So, not many people realize this - but your connections are private by default without a VPN. When you visit a website, all of your traffic is encrypted via HTTPS, and if it’s not, you get a warning from your browser, letting you know it’s HTTP instead of HTTPS, and anyone on the same network can view your browsing. These days, that’s super rare.
So if you’re on public Wi-Fi at a coffee shop, no one is going to be able to get your banking details, or anything else like that.
What’s visible to the network and anyone on it is the DOMAIN that you’re visiting, and nothing else. So, an “attacker” might be able to see that you’re going to bankofamerica.com, but they could also do that by looking over your shoulder.
When I say the domain is the only thing visible, I mean the domain, and not the full URL. That means if you’re watching YouTube, the spy in the network will see that you’re visiting YouTube, not the specific videos you’re watching. The spy is just going to have to pick a seat behind you to see that.
Now - if you’re doing something so sensitive that you need the domain to be hidden, fair enough, but you should realize that info is going to the VPN company… So if the goal is to hide it from everyone, you’re not quite accomplishing that.
VPN’s are useful when companies set up an API or web application, but don’t want to put it on the public internet. VPN’s can be an extra layer of protection - you’re only allowed to access X if you’re on the VPN.
Trying to use it to hide your data that’s already hidden doesn’t make a lot of sense.