The thing about nordVPN (and VPN services in general) is they always talk about how funneling all your traffic through them makes it more secure and it means that governments cant spy on you and whatever. But sending all your traffic through a single point of failure seems like a bad idea from a government protection view, and how is it any more secure than https? The only thing that I've seen it be good for is making it look like you're from somewhere else to watch different stuff on streaming services. I think Tom Scott put it well here https://youtu.be/WVDQEoe6ZWY
My take on NordVPN is that it's surely some kind of honeypot, to catch extremely illegal uses (pedos, drugs), or high value targets (journalists, politics ?). Not sure who's running it.
But if you're using it for mildly illegal things like having the Netflix catalogue from another place it's probably good enough.
Just don't install their app, configure it yourself, don't use it full time, and don't expect protection from anything other than low level law enforcement from your country. Expect your connection to be monitored when you're using it, as much as can be (so not breaking encryption, but all the rest for sure).
I have absolutely no evidence whatsoever other than the fact that it's been a high visibility service for very long, which makes me think it would have already been taken down a while ago if it was actually effective at protecting high value targets
Using a VPN doesn't expose the domain names you're viewing (via SNI) or the IP addresses you're connecting to to your ISP. It also (therefore) doesn't expose to the ISP the volume of traffic you're sending to a particular site, when you connect to it, or how long you stay there.
Whether your ISP is part of the threat model you're interested in mitigating is up to you personally, but this is how, depending on that model, a VPN can be more secure than HTTPS.
Most of what people use personal VPNs for is to break some rules, sometimes the law. Circumventing geofencing or content blocking is most likely against some terms of service. VPN services can't really advertise for this, so they talk about evil hackers.
I saw a couple of VPN promos recently where the sponsored YouTube presenter talked about geoblocking circumvention as an important VPN use case. I don't know whether the sponsor thought that was desirable or not (and also don't know whether the sponsor requested it or not).
But people are usually funnelling all their traffic through a single point of failure anyway: Their ISP.
If your ISP is known to be bad, then it could be better to choose a good VPN service.
If you're doing something possibly illegal, you're probably far safer trusting your traffic to some company in a far-away country than your own local ISP. Think about living in China, for instance: the local ISP obviously can't be trusted, but some company in Norway isn't going to care that you're posting anti-CCP stuff on social networks, and is far beyond the reach of China's law enforcement. (Of course, if VPN usage itself is illegal in your country, that could cause you problems regardless.)
