The easiest way - and what I do when I'm on a particularly hostile network - is to just use SSH.

If you, or someone you know and trust, operates a unix machine with an ssh daemon running on it, simply ssh to it and tunnel your traffic over it.

e.g. run a small proxy server on the machine, tunnel local port 8080 to remote port 8080, and set it as a proxy in your browser. Email can be done the same by tunnelling the POP3/IMAP/SMTP (you are using TLS for these, right?) to the far end as well.

Then you only need to verify the authenticity of the remote SSH host, to ensure you don't have any man-in-the-middle attacks going on.

To be perfectly honest though, I don't tend to bother with this for most things as I don't perceive it as a _huge_ risk -- the few things I do care about (ssh, email) are already encrypted.

Of course, this does mean exposing your SSH daemon to the world, which has it's own risks. This can be mitigated by using some form of tokenized authentication, or port knocking, or a combination thereof, and so forth.

That URL re. MS PPTP is pretty old, and seems to only refer to specific bugs in the implementation of the Server side of things. I used to run MPPE over PPTP between Linux machines (and also a Windows client) and did not have issues, and did not see the specific concerns in my testing.

Failing that, if truely concerned, setup an IPSEC tunnel service on your unix machine, use Safeword or RSA tokens, e.t.c.