In today's world with everyone - governments, advertising companies, ISPs - spying on ordinary Internet users, it is a very good idea to get a reliable VPN, especially for people living in Five Eyes countries (the US, the UK, Canada, Australia, and New Zealand) and repressive regimes where the governments have decided that their citizens should have no right to basic privacy even though it is a human right and guaranteed by the Fourth Amendment to the United States Constitution.
Let's get one thing out of the way first, it's not a good idea to use a free VPN. The reason they are free is usually because they log everything and sell it to advertisers, and why wouldn't they? It's easy money and hosting VPN servers is not free. Adware, stealing bandwidth, stealing money or Bitcoin, hijacking accounts and ransomware are some other risks with free VPNs that paid VPNs usually stay clear of.
The one exception I've found to the "don't use a free VPN" rule is ProtonVPN, which I will go into more detail about below. However, when it comes to the free "unlimited" VPNs that you find on app stores and as browser extensions, rather than using them you might as well not be using a VPN at all. In general, if you want a VPN with real privacy and security, you're going to have to pay for it. If you're not paying for it, you're the product.
Do not use VPNs when you shop online or do financial transactions. A rogue VPN can snoop on the traffic and try to steal your money and services like PayPal will take action against accounts that are accessed via VPN IP addresses in order to minimize fraud.
Also, please be aware that VPN browser extensions are not as secure and foolproof as VPN desktop clients as certain plugins and technologies such as Adobe Flash Player directs traffic outside of the web browser, making it impossible for VPN browser extensions to tunnel that traffic.
The VPN industry is plagued with shills since the affiliate programmes are very lucrative, so be skeptical of any VPN review that contain affiliate links and ask them to back up their claims with hard facts.
Requirements for a secure VPN: It should not be based in a Five Eyes country or a country that is on Reporters Without Borders' Enemies of the Internet list, it should not log, offer working leak protection for IPv4 and IPv6 or block IPv6 entirely, have its own first party DNS servers, support OpenVPN, support strong encryption and support anonymous payment methods such as Bitcoin, other cryptocurrencies, cash or prepaid electronic payment methods.
Resources used for verifying compliance to all of these requirements are That One Privacy Guy's VPN comparison chart, VPNTesting.info, and Privacy Tools.
Other useful resources for researching VPNs are Comparitech's Does your VPN Keep Logs? 123 VPN Logging Policies Revealed article, Comparitech's 20+ VPNs rated on privacy and security side-by-side article, Comparitech's Most VPNs can leak personal data despite claims to the contrary article, That One Privacy Guy's VPN reviews, the Most VPN Services are Terrible thread (incomplete list of VPN services using pre-shared keys), TorrentFreak's yearly interview article with VPN operators, /r/VPN, /r/vpnreviews, and /r/VPNTorrents.
There are limitations to what VPNs can and can't do. VPNs can't hide your browser fingerprint and you can never verify that they log and don't log (unless you self-host your own VPN service). If your Internet activity is highly sensitive I recommend running Tor Browser over a secure, leak proof, no-logs VPN. Tor Browser has identical browser fingerprints across all unmodified installations and the VPN will conceal Tor's fingerprint which your ISP and anyone else monitoring your Internet activity would be able to see otherwise (they would see that you are running Tor, but not what you are using Tor for). A Tor bridge would also prevent that, but I would rather use a VPN + Tor than just placing all of my trust in Tor. Tor cannot anonymize BitTorrent traffic and should never be used for downloading torrents.
Please note that this list is ment for VPNs that protect your privacy. They are most likely not good for unblocking Netflix / Hulu / Prime Video / other streaming services. This is because privacy-focused VPN services use shared IP addresses, so that you share your IP address with a lot of people and blend in with the crowd. However, this few IP addresses being used by this many people makes it very easy for streaming services to spot unusual activity from VPN services' shared IP addresses. That's why VPN providers that focus on unblocking streaming services usually provide dedicated IP addresses that are not shared between a lot of users. This makes it harder for the streaming service to detect that the IP address belongs to a VPN service, but it also makes the VPN service unfit for privacy purposes as it's no longer possible to blend in with the crowd to the same extent that you could with a VPN service that uses shared IP addresses.
TL; DR: These VPN services aren't Netflix unblockers. For that, go to /r/NetflixViaVPN.