I, too, use encrypted VPN, but we are just a minority. Many people use the services provided as-is without taking any extra measures, and I think that those are the people more likely to be influenced by the influencers anyway.
We, the ones that they'll have to spend undue effort to sniff out a profile about, are not targets to them. We are much too resistant to it that we have gone all through the effort of setting up a private VPN with good encryption.
Whilst a VPN is an important and arguably now necessary way to protect yourself on the internet, it's use in practice is very far from a sliver bullet. Ignoring the somewhat inevitable problems of latency and bandwidth - much of the internet appears hostile to VPNs. A significant number or sites either don't work at all, or are a pain to use.
For example
* On NordVPN through US servers you can't access Amazon (!) Although through Canadian servers you are ok.
* Costco, Apple store, Business Insider, YouTube, google, netflex, dell, consumer reports, ebay - either don't work, or are a pain to make work
* On PureVPN you can't send email - until you have your domain whitelisted
* On PureVPN it's a crap shoot if you get a connection
More detail on experiences with PureVPN and NordVPN are here..
I use DigitalOcean as my VPN provider and make my connections to there over IPSEC. I did not set the server up myself alone, but used the Algo VPN [1] script to do it for me. With this setup, I have two things to be concerned about:
1- I did not audit the script myself, and they may have injected various malware to the VPN server it spun up during the setup. I am not concerned enough to not trust them, but I could just read the script thoroughly to eliminate the necessity for trust.
2- DigitalOcean has the access to hardware, so it might be doing whatever while I am not looking, and I just never look. Similarly, I could monitor the activity on the server to assume some control.
I am the same as you, but I worry the opposite. Using an encrypted VPN in a sea of unencrypted traffic paints a big target on you that says "Im doing things I don't want you to see". You can bet they are working on / can already decrypt and some three letter agency is targeting specifically VPN traffic.
We, the ones that they'll have to spend undue effort to sniff out a profile about, are not targets to them. We are much too resistant to it that we have gone all through the effort of setting up a private VPN with good encryption.