/vpns/this-shady-vpn-has-...).

Do not go with a VPN service that is "mainstream" (advertised by a Youtuber) or one that has an affiliate program. Doing/having both of these things essentially requires a provider to resort so dishonest billing practices where your subscription renews at 2-5x of the original price. This is because VPNs that advertise or run affiliate programs don't make a profit on the initial purchase for that amazing deal thats 27 months with 4 months free or whatever the random numbers are, they pay all of this to an affiliate, sometimes more. Since commercial VPNs are not charities, they need ROI and that comes only when someone rebills. Since many people cancel their subscriptions immediately after purchase (to avoid the thing that follows) the rebill price is usually significantly more than the initial "amazing deal". This is why both Nord and Express have multiple class action lawsuits for dishonest billing practices - they have to do it, to get their bag (back). It's a race to the bottom of who can offer the most $ to affiliates, and shaft their customers as the inevitable result.

Billing quirks aside, a VPN you choose should offer multiple VPN protocols, and obfuscation techniques. There is no 1 magic protocol that just works everywhere, as every country does censorship differently, using different tools.

- Some do basic DNS filtering, in which case you don't need a VPN at all, just use an encrypted DNS protocol like DOH, from any provider (Cloudflare, Google, Control D[I also run this company], NextDNS, Adguard DNS)

- Then there is SNI filtering, where changing your DNS provider won't have any effect and you will have to use a VPN or a secure proxy (HTTPS forward proxy, or something fancier like shadowsocks or v2ray).

- Finally there is full protocol aware DPI that can be implemented with various degrees of aggressiveness that will perform all kinds of unholy traffic inspection on all TCP and UDP flows, for some or all IP subnets.

For this last type, having a variety of protocols and endpoints you can connect to is what's gonna define your chance of success to bypass restrictions. Beyond variety of protocols, some VPN providers (like Windscribe, and Mullvad) will mess with packets in order to bypass DPI engines, which works with variable degree of success and is very region/ISP specific. You can learn about some of these concepts in this very handy project: https://github.com/ValdikSS/GoodbyeDPI (we borrow some concepts from here, and have a few of our own).

Soooo... what are good VPNs that don't do shady stuff, keeps your privacy in mind, have a reasonably sized server footprint and have features that go beyond basic traffic proxying? There is IVPN, Mullvad, and maybe even Windscribe. All are audited, have open source clients and in case of Windscribe, also court proven to keep no logs (ask me about that 1 time I got criminally charged in Greece for actions of a Windscribe user).

If you have any questions, I'd be happy to answer them.

"a non-profit with a member-elected board" will 100% not do that.

At its core, a basic VPN is a trust shift service, nothing more. Do you trust your ISP less than an some anonymous shell company owned by Siberian forest dwellers? In many cases, the answer is no.

That being said, depending on where you are and if you choose the "right" VPN, the answer could be yes. Here are some reasons why you may want to use a good commercial VPN, which goes beyond just the ability to tunnel your traffic through a remote endpoint:

- You are in Russia, China, Iran or other countries with heavily censored Internet. Over 3 billion people live in such places, or nearly 50% of the world's population.

- If you don't live in such places, laws in certain US states criminalize certain behaviors. This will only get worse, even in "western democracies". Using a quality VPN service is much better than barebacking the Internet.

- You want your traffic to be "lost in the crowd", something you cannot achieve with your Digital Ocean droplet, no matter how well you configure it. Changing your IP does absolutely nothing, safe a few exceptions (piracy, or keeping an alter ego if your opsec is good)

- Additional features: server side DNS filtering / blocking. Yes you can use uBlock origin, but not on mobile, and not outside the browser. Yes you can run Pi-Hole, and setup WG tunnels to your homelab. 99% of people won't.

- Advanced features: Companion browser extensions that block ads, trackers, malicious domains, mess with your browser settings to reduce chances of fingerprinting. Yes you can install 5+ different extensions to do that. Most people won't.

TLDR; If you're an elite haxor, you can do everything yourself. You will spend time, and money doing so. Most people will not bother or not be able to do these things, and a quality commercial VPN service can check a lot of the boxes I mentioned above. Just avoid the ones that advertise heavily, those are marketing / snakeoil sales companies, as the author suggested.

Also, Azerbaijanian Netflix is real hot these days.

Source: Me, as a co-founder.

If you want dirt on us, you can find it on our blog, written by me. https://blog.windscribe.com/ukrainian-server-seizure-a-comme...

PrivateInternetAccess, a major VPN service was acquired by the same company for 95M.

A VPN review site is worth more than most VPN services it promotes due to insane $CPA they pay to these types of sites, that masquerade as "security exports" while in reality ran by marketing people.

Look at their staff: https://www.vpnmentor.com/about-us/

Every "favorite" VPN is a property they own, except for the sole NordVPN guy.

Source: Our law firm (I'm from Windscribe), and first hand experience with RCMP.

Shady businesses are out of scope when it comes to laws, but that's true for any industry. There are ways to protect yourself, if your opsec warrants it, by "double wrapping" and using 2 separate VPN providers simultaneously.

Greed is also a huge factor. Dishonest providers can implement all kinds of SDKs into their software and 2-3x their revenues. This is why its important to use VPNs that offer open source apps you can audit and compile yourself which would protect against some obvious violations, but one can do all kinds of evil shit server side without the end user ever knowing.

Just be mindful that despite it being able to spoof your location, SNI is still in the clear. https://en.wikipedia.org/wiki/Server_Name_Indication

On a commercial side, we take reports from users. If someone tells us bank X doesn't work from VPN country location Y, we can fix that in minutes.