I came into this discussion from the technical perspective (of which I’ve done plenty of research, both in university and in my job) that commercial VPNs don’t do what most ads want you to think they do. Your ISP sees a lot less than they want you to think, VPNs use just the same encryption algorithms as everyone else and while public WiFi isn’t great security-wise it’s not as if anyone will read your bank password the second you connect. I still stand by those claims.

Then, the discussion drifted towards who you’d rather trust with the things that aren’t encrypted (mostly DNS and connection metadata. Someone has claimed that many messengers are unencrypted but I think they have confused a lack of user-to-user encryption with user-to-server encryption), your ISP or some VPN provider. That’s the point where we diverged: as I had no need for a VPN myself (because of the reasons mentioned above), I had not researched individual VPN providers and was not aware that Mullvad apparently has a strong track record. For that I apologize. Still, in a thread that started out with someone not knowing if they need a VPN at all and most discussion has been very general, I would not assume that anyone who comments is familiar with a specific provider without them being named explicitly. Also, I’ve stated in at least three places that I was explicitly talking about VPN providers like NordVPN and Surfshark that are prominently (mis-)advertised. Those I still would not trust further than I can throw them.

But I guess that’s online discussions. We’ve talked about two different things and took a while to notice. I’m thankful for the correction and I hope you can understand where I came from.