This is something I've also wondered about. Even a amateur geolocator can tell you're on a VPN. There are all kinds of fingerprints from the originating computer and application layer in a deep packet analysis. Can a civilian VPN really hide all that shit?
The short answer is "basically, no". Most commercial VPN advertising relies on being Technically Correct™, just enough that you couldn't easily sue them, but any practical implications are overstated to the point of being meaningless.
There
are scenarios in which using one can lead to improving privacy. For example, if you're accessing an unencrypted website (http:// rather than https://), the information you send and receive is easily visible. So, let's say you're sat in a cafe using their public wifi and you sent a PM to someone on a forum. If I'm sat in the same cafe, I can easily intercept that message as you read it. A VPN would do two things here:
- It would provide a layer of encryption at an early stage, so I couldn't trivially see this information.
- It would reroute all your traffic to the VPN's IP address, so I couldn't even see what sites you're visiting.
If the website is already using transport layer encryption, then only the second point stands (since your data would already be encrypted without a VPN). If the attacker is not a nerd in your local cafe, but rather a nation-state actor, a police department, etc, then neither point stands (since these actors will be able to monitor traffic from the VPN end if they really want to).
Another thing worth mentioning is that VPNs are vulnerable to timing attacks. I might not know that you accessed our forum via some VPN, but I will know that you accessed a VPN, and that the VPN accessed our forum at the same time. With enough data points, a committed attacker can easily determine your traffic. Plus browser fingerprinting, plus xasop's point on application-level workarounds, etc. etc.
So, is FjordVPN
useful from a privacy standpoint? Eh. My personal opinion is "no". Terms like "military-grade encryption" are just an insidious way of saying "the same encryption that literally everyone on the Internet is using" (I think they want you to imagine burly men in tanks protecting your e-mails or whatever, and I guess it's working since pretty much every company is using this term), and the change in IP address alone won't stop someone from tracking you for so, so many reasons.
Privacy aside, it might be useful if you want to access Netflix in other countries (until Netflix bans that specific node, at which point your VPN provider will spin up a new one,
which Netflix will then ban, at which point your VPN provider will...), or for me to access Trump's newest CALL TO ARMS (this is a thing that happened - our general enquiries e-mail received a message from the Trump campaign asking to become an OFFICIAL TRUMP TEXT MEMBER SUPPORTER, but they outright reject connections from outside the USA). Same goes for US local newspapers, which decided that banning Europe is preferable to following their data protection standards.
In short: the ads are telling you that you need a VPN, but fail to explain (truthfully, at least) what problem it would solve. My suggestion would be to identify a problem first, and look at what solutions there might be to it. If a commercial VPN happens to be the answer - that's chill. For me, that was my mobile provider being weird, but even then I decided that I'd rather run my own server than trust a corporation.