When and why it's useful to use a VPN
There are several reasons to use a VPN and, without going too much in details, these can boil down to the following:
hide internet activity
as users have a reasonable expectation that whatever is done on the Internet is private, but oftentimes it's very easy to spy on any activity instead.
use public or guest Wi-Fi with fewer risks
because there are very few circumstances that are more dangerous than a free hotspot, as explained in more detail below.
bypass local network restrictions
to access content that, for one reason or the other, might be blocked by network administrators for reasons of opportunity (e.g. social networks in an office) or censorship (e.g. an oppressive government).
secure your privacy
as everyone is entitled to safe communication, yet that is not granted by the standard web protocols without a secure overlay.
Most users may think that modern Internet communications are secure by design, but there are some misconceptions in the general knowledge that may be misleading and give a false sense of safety.
This website uses HTTPS, so it's secure
While most websites today make use of HTTPS and Brave itself (similarly to desktop-class web browsers equipped with the very useful HTTPS Everywhere extension) is enabling it for those that guiltily still don't, that is only protecting the content of web traffic between device and site: a lot of other potentially sensitive data that is exchanged outside of that (such as DNS requests that identify the destination website, and query parameters inside the URL used by search engine requests) remain visible in plain text and subject to network sniffing. For the more technically inclined, Ericlaw has written a detailed and comprehensive description of the limitations of HTTPS.
From a security standpoint, any time a device is outside its "home" network (that is, a network that is trusted and considered safe as managed by the user itself) it will then connect to and operate on a network that should be considered insecure by definition: they typically boil down to any random free Wi-Fi network available wherever and, for mobile devices, the cellular network.
Look Mum, free Wi-Fi!
The classic scene depicting people being hacked while surfing by a coffee shop is not dramatization: actually, it is accurate and realistic.
Public Wi-Fi hotspots are more or less a hacker's playground and represent a real threat: no sensitive operation such as accessing sensitive information or - God forbid - online banking should ever be performed there without additional layers of protection.
Using free Wi-Fi without a password is tantamount to talking out loud in a crowded public place about personal matters; using free Wi-Fi with a password on the other hand is much better, as it's just like talking out loud about personal matters in a room full of people.
Either way, everyone else can listen (and someone will).
I'm on mobile, I'm ok
Of course, mobile networks (such as 3G and 4G) are encrypted, but that alone does not provide any kind of robust security. As explained by Prof. Bill Buchanan,
3G/4G network only supports encryption from phone to the base station, along with the possibility of it using a weak encryption cipher... and there is no encryption applied to the data when it reaches the wired network. To be fully secure, we must overlay our security with SSL/TLS, SSH, or a VPN tunnel.
The paper by Prof. Buchanan explains how in 2010 it was already possible to crack the encryption of GSM and 3G networks, and even with stronger ciphers in place today there is no encryption on the wired network after mobile base stations.
Therefore, while being better than public Wi-Fi, a cellular line must not be mistaken with a secure channel.
What to do then?
If privacy and security are of utmost concern, a VPN is a safe and practical way to obtain them. While the service comes for a price, not all VPN providers are equal, and "more expensive" doesn't necessarily mean "better". Some specific features must be present for an operator to provide an adequate level of service, and to help to make an educated choice they are nicely summarized in this article by TechRadar. When looking for this kind of information it is worth remembering that several VPN vendors are writing their own, which can be biased towards their specific features, so it's better to use an independent publication as reference.
As a rule of thumb, if an article contains lines such as "Unless you use an effective and reliable VPN like XYZ" or it is on top of search engine results with a title such as "Best VPN providers reviewed", then steer clear - it is likely advertising junk. Instead, reputable technology outlets such as PC Magazine, TechRadar and Tom's Guide regularly publish reviews of VPN services, and those can be considered good guidelines.
Remember VPN does not mean anonimity nor immunity
While there are several valid reason to use a VPN, it is extremely important to remember that VPNs do not provide any anonimity or immunity, as all they do is to tunnel a connection through a protected channel from one point to another; the exit point - which normally is one out of many gateways managed by the chosen VPN provider - is still connected to the public internet, and from there onwards all data, unless encrypted by a protocol such as TLS, is vulnerable again.