I find it useful when I need to circumvent regional restrictions, and perhaps when torrenting the odd "linux ISO".
For anonymity it's not worth it, imo. Tor is free and has more protections for that kind of thing provided the speed bump is something you can stomach.
As for always on VPN, if you configure VPN on your router or have it start and always stay on from the very beginning, that's a good way to never expose your physical IP to anyone. But I've found this rarely happens in practice, there are always slip ups and so on. I'm not doing it at the moment.
Some carriers are doing deep packet inspection and using transparent proxies loaded up with certs from shady providers that let them see inside all HTTPS traffic. Even if they’re not looking inside the HTTPS traffic, they can see where you are going and shape your traffic down, if they don’t want you to get good video performance from NetFlix, since that would be a competitor to their zero-rated video service.
AT&T is certainly doing traffic shaping on a lot of sites. I get much better video performance from NetFlix, YouTube, and a variety of other websites, when I am on VPN.
AT&T is also known for doing a lot of DPI on non-HTTPS connections, and inserting their own intrusive ads. I’m not sure whether they’re doing the super shady transparent proxy of HTTPS traffic, but I would not be at all surprised. I mean, someone had to be paying Symantec all that money for those certs.
So, yeah — I don’t trust my carrier at all. I need to be on VPN all the time, and I’d prefer to do that with a reliable load balanced upstream configuration, but the questions over SD-WAN are going to have to be for a different thread.
What do you want to protect against? If it's ISPs injecting ads into your webpages, or blackhats on the same coffee shop Wifi stealing your credit card data, then HTTPS is enough.
The one thing that a VPN can really help with is hiding your website history (as in: which domains you visit) from your ISP. However, the VPN provider then gets this full insight, so it comes down to whether you trust any particular VPN provider more with your data than your ISP.
Since HTTPS has gained wide adoption, 90% of what VPNs are advertising is bullshit. All these scare ads on YouTube along the lines of "your internet browsing is unsafe unless you go through NordVPN/SurfShark/whatever" are there because they need the subscription fees from casual browsers to offset the bandwidth costs from those customers that actually need a consumer VPN to stream Netflix from $FOREIGN_COUNTRY or do illegal filesharing.
Even if you run DNS over an encrypted line (e.g. DoH), the ISP can see which IPs you're talking to, which in many cases translates back rather cleanly into which services you're using (which makes for a rather interesting profile already if you take into account time patterns and bandwidth usage).
For anonymity it's not worth it, imo. Tor is free and has more protections for that kind of thing provided the speed bump is something you can stomach.
As for always on VPN, if you configure VPN on your router or have it start and always stay on from the very beginning, that's a good way to never expose your physical IP to anyone. But I've found this rarely happens in practice, there are always slip ups and so on. I'm not doing it at the moment.