Perhaps I should clarify that I am not discouraging the use of VPNs, but I am encouraging more involvement in the policy process. Indirectly, I guess I am encouraging a better understanding about the intricacies of VPN services.

A hybrid approach as you suggest seems agreeable to me.

Some food for thought: Such data can include say, the fact that a certain person enjoys some fetishes or maybe some other similarly compromising data.

The possibility for blackmail exists and therefore the possibility of your freedom being curtailed.

At the risk of sounding increasingly naive:

I believe policy is important as a part of the solution because it is a matter of protecting the general public not just a select technically capable.

Yes, policy is hard and can be useless but I still believe it is an important goal to fight towards.

You can care about your privacy, use a VPN and use the democratic process to enact policy change. Those things need not be mutually exclusive. VPNs are only a part of the solution and incomplete, not the solution.

You can guess some of it trivially, cloud services such as AWS are popular and mask the ORG using the IP addresses.

Example: any traffic to 17.0.0.0/8 = user probably has an Apple device

That would depend on your traffic levels and which instance type you want to use.

This should help figure things out: http://calculator.s3.amazonaws.com/index.html

VPNs will definitely incur overhead and latency costs, yeah.

OpenVPN can be fairly slow if you are sharing CPU usage (ex. VPS provider) with other users. You are also most likely implementing NAT on your VPN server which is probably not accelerated unless you are paying for an expensive appliance that does so.

SSH tunnels work in a pinch (OpenSSH is <3). However for coverage across devices such as smartphones OpenVPN works better long-term.

Unfortunately even recent versions of Android have some incompatibilites with OpenVPN.

When I tried again with Lollipop last month, the VPN's preferred DNS was not being set on the phone despite being sent from the VPN server, hence DNS lookups were leaking to whatever DNS server had been set before establishing the VPN. Quite a nasty gotcha. Workaround is to run a script to set the DNS, but that requires root privs which 'normal' users won't have.

To each their own. I am hanging in there with proxydroid.

DNSCrypt + HTTPS everywhere solves the latency issue but it doesn't solve some of the other issues.

You still need the technical know-how to set up a DNSCrypt recursive resolver. The resolver then talks to the respective recursive chain in plain text as DNSCrypt is not something that is widely adopted.

Hosting a private DNS server has its own issues. Many CDNs rely on DNS server to determine which POP to route you to. Pretty common for Australian internet users who switch their DNS to have videos streamed from Southeast Asia rather than Australia. That would cause huge perceived latency issues. Third-party DNS providers solve this with private agreements [1].

[1] https://community.akamai.com/docs/DOC-4219

If I was a betting man - backbone providers don't do this (sell to advertisers).

It would be costly to maintain the interception/analysis infrastructure required for such data collection.

I daresay it would cost more than what they would make off the data.

Thats an interesting bet. If they isolated to the subnets they sell off to ISPs (i.e exclude datacenters and such) what do you think would contribute to the cost/benefit difference of the two?

That is still a significant amount of traffic to analyze and store data for.

I don't want to speculate further as I don't know what margins for transit providers in NA look like.

That font is honestly nearly unreadable on Firefox. Font is too thin.

I can believe it, but reading on a retina iPad mini, I was actually struck by how nice it looked!

I think now that A-grade browsers are generally equal in most basic respects, we often forget to test things that might seem inconsequential and not worth testing, like font-weights.

I actually did a bit of testing, including grabbing VMs of various versions of Windows to see how things looked on XP, 7, and 8.1. It remained quite readable in my testing.

Now that I'm back on a desktop computer, I'm looking and it does look pretty good to my eyes, but I could see how it might be too thin for some people.

I tweaked the weights a bit. Hopefully it's a little easier now.

I don't understand the downvotes, it actually is a little annoying on the eyes in FF

Turn javascript off and you'll have a nice readable font ;)

Chrome on Win8.

Font is readable, but pretty thin. A little straining on the eyes.