@nuintari pretty strong disagreement, here.

1. MitM attacks against SSL connections (or TLS 1.x connections) are simplistic -- 95% of your target base will happily click through the popup cert mismatch warning. HSTS helps, but requires that the user has been to the site previously.

2. VPNs help mask geo-location info leaks and/or blocks

3. VPNs will protect all traffic from your device...including app traffic that would otherwise be problematic.