Neat, now I know what everyone using my vpn provider has downloaded!
I will happily recommend that everyone buy a router that can be flashed and pipe all your traffic through a VPN. It doesn't give you perfect security, but it defeats a lot of attempts to deanonimize like this.
Even if you do everything right all your traffic goes through VPN...
This create a case where the “bad thing” you do woth the PC, is also on the same address as all your “good things”.
Let’s say with Google, your thermostat, your Wi-Fi enabled coffee maker, your game console, your phone, every website you connect to with any other device that runs through that router/VPN - they all know your VPN IP at that time and your account info at that time.
Let’s say your WiFi refrigerator mfg sells IP and account detail information as a service to a data mining company - as I’m certain some do - in order to “get around” your home VPN, someone might need relatively cheap access to this data.
Putting everything on a VPN gives a lot of devices and accounts to tattle on you.
A VPN for the PC alone might be a decent idea if you are downloading things on the PC.
One thing I've dabbled with[1] is using pfSense to set up a VM with a management 'interface' that only routes to my local network and drops any packets not on the web UI port[2], and an Internet 'interface' that pfSense routes over a VPN (I can't remember if I ended up actually using two separate interfaces, or a set of firewall rules to allow the LAN traffic access). AFAICT, it seemed to work reasonably for the brief period I used it - the VM could only see the pfSense gateway, and all of the Internet traffic from the VM went over the VPN, whilst the traffic from the rest of my network was unaffected, but I could access a few services locally on a 10.x.x.x IP (different subnet to my main network).
[1] Actually to setup a Pi-Hole instance that bypassed my ISP's DNS hijacking, but the principle seems similar
I will happily recommend that everyone buy a router that can be flashed and pipe all your traffic through a VPN. It doesn't give you perfect security, but it defeats a lot of attempts to deanonimize like this.