VPNs: Simply Do Not
The long, good version of this article already exists, from the EFF. Ideally you should read that article, but I'll summarize my thoughts here as well. In short: virtual private networks, or VPNs, do not provide a security benefit except against very low-level actors such as the RIAA, and even then only in specific scenarios.
What is a VPN?
Essentially, instead of your internet traffic going from your computer to the website you're visiting via your internet service provider (ISP), it is instead encrypted and sent off to the VPN provider, where it emerges and then goes to the website you're visiting (and the same thing in reverse). What this means for you is that your internet traffic is now flowing entirely through a single service. All of it. Even as you move from home to coffee shop to wherever else, your traffic is conveniently all being sent to (and potentially logged in) one place. This doesn't even add any real encryption for you, since any site using HTTPS (which is any serious website) has very strong encryption already.
In theory, VPN providers don't log information about you, but the "no-log" promises from VPN providers are misleading at best. Generally this means they don't log the contents of your traffic, which.... they can't anyway, for any site using HTTPS (yes, they could see any unencrypted traffic you send). Your IP address, metadata about you, and similar, is still collected and logged, because it has to be - you have a user account, and they're running a technical service! They need to know you're allowed to use the VPN and that you're paid up, log you in and out, know where to route your traffic to, update your VPN client software for you, help with technical support, and so on. And keep in mind that any VPN provider subject to US law (which can include providers outside the US but who are susceptible to pressure) can and will turn on logging just for you if law enforcement comes knocking.
But why?
So what does a VPN give you? It can keep information away from your ISP, but at the cost of providing that same information to the VPN provider instead. I personally generally consider this worse for general security use, since your ISP can change as you move around from home to work to coffee shop to mobile data, whereas if you're on a VPN the whole time all of your traffic is in one convenient place. Otherwise, this is identical; the VPN doesn't give you more encryption than you already have on the internet at this point. The one advantage VPNs do give you is for uses such as torrenting where non-law enforcement organizations (the RIAA) have significantly less leverage to get information from a foreign-based VPN than from a US-based ISP.
The other thing a VPN can do for you is mask your home or work IP address from hostile websites. However, your IP address is probably the least important piece of information for you to protect - much more targeted and intrusive technologies such as cookies, tracking pixels, browser fingerprinting, and so on are all incredibly common and VPNs do nothing to protect you from them.
Please: Just Don't
In summary: VPNs turn a variety of places your traffic metadata is logged (different ISPs as you move around and change devices) into one place your traffic metadata is logged (the VPN provider). It does not add meaningful security for you at any other layer (encryption, tracking protection, and so on) and the jurisdictional protection is dubious unless you're only worried about very low-level actors without law enforcement powers. Unless you have a specific threat that you're mitigating by using a VPN, please, just skip it.