[mirimir]

Sure, adversaries could pressure VPN providers for logs, account information, help tracing traffic, etc. So you pick VPN services that have been in business for several years, are well known and recommended in relevant communities, and have no history of giving up their customers. There's a recent relevant thread on Wilders: https://www.wilderssecurity.com/threads/purevpn-keeping-logs...

Even so, it's prudent to assume that your VPN provider logs, works with your adversaries, etc. Just like the Tor project assumes that any particular relay may be malicious. So Tor clients create three-relay circuits, to distribute the risk. And one can do the same with VPN services. I'm currently working through a nested VPN chain, using servers from multiple providers. I use pfSense VMs as VPN gateways, and workstation VMs. It's also easy to add Whonix to the mix, so I can use Tor through nested VPN chains.