> I just run my own VPN from a $5/month DigitalOcean droplet... I feel like all the public VPNs are like big honeypots I'd rather stay away from.
I guess that depends on your threat vector. I mainly want copyright hounds and data miners (including my ISP) to stay out of my way. For this a public VPN is perfect. Hell, in a weird way, if PIA somehow turned out be a NSA honeypot they would be even better for that purpose since they'd essentially be untouchable by copyright holders.
In general, I guess a personal VPN is more private on a micro level (no VPN provider that can spy on you) but less private on a macro level (any determined actor can trace your DO VPN back to you since you are the only user)
> Does that mean ProtonMail also is no longer trustworthy?
That is, again, for yourself to decide.
Personally I think the Proton company isn't malicious and just really bungled up the launch of ProtonVPN by going at it together with / through TesoNet, and their VPN efforts will forever be tainted by that.
But, that has very little to do with their mail branch, which preceded ProtonVPN and which so far seems a pretty good offering to me if you want your mail to be encrypted-at-rest.
I wouldn't use a VC-backed, for-profit company for anything privacy related. Selling users out behind the scenes to advertisers and TLA's is an easy way to get money. Better to get hosting in a jurisdiction without police-state-style activities, with privacy protections, and/or from a nonprofit or public-benefit organization incentivized to look after users. A for-profit, non-VC company with long history of steady, honest business is also a decent option if you can't find/afford/use safer jurisdictions. Prgmr.com is an example of the last one from what I've observed.
For most VPN companies, you basically have to blindly trust them that they aren't doing anything nefarious. ProtonVPN is different because it's been thoroughly checked and vetted by Mozilla (https://blog.mozilla.org/futurereleases/2018/10/22/testing-n...) and also because there is full transparency regarding who runs the service. You can find the names of the former CERN scientists who created the service, along with their past scientific publications, and things that prove who they are.
> ProtonVPN has a pretty shady reputation on HN due to their business connections to TesoNet, which is a data mining company
Does that mean ProtonMail also is no longer trustworthy?