Originally Posted by AnalogMan

I don't agree with this. In fact, if you have a VPN server, then the service provider is well situated to be able to decrypt your data, if they had the time and inclination (and computing resources) to do so. So it is quite important to trust your VPN provider.

Normal traffic routes all over the internet, there is no guarantee someone can get all of the packets and reassemble it into a coherent piece. The only exceptions are the intermediary who is carrying the traffic, i.e. your ISP, and see (and potentially logs/stores) all packets, and if you use a VPN - the VPN provider.

Think of it like a shredder - if you shred and put the confetti into multiple bags and dispose of it, your data is pretty safe, right? Well, yes, unless the shredder is scanning the paper and sending it off somewhere just before it shreds.

For risk minimization purposes, I choose to trust my ISP (generally meaning a telecom) over a commercial VPN provider - which means I generally don't use a commercial VPN, unless I need an IP address from a different geography. I trust my employers VPN much more than a commercial solution, and use it for my important transactions like Online Banking when I am overseas, as I follow up on work email (limited personal use clause and all).