I am not a fan of the commercial VPN. Most are owned by the same group of 5 or 6 companies and marketed under different Brand names and some groups share the same equipment and connections and mix all the traffic to cut costs. Most seem to use M247 Ltd in the UK. Many of the review websites and youtube review channels are owned and operated by VPN companies to promote sales. They also offer generous affiliate marketing via discount codes and can pay up to 40% back, this is why so many youtube people start recommending them. Many have failing channels and want to make money. One channel just reviews them in an effort to get people to sign up so he hits his "sales target" as that's what some VPN companies impose now. Some like WeVPN appear to have been acting like a honeypot, then vanished. (I will add some notes at the end about WeVPN as they never responded to any of my questions by email when I reported security issues).
Most people do not have the first clue as to why they need a VPN, they just hear adverts telling them they need one and fall for what is a scam. They think it somehow protects them "from hackers" and think it keeps their financial info secure. Others just use them to try and hide, but that often backfires - even with all that nonsense about Military Grade Encryption. A meaningless expression. Some claim it stops their ISP seeing what they do or slowing them down at peak times. That's false too, they throttle VPN traffic too.
Things to remember about a VPN if you live in the UK - your personal information, payment info and all data might be stored outside the UK in some law-less country which puts you at considerable risk. You don't know who stores the data or where it goes. By Law, all data flowing in and out of equipment in the UK is subject to inspection and storage by GCHQ. At least your ISP is controlled by Data Protection Laws. We need to see some VPN company accounts to see just how much they are making and who pays them.
Most VPNs are glorified Proxy Servers rented in Datacentres that have to log all data in and out by Law, this includes performing Deep Packet Inspection and Deep Packet Injection to steer traffic to companies paying the most for redirects. It doesn't matter if they say a server only runs with RAM. If you pay by PayPal or credit card, your profile has effectively been verified to a real person and address and information added can be sold to Data Brokers. It's more valuable. Just think about why a VPN would insist on your precise GPS Location, they all lie stating it is to connect you to the best server and no one questions that. That is not how a VPN works - you connect to their IP, they put you out on the Server YOU select or they select according to load.
The Datacentre also logs Data in and out, even if the VPN claims they do not log anything. ALL Datacentres, hosting companies and VPNs cooperate with Law Enforcement and a lot of people have been caught committing offences. It doesn't matter if you use a VPN in Switzerland or British Virgin Islands. A VPN logs your details and data and equipment ID, also IPs to make sure you don't re-sell subscriptions to hundreds of people.
If you download Apps from PlayStore, a unique user ID is added to identify you around the Internet. Apps all spy on users and collect a lot of information, including unique IDs. Google got in to an argument with PIA a few years ago over their App as it didn't do what Google agreed with, so PIA had to put the full version on their site for download and leave a cut down version on PlayStore. The only thing I could see it doing was using a filter that obstructed many Google products and their tracking. The option in the full App was called MACE. The VPN filtered all your traffic after inspecting it all ! Remember they claim not to be able to see user data.
The IP number is just one way to identify people on sites, so a VPN is not that much use for hiding behind. Many will log in to sites using their own details anyway. People do that with Tor, which is also NOT secure.
If you want to stay safe when you are out or on holiday - you are best using the VPN often built in to your home router. Run the OpenVPN App on your phone/PC and wherever you go, you will connect back home and use your own internet. That stops you being blocked on sites or getting Captchas every minute. You can also access hard drives you have or TV sites and banks without them blocking a VPN IP thinking there is some type of fraud.
I researched a lot of VPNs and Secure Email Companies (that all lie about E2E encryption, even though there is no E2E standard between ISPs so it all comes and goes in the clear, it just gets encrypted from App to server) over 10 years. With VPNs there were poor PC Apps, Apps that had no killswitch, DNS requests going outside the VPN, difficulty using PayPal on one (Nord) as they were banned because of complaints and also difficulty trying to leave a few (Surfshark and Nord) without a real fight. Some would give excellent performance for a week, then go back to normal and avoided allowing a cancellation or refund. Some had hoops to jump through. Most Apps were collecting a lot of data from phones, contacts, emails, phone numbers, IMEI, IMSI, GPS Location, WiFi and Bluetooth names nearby etc. Apps on PCs were also collecting info.
WeVPN always seemed odd to me, it was meant to be set up by 6 people that left PIA before the (company known for spyware) Kape Technology bought PIA out. WeVPN had a great site with really good FAQs and technical articles and reasonable price. Their App for Windows was always stopped, it would NEVER run automatically as it wasn't trusted by Microsoft. It had to be run in Administrator mode every time a PC was started. That's a really bad sign. Speed wasn't that great, but they were using a large web cache and if I was to use ebay, it would show post codes and some search details of previous users! On other sites I got partial data. I would often see on a search "postage to ABC 123" and the searched items.
I never got around to checking the App, but know it was up to something strange. They run a reporting service to unlock blocked IPs for TV & film sites. I found that I was going through WeVPN and my exit IP was a residential IP, possibly another customer as I doubt they would pay for extra IPs. This started happening more on different sites when I used "WhatsMyIP" it was not the VPN IP, so I seemed to be going through someone elses PC. Was it a case of using the bandwidth of idle users - sending data back through customer Apps? WeVPN sort of died off in March/April 2023, nothing was being answered and people started complaining. I connected through "UK Manchester" and found I was presenting the IP number belonging to Police in Manchester to the sites I was using. Maybe the servers had all been compromised at that point. There is no way that could be by accident either.
If you are going to use a VPN, you are handing ALL your personal data and control of your devices to unknown companies, are not protected by any Laws and you are paying them to take all this from you! Why would you do that?
