Part of the point of a third-party VPN is that the ISP/router can't tell what you're doing -- you assume that they're untrustworthy. Compromising the ISP would be useless, unless your VPN is for some reason sharing the same info with your router, in which case... install a competent VPN client.
I don't see how you're adding an additional failure point, you're just moving the same failure point somewhere else.
Yes, once the VPN endpoint makes the request, an ISP can still intercept it. But this is one of the few cases where adding an additional network hop very likely does not matter at all for your privacy. Once your request is going over the open Internet there are already so many opportunities for people to spy on it. The benefit is in disassociating that request from you, not in hiding it once it goes public.
The confidentiality protection is not really absolute - the encrypted VPN traffic is susceptible to traffic analysis[1]. For example, your traffic pattern fingerprint could be correlated and matched to your online identity if your ISP and an ad network or another globally positioned middleman actor colluded on it.
Why do you think it would be unworkable for a corrupt ad network in cahoots with your corrupt ISP to correlate your web requests based on time, length and previously seen traffic from the VPN IP?
I agree that the business case is not that obvious but converting a "can't be done" argument to a "not interesting enough" is already pretty significant. The amortized cost per user would be very low after all, assuming this was used for automated mass surveillance.
> [...] The amortized cost per user would be very low after all, assuming this was used for automated mass surveillance.
Honestly I think this is the total opposite case. "Full take" collection systems are notoriously money pits due to the nature (hence, full take). Targeted surveillance will ALWAYS be far more cost efficient than blanket mass surveillance.
This is much different from full take, as there is a well defined equation to be solved. There would be no need to store the traffic contents, just size+ timestamp + addrs, info that will compress very well.
> they need to compromise your ISP or your VPN
Part of the point of a third-party VPN is that the ISP/router can't tell what you're doing -- you assume that they're untrustworthy. Compromising the ISP would be useless, unless your VPN is for some reason sharing the same info with your router, in which case... install a competent VPN client.
I don't see how you're adding an additional failure point, you're just moving the same failure point somewhere else.
Yes, once the VPN endpoint makes the request, an ISP can still intercept it. But this is one of the few cases where adding an additional network hop very likely does not matter at all for your privacy. Once your request is going over the open Internet there are already so many opportunities for people to spy on it. The benefit is in disassociating that request from you, not in hiding it once it goes public.