Today, your ISP is probably doing all of that now, with a real billing address & identity. Your ISP is your default VPN. For example comcast sells traffic data to marketing firms. And because they sell that data to adtech, private investigators, the govt and creeps can also buy the traffic log to whatever is in your house.
At least with VPN services, you can change it easily AND you can make it all they know about you is a coarse IP set via paying cash (see mulvad) vs. a fucking billing address. And changing VPNs is a lot less work and has far more options than changing your ISP.
TLS won't cloak your IP address nor your browsing history from the VPN provider... so, even if the content is TLS encrypted, your VPN provider has to that metadata (+ more) across all sites you visit while connected to their servers. which they can then turn over to law enforcement on request[1], or leave on an unsecured S3 bucket (or similar) somewhere[2].
So yeah, in short, we shouldn't be recommending the use of third-party VPNs without qualification. There are valid use cases sometimes, but avoiding tracking is very much not one of them.
- sell your data now - sell your data when they get acquired - get hacked - give your data to a government that would normally not have access to it