I used to prominently tell people not to use “privacy VPNs” on particle17. I now have to soften that because Circumstances Have Changed1).
Classical VPNs glue devices into networks that they aren't already a part of. Tailscale is an “overlay VPN”. Most people colloquially call VPN services like NordVPN, ExpressVPN, and Mullvad a “VPN” even though they offer a very specific type of VPN. Lawrence Systems calls this a “privacy VPN”. It is a VPN that does not do anything other than route some or all of your traffic through another system.
Privacy VPNs predominantly were pitched for privacy first, which is why I like this name. If you are on a network and you're suspicious of that network, a privacy VPN might offer you more privacy by masking the IP address you're talking to.
Many VPN providers advertised, but have since stopped after getting lots of pushback, that they improved security. They rarely do this. Most sites and services are fully encrypted. The security offerings are not there.
But they do other things.
Privacy VPNs predominantly offer escape of internet censorship or laws that you don't find attractive. If you use a privacy VPN and tunnel to a different country, you can “appear” from a different spot. This might mean not being presented with a mandatory age check, ID check, or similar. In China, South Korea, and other parts of the world, “positive identity” or “positive age verification” are required to access online services, including social media and internet pornography. VPNs to friendly countries, like Japan, can evade this.
Some services aren't available to people in the EU, due to GDPR. VPNs can evade GDPR-caused bans.
Some VPNs offer “location masking” so you can browse content from streaming services in different countries. Most streaming services heavily filter VPN use, block VPN traffic, or similar. If you use a mainstream VPN, odds are, you can't watch streaming services while connected. If you can, they will likely put you in travel mode.
Many people want to use VPNs with the goal of breaking the law. Okay, so if the goal is to violate the age verification law in your locality, yes. If your goal is to do some Serious Crimes, most likely the VPN provider will cooperate with the police and disclose your banking, IP, or other information.
If you want to engage in Internet piracy, VPNs can and do cooperate with the police.
Predominantly, I suggest you use Mullvad. Mullvad is one of the best providers of privacy VPNs. They have a client that is not terrible, but you can download WireGuard config files if you prefer.
Mullvad is the only provider I would actively suggest using.