Aren't you just giving your info to a VPN provider instead? Like, if I wanted to gather data on potential threats as an CIA dude or whatever is probably set up and advertise VPNs cause someone using one is more likely to have something to hide so you have less to sort through. How is that better than your ISP having access to your web activity? Where I am ISPs require a warrant to disclose info. Just feels like a trick.
Well don't use a US-based VPN if you're trying to sell state secrets to China or something lol. Use one from some 'enemy' nation so its less likely to be spied on by the US. But even that's sketchy if you're actually trying to obfuscate something, which is why Tor exists. I think Tor basically routes the data parts through multiple different VPN-like things in different countries (I think Tor was also created by the CIA).
And of course another weak link is the certificate system. If a certificate authority is compromised (aka the CIA asks to view certificate private keys or something) then I think they could pretty much man-in-the-middle anything they want using that certificate authority or its 'child' certificate authorities (maybe).
Basically, if you want "perfect" (i.e. as good as it gets, but still crackable with brute force) security, you'll need to use something like PGP with email or files and exchange public keys with the person on the other end in person (so the govt. can't pretend to be you or the other person using your/their 'public' key) or something lol, which would allow you to encrypt any type of data using the recipient's public key, and the recipient can decrypt it using their private key, and vice versa. Public-key cryptography is used in pretty much everything but I think you can get actual security only if you treat the public key itself as a secret. I'm still a newbie in terms of this stuff though.
Of course in reality it would probably be pretty difficult for the govt. to man-in-the-middle you every time you try to download some privacy software or cryptographic keys or something, but if you were specifically being targeted by the govt. they might be able sort of "wiretap" you via your wired internet or cell network and view/modify any traffic to/from your computer by using certificate private keys they've gotten hold of and other things to perform a man-in-the-middle attack and pretend to be the other endpoint in your communication, which is something that using "pre-shared keys" (ie lets create a secret code with each other and remember it) would make much more difficult/impossible.
What is this insane rant 🤣