> But that's not really the threat model described when people are talking about their ISP snooping on what they do. A private VPN solves exactly that problem.
It only solves it against a particular ISP.
> Also you still have the same issue with virtually all of those paid VPN services (that you connect from your IP and that you paid for the service).
I completely agree, that's why I always maintain that only privacy by design solutions should be relied on (Tor and i2p for example).
> Oh, and Vultr takes Bitcoin, btw (not that that's privacy but it is potentially a layer of separation from your bank account).
But they know the IP, so that's still identifiable information.
> You can combine Tor and a VPN though, though you'll want to rotate through VPNs to avoid timing attacks.
I don't think that adds any privacy, setting up your own non-exit relay and connecting to it may significantly increase your privacy depending on your threat model (since then you can be sure that no single point in your Tor circuits controls both the entry node and exit node, and hence can't correlate your traffic. You're still vulnerable to a global passive adversary (GPA) of course).
It only solves it against a particular ISP.
> Also you still have the same issue with virtually all of those paid VPN services (that you connect from your IP and that you paid for the service).
I completely agree, that's why I always maintain that only privacy by design solutions should be relied on (Tor and i2p for example).
> Oh, and Vultr takes Bitcoin, btw (not that that's privacy but it is potentially a layer of separation from your bank account).
But they know the IP, so that's still identifiable information.