[JohnFen]

I have been looking at commercial VPNs for a while, and the problem with them all is that it's impossible to know which ones (if any) are trustworthy.

If you started such a service that could provide ongoing, real assurances as to trustworthiness, I would pay a premium for that. I'm not sure what that would look like, but your list is an excellent start.

I would say, though, that being open source -- while awesome -- doesn't really help in this regard, since you can't realistically prove that the code you're running on your servers is the same code that you're publishing. Signed binaries and reproducible builds don't help with this too much, I think.

But that's no different than any other service that someone else is running, so that's not a serious problem.