I mean in this case it was email, so I don't know how you usefully disconnect that from the internet

Just drop the 'e' from email.

/s

And here I am fighting a one-man battle to bring back the dash from e-mail

You're fighting against Knuth: https://www-cs-faculty.stanford.edu/~knuth/email.html

The attacks were on port 443, i.e. the webmail interface. That could be behind a VPN.

zero trust my pal. vpns are over.

Sure VPNs aren't perfect. Nothing is. It's layers. Defense in depth. Of course the users don't like having to connect to VPN to read their email. Pick your poison.

The consumer VPN market looks like a snake pit of spyware and shadiness. The tin says “Hide yourself and your data” and there have been reports that some companies are doing the exact opposite: funneling it to shady actors across the world. And this is not even a freemium product in many cases!

I’d assume the enterprise segment is not as bad, but I’d also assume GP is talking about something along these lines - that you can’t trust vendors for anything these days.

VPNs like Tailscale look like the future to me.

Except now the authentication servers are hacked (easier if you run it yourself).

Doesn’t seem more secure than traditional VPNs.

That ship hasn't just sailed, it's been around the world a few times.