IMO, you’re probably fine with only using VPN. That is with all the settings and additional measures done and with credible VPN provider, which, in my case, Mullvad.
If you’re planning another 9.11 or for some sick reason decided to share no no porns, VPN is definitely not enough and I’m pretty sure you already know that.
A lot of reputable VPN providers are constantly poked bt the authorities. They give nothing because they have nothing.
You’re fine if you’re just trying to bypass stupid regional censorship or download bunch of movies. That is, again, with proper security measures of course.
I’ve seen some people saying that you should use Tor for anonymity when someone’s just asking about how to use VPN better or whatnot. Tor is better in terms of anonymity, sure. But for most of the cases, VPN is fine.
And I cannot stress this enough: you will NEVER be perfectly anonymous online. Period.
I think it comes down to the threat model that you implicitly or explicitly operate under. Most people don’t think about it, and so they equate “more” with better, and VPNs are easily marketed as more, turn it on and rather what whatismyip.com showing a map near your house, now you’re magically somewhere else!
If you are paranoid about everything, then again there is the “defense in depth” mindset, which in theory couldn’t hurt. That said, having a clear mental model for what you are aiming to be protected from is the best way to find a suitable suite of protections. To agree with a number of others in this thread, ad-blockers (I recommend NextDNS personally) are a great step to stop organizations with a financial incentive to learn all they can about you to sell you stuff, or sell your data. There have been large US ISPs that have experimented with injecting ads or other content either into default DNS responses (e.g., if you mistype something in the search bar it will bring you the ISP’s terribad search portal), or even HTTP responses. If you are stuck with one of those ISPs (I’m sorry, and the US monopolies on ISPs are terrible), then a VPN will help you against your threat (the ISP).
If you are an EU resident, and protected by GDPR (or some of the US states that are enacting similar protections), then moving to a more centralized service can be a good thing, since you have a single place to request data deletion, etc., whereas for a non-EU resident, “smearing” your data over multiple non-coordinating entities is a good move to limit the view of you from any single organization.
If you are worried about government surveillance, you have bigger issues. Most people who want to think they are uber valuable to the government are not, and act in counter-productive ways, but co-mingling their data with that of actual baddies, so it all gets revealed in a warrant search. The Lavabit hosting service was used by extreme privacy wonks, and some actual criminals, and when the government went after Snowden, they got all of Lavabit’s data, so being on that platform may have been counter-productive for people hiding from the G-men. The OPSEC needed for countering government-level is beyond what you’ll learn on a public post, and must be incredibly well-curated and maintained; it will cost you, but if someone will outspend you to get you, then it’s table stakes.
That’s revolting. How on earth is that legal?
Error 404
Look at those car assurances !!