[josephholsten]

I would be very interested to know what you think a VPN provider could do to assure users that the servers are safe.

I've yet to see an example verifiable safe server configuration, but some people have claimed that SGX might do. I'm pretty sure that wouldn't work with stock OpenVPN or StrongSWAN today.

Are there any other practices they could adopt that would ease your worries?

[genieyclo]

In 2018 there is no reason to use anything other than algo vpn. I don't understand why anyone reading this comment would trust PIA or any other 3rd party.

[woolvalley]

DCMA abuse emails being put into /dev/null, most VPS providers do not do that. Also a promise to insist on subpoenas or other expensive methods before they would comply with requests.

Also why do you trust your VPS provider over a VPN provider? They can inspect your VMs memory and do whatever else they want to the machine. Same with whoever owns the real estate that you co-locate your own physical servers.

[earenndil]

> why do you trust your VPS provider over a VPN provider?

They simply don't have the resources to log every single memory read/write and every network connection of all their hosts. Thus you would have to already be a known target for them to want to do that. Whereas a VPN provider has a limited scope of what they can log and thus needs a fraction of the resources to log everything.

[woolvalley]

So you inspect filesystems or figure out other stats through low resource activity?

There are probably logging systems already in place to detect abuse, that would be extended to detect VPN style usage on top of that.