I haven't evaluated VPN providers enough to decide if there's one I trust. An evil VPN (or an insecure one taken over by evil people) is in an extremely easy position to MITM my HTTP traffic: it's technically easier than MITMing wifi traffic, and they also know my identity (either because I paid with a real-world identity, or they have logs of where I'm connecting from and what I'm connecting to).
For performance reasons I don't want an always-on VPN; I trust my home wifi, my phone's hotspot, etc. at least as much as I trust any VPN I could use, so I wouldn't get any benefit from it.
I suppose the thing I should actually do is route over an SSH SOCKS tunnel to some server I control, which would work fine.
(A thing I have wanted for a while is a configuration that does this for HTTP and lets HTTPS through normally for performance, which now that I think about it, I can probably just write a proxy PAC file to do ... thanks, I'll see if I can improve my setup.)
> I suppose the thing I should actually do is route over an SSH SOCKS tunnel to some server I control, which would work fine.
This is what I do. The only danger with that over a regular VPN is anything not part of your browsers standard stream will not be sent over the proxy. This includes browser plugins as well. Thankfully Flash and Java are generally disabled by default, but it's still worth baring that limitation in mind.
Despite this, SSH SOCKS is still my preferred method as well.
For performance reasons I don't want an always-on VPN; I trust my home wifi, my phone's hotspot, etc. at least as much as I trust any VPN I could use, so I wouldn't get any benefit from it.
I suppose the thing I should actually do is route over an SSH SOCKS tunnel to some server I control, which would work fine.
(A thing I have wanted for a while is a configuration that does this for HTTP and lets HTTPS through normally for performance, which now that I think about it, I can probably just write a proxy PAC file to do ... thanks, I'll see if I can improve my setup.)