Some VPN providers offer to encrypt mobile data. This goes beyond the typical Wifi hotspot mitigation paradigm. So what exactly are the benefits of VPN over mobile data? What threat models can this mitigate? Does this depend on the protocol? (I assume yes based on first research stating for instance that 2G signal can be decrypted on the fly)
Thanks for your feedback
A VPN acts as an encrypted tunnel and protects the confidentiality and integrity of data between your computer and the VPN server. It removes your router, ISP, and any other middle-man on your end of the connection from the list of components that need to be trusted. This helps protect against ISP snooping, attacks over insecure wireless networks (public Wi-Fi, cellular networks subject to CALEA in the US, etc.), as well as compromised networking equipment. It additionally moves trust from your ISP to the VPN server, so you could perform activities that would otherwise be monitored or blocked.
While some VPNs advertise that they provide anonymity, this is largely untrue. Although it is true that they may give some level of casual anonymity sufficient for, say, questionable P2P activities, it will not protect against any sophisticated adversary and is not designed for that. It's necessary to use a true anonymity network like Tor to effectively hide your real IP address and location.
