Be wary of folks recommending individual services... the VPN market has been hot in the last few years, and most recommendations should be treated with a fair bit of skepticism.
IVPN, Mullvad are not in U.S. jurisdiction if you are concerned about that. Most people are not and just want a VPN to hide shit from ISP, etc...
Although PIA is U.S. based, they keep no logs and then they have their famous "FBI" case which they did not provide anything to them.
I myself personally use IVPN, but I have used Mullvad as well.
This is the best resource for vpn reviews, ignore everything else.
Also https://www.privacytools.io/ is great overall and they do have a vpn section
https://www.reddit.com/r/VPN/ has a bunch of more info as well.
Domestic? Not as much. It becomes more of a legal/NSL game then. Granted, I'm sure GCHQ can (and does) compromise U.S. VPN providers.
Obviously it's far more complex than that, but if you're a U.S. citizen using a US-based service, there are some protections afforded.
On the other hand, I tend to believe Russ Tice when he says NSA conducts full-take domestic collection, so the aforementioned protections are largely data minimization practices, and thus they already have all your data.
Of course, Obama significantly weakened those protections prior to leaving office, as well as increasing the scope of NSA's sharing to include a disturbing amount of federal law enforcement agencies.
You know the NSA just puts a gag order and connects directly to the targets infrastructure. Doesn't matter that PIA doesn't keep logs, NSA's prism is logging everything.
Also DIY options :
For anonymity I use Private Internet Access as they have a fast network, lots of locations, and no logs. They're also very affordable.
I also use IPredator sometimes since they're the same folks that run Njalla and I simply like to support them.
«We added iptables rules to hijack all DNS requests on port 53 going via the VPN tunnel, this is to protect users having set a DNS server unknowingly (or by malware). We are aware that not all users want this behaviour, and we intend to add an extra port that OpenVPN listens on, where DNS hijacking will not happen.»
Some VPN providers (including Mullvad) have a client-side feature called DNS leak protection that configures the system to use the provider's DNS server. I don't know how Mullvad decided that this was not enough, and they are justified to intercept DNS. (Note that for the server-side intervention to work, the client side must be configured not to use ISP DNS, hence the client-side DNS leak protection is a prerequisite.)
It's $79 for two years, but they also have per-month subscriptions.
Streisand is just a couple commands + whatever steps your cloud provider requires to get API keys. Take advantage of different regions to place your VPN(s) wherever you want in the world. Each installation comes with detailed instructions to configure VPN clients on your desktop or phone. Works great once you've got it running, and probably ends up being cheaper than most of those other shady services.
Perhaps I am unusual, but I trust my ISP with my privacy more than I trust the typical hosting provider.
I understand that this doesn't apply to most of the US because of your monopolistic ISP problem. In other places though, I don't think a blanket "just tunnel through a hosting provider" recommendation is appropriate.
You're lucky in this regard. Having no choice but Comcast, the number one threat to my privacy is my ISP. So that makes tunneling to an outside VPN very useful. I trust DigitalOcean far more. Although in a different situation I think you're absolutely right.
If it's for anonimity I've been told PIA is a good option.
If it's to bypass georestriction and protect your traffic from being snooped by your ISP or any clients that could attempt to sniff your traffic, hosting your own on a VPS is a good option. OpenVPN, OCserv or Outline (based on shadowsocks) are some options.
If it's just privacy from snooping, you'll be fine with setting up your own VPS with OpenVPN. It's simple enough that any technical person can do it in a few minutes (or hours).
If you want to setup your own server, then Streisand.
I used both and they work well. Using ExpressVPN right now in China.
Or $60 on DigitalOcean or Linode a year at $5/month.
But any vpn should be treated with skepticism as many have noted here.