If you use a VPN, you are trusting them to have their act together. Some of them really miss the mark.
//
Hacked Data for 69K LimeVPN Users Up for Sale on Dark Web | Threatpost
https://threatpost.com/hacked-data-limevpn-dark-web/167492/
I have a subscription to TunnelBear because (don't laugh at me) I like Murdoch Mysteries out of Canada. Plus the other occasional Canadian show. If I look like I'm in Canada, I can stream the current season and not wait a year for another streaming service. So I do. I suppose I could use it all the time, but I don't.
Now I am wondering if this has been a bad idea. How does one verify the legitimacy of a paid VPN service? I only went with TunnelBear because a friend used it.
@BlueStateBabe
I would start with companies that pay for third-party audits of their systems, and publish those results, warts and all. The audit will only evaluate what the VPN company asks the auditor to look into, but it's way better than no audit at all.
TunnelBear was actually the first to do this. Mullvad (also mentioned in the article) is fairly well respected, and I believe a few CoSo members who know their infosec are customers.