I read the article rather than watching the video. I noticed there seems to be quite a bit of (accidentally) duplicated text

There’s a good chunk of this I’d disagree with, too. Suggesting the use of any Google service or product to someone concerned about privacy is absolutely bewildering to me.

Bitwarden is far and away the best password manager and recommending anything other than Bitwarden isn’t great, really. Password managers are a bit like VPNs, lots of junk and big promises without much proof of anything, except Bitwarden is fully open source.

I think going into self-hosting is a bit self-indulgent and, honestly, not really appropriate for the intended audience. Self-hosting is a great choice for someone like the author, but for someone who is new to it, they’re way more likely to misconfigure something and leave a major security hole.

The article seems to take the stance of “thinking about using a commercial VPN? Just use TOR!”. But in my experience, TOR is glacially slow, and it’s also not suitable for ordinary browsing because of how widely-blocked the exit nodes are. The article at least acknowledges the blocking problem, but for an article which focuses on tradeoffs, it doesn’t acknowledge that there’s a valid trade-off between TOR and a commercial VPN. A commercial VPN is faster and less blocked than TOR, but there is still an entity with direct knowledge of your browsing (the VPN company itself), there is more vulnerability to correlation (the VPN doesn’t [and probably can’t] change your exit node for each website, like the TOR browser would), and a commercial VPN is an expense. You don’t have to jump all the way from “no-one can know which website I’m browsing” to “anyone tapping any leg of my connection can know which website I’m browsing” just because the website blocks TOR exit nodes.

For reference: I have a commercial VPN subscription, which I have connected for my daily browsing – in large part to reduce the cognitive load of “what if X party knew I was visiting Y website” for every website I visit. I also have the TOR browser installed, and use it occasionally – for when I’m concerned about the outcome of “what if the VPN company is breached/subpoenaed/sells my data/etc.”. I don’t put any stake in the ubiquitous “no logs” claims of VPN companies, since it’s completely unverifiable.

I do at least appreciate the article acknowledging the grossly misleading advertising of nearly every VPN company. They advertise their product as solving problems which are solved by HTTPS and not solved by VPNs

It’s sad we needed this before and sadder we need it now.