imo, this thread’s votes & consensus seem to be for removal of recommended public VPNs that don’t meet PG’s minimum criteria right away, then figure out criteria change in a separate discussion (ex: Separate VPN Servers and VPN Clients)
If the strict criteria doesn’t make sense, then PG needs to make it explicit that VPNs don’t really help much at all with “hiding traffic from ISPs” when some traffic might in fact leak (due to imperfect client implementations or setups or both). To give an example from earlier in the thread, such leaks would be akin to a hypothetical e2ee drive app encrypting every document except ones it unilaterally deems must be kept in plaintext instead.
No, it isn’t a mistake. A “killswitch” is enforced by the OS, and without VPN apps opting in, all bets are off. As someone who develops VPN apps, “killswitch” is definitely extra work and one that VPN apps, imo, should invest in & get it right.
Wha? Why? I don’t think it is acceptable at all. Most OS-provided / OS-assisted “killswitches” (Qubes or not) prevent accidental / unintentional / intentional leaks from VPN client implementations and/or incorrect end user setups.
Should put this up on PG’s VPN page.
Changing the criteria I think needs a much bigger discussion on why PG recommends “almost always” using a public VPN.