I wouldn't go that far. There are some reasons that one could be useful. I dont personally have a use case cause I have other mitigations in place but i wouldn't consider a company like Verizon particularly trustworthy in general.
Even Comcast has been known to inject ads. The core tenant of these VPN services is trust, with it they dont survive, but for an ISP with a de-facto monopoly thats a non factor. There are also plenty of sites and services that use IP tracking. Google is really bad but others are doing it behind the scenes and not telling you. Reddit 100% does. Amazon too. To the point that if i proxy my connection and try and login to one of my google accounts i sometimes have to verify or go through recovery.
So in some cases its better than no vpn. And I wouldn't use any authenticated service over tor that i wish to keep. There are so many malicious relays and exit nodes.
TOR is easily tracked at the nation-state level. China can axe tor traffic, even with bridges and OBFS4 configured.
With a service like nord, you can get on and do your thing to bypass the great wall for the most part. And the the great firewall drops that connection you have a very large pool to choose from for your next.
So there are definitely some reasons I could understand some would use them based on their own assessments/needs.
Unfortunately as GP has mentioned, advertising around these typical VPN companies (Nord, Proton, ExpressVPN, Surfshark and many more) tends to be very misleading. Tom Scott put out a good video[1] that tries to debunk various marketing claims.
Sure there are use cases like getting around georestrictions, and like you mentioned you can use it to get around tracking. Except that for privacy and evading tracking you need more than just a VPN, you need to be doing things like adblocking, tracker blocking, clearing all of your cookies, not signing in to anything because then the service gets to link your new VPN IP with you again. VPN ads that sell "privacy" is snake oil unless it is paired with a guide on the additional things you should be doing.
I get why people want proxies and such like. I'm just saying it's weird how VPNs have become peoples de facto go to when they want something proxied. Most of the time when people think they need a VPN, what they actually need is something else that is incidentally provided by VPN. As in they're covered as a side effect of using a VPN rather than using a VPN for it's intended purpose. But I guess you could argue I'm being elitist and what not, which is fine. Literally the only reason I bring it up was because it just tickled me when someone posted on a nerd forum a list of the purposes of VPNs and actually missed off the primary role of a VPN.
It’s less elitist and more it’s a simple measure that the masses can understand and very simple and easy to implement. Security is hard and security/ encryption done right is even harder.
I have piholes with dnssec running at least upstream for privacy. And a vps I use as both a socks proxy and vpn here and there. But I have the technical know how to implement that.
Let’s say, my parents just wanted a way to make sure their traffic was encrypted from either their ISP or Corp provided iPhone. I wouldn’t tell them to go build a Linode or use Pi-hole. They don’t care. But a vpn with a decent trust rating with nothing more than a login would do it and is easily achievable.
Would I still advise them to be congnizant that other lower level spyware may be on their Corp phone, sure, absolutely. But that’s not always the case. My org doesn’t do that. We give you a phone and pay for service. You can use your iCloud and we have the ability to lock it/decom it because we own it. And can lock them out of email but we can’t run find my iPhone on it.
There have been requests to our provider for more traffic data for x user. So even I run a vpn when using their data.
Another example. I had a buddy going to China for a couple months bye wanted advice on how to secure his stuff. I advised him to use burner devices and chnage passwords yadda yadda. But then the question of accessing email, such as gmail came up. The great firewall is pretty nuts. I set him up an account on my vps and enabled obfs etc on the vpn.
But he also used nord as a backup because he had ton of options there geographically dispersed. In the end, all he needed was nord at all. And when the firewall dropped his states to one node he would just reconnect. It worked just fine.
