It depends. OpSec is everything with self-hosted. If done correctly, no one could trace back to you in the first place. This would be done in conjunction with a "bulletproof host."
Whereas, the for-profit VPN provider who may take connection logs and if you didn't obfuscate your payment method knows you from that. Not to mention, they hold your private key and could decrypt the traffic. A lot of trust. Corporations always lie.
Does this fit the bill?
OPNSense Firewall running Wireguard VPN connecting to private VPS?
Yea good, how was the VPS paid for? Hopefully with a privacy coin or if you used Bitcoin you could coinjoin it to help conceal it came from you. I've personally been liking Safing.io Portmaster SPN, which is its own onion router. I've contributed nodes to the network and have my entry nodes configured to my own, so I know the transit and exit nodes will definitely not know who I am. Only my own nodes will see my true connecting location, but I've ensured they do no logging of any kind. But that's just me, not claiming it's perfect or anything.
Interesting I’ve never heard of an SPN. Did you use a VPN before. I see a lot of pros vs VPN. As a user what have been the cons vs VPN?
