A VPN tunnel in the abstract provides the benefits you mentioned, but a VPN service is a slightly different beast. It doesn't solve the problem with your untrusted ISP, it just gives you effectively a different untrusted ISP.
Imagine if, in response to the question, "how do I protect myself from snooping ISPs" someone provided the answer, "Just use an ISP that specializes in providing anonymity." You'd probably object on the following grounds:
* Saying you provide anonymity doesn't mean that you actually do. And track records tend to demonstrate otherwise.
* Your ISP still knows exactly who you are, even if they promise not to tell.
* ISPs who specialize in shady customers are more likely to be under surveillance themselves, meaning you're now more likely to be under surveillance rather than less.
* You're solving the wrong problem: you need end-to-end privacy, not just customer-to-ISP
You'd be right. But more importantly, these same objections apply to VPN providers. They more-or-less ALL specialize in aggregating known-suspicious traffic, which is not the bundle you want to be tied in with.
In fact, any argument you could make against using a Cloud VPN endpoint can also be made against a VPN service provider. Because, and this should be painfully obvious already, VPN providers just terminate their traffic through Cloud and/or Colo hosting providers as well; usually optimized on bandwidth cost over all else. So by setting up your on VM, you're just cutting out one of the middle men. There's nothing they can do that you can't do just as well without them.
It gives me a different untrusted ISP and transport layer encryption between my machine and the VPN endpoint. Which, y'know, you admit to later in your comment, so you clearly know what's up, but that's not exactly a minor thing. There's a couple of parties between myself and my content, and this just eliminates the bit players. Y'know, the nerds on public wifi.
And, yeah, I could set up my own VPN on a VPS I rent. They're only $5 a month. I'd just need a couple in the USA, a couple in the UK, a couple in a few different EU countries, a couple in Australia...
The service I pay for from a VPN provider is not ultra secure. It's not even above average secure. It is, however, somewhat secure. And yeah, sometime it lumps me with "known-suspicious traffic", but that's okay: What I'm doing is completely irrelevant to that fact.
Imagine if, in response to the question, "how do I protect myself from snooping ISPs" someone provided the answer, "Just use an ISP that specializes in providing anonymity." You'd probably object on the following grounds:
* Saying you provide anonymity doesn't mean that you actually do. And track records tend to demonstrate otherwise.
* Your ISP still knows exactly who you are, even if they promise not to tell.
* ISPs who specialize in shady customers are more likely to be under surveillance themselves, meaning you're now more likely to be under surveillance rather than less.
* You're solving the wrong problem: you need end-to-end privacy, not just customer-to-ISP
You'd be right. But more importantly, these same objections apply to VPN providers. They more-or-less ALL specialize in aggregating known-suspicious traffic, which is not the bundle you want to be tied in with.
In fact, any argument you could make against using a Cloud VPN endpoint can also be made against a VPN service provider. Because, and this should be painfully obvious already, VPN providers just terminate their traffic through Cloud and/or Colo hosting providers as well; usually optimized on bandwidth cost over all else. So by setting up your on VM, you're just cutting out one of the middle men. There's nothing they can do that you can't do just as well without them.