Will VPNs Protect Your Privacy? It's Complicated

From a CNET report: A VPN redirects your internet traffic, disguising where your computer, phone or other device is when it makes contact with websites. It also encrypts information you send across the internet, making it unreadable to anyone who intercepts your traffic. That includes your internet service provider. Ha! Problem solved -- right? Well, sort of. The big catch is, now the VPN has your internet traffic and browsing history, instead of your ISP. What's to stop the VPN from selling your information to the highest bidder? Of course, there are reputable VPN services out there, but it's incumbent on you the user to "do your homework," Ajay Arora, CEO of cybersecurity company Vera said. In addition to making sure the VPN will actually keep your data private, you'll want to make sure there's nothing shady in the terms and conditions. Shady how? Well, in 2015, a group of security-minded coders discovered that free VPN service Hola was selling its users' bandwidth to the paying customers of its Luminati service. That meant some random person could have been using your internet connection to do something illegal. So, shady like that. "I would recommend you do some cursory level research in terms of reputation [and] how long they've been around," Arora said, "And when you sign up, read the fine print." From a report on Wired: Christian Haschek, an Austria-based security researcher, wrote a script that analyzed 443 open proxies, which route web traffic through an alternate, often pseudo-anonymous, computer network. The script tested the proxies to see if they modified site content or allowed users to browse sites while using encryption. According to Haschek's research, just 21 percent of the tested proxies weren't "shady." Haschek found that the other 79 percent of surveyed proxy services forbid secure, HTTPS traffic.

Google doesn't care about VPN

[yuvcifjt]

VPN's may only protect you from your own ISP, but what about the biggest spyware organisations, such as Google/Facebook?
They all rely on browser fingerprinting more than anything else these days, and subtly transmitting information back in an encoded form, including mouse movement patterns to learn about the individual.

Cookies/HTML5 storage are so last decade, as I've seen a growing number of companies (Cyberfend / iovation / iesnare / "cformanalytics", browser.id (navigator.io), etc) provide services specialising in tracking and individually identifying users - even surprisingly across devices, somehow.

As far as I can tell, only Mozilla is attempting to reduce/fight this with their browser, especially as they recently removed the Battery status API, added disconnect.me to blacklist known trackers in v43, Font fingerprinting, etc.

Sure, you can use addons like adblockplus, noscript, decentraleyes, etc to some degree, but many times they break websites as more and more sites are utilising javascript exclusively for a website to function, including third-party scripts, such as GoogleTagManager, etc.
Just recently discovered that the popular London travel website TfL also contains a third-party tracker, without which their journey planner doesn't work, thus the website doesn't work with Firefox's disconnect.me privacy list.