[lxgr]

I think this was actually a somewhat compelling product: Sure, Google tracks users where they can, but for this they were explicitly claiming to be using authentication via blinded signature tokens, and to not log any traffic.

Google has a lot more to lose from a privacy or breach of contract lawsuit than a random shady VPN operation that can just disappear when word gets out that they're actually feeding everything to data brokers, and open shop under a different name the next day.

[jqpabc123]

* ... authentication via blinded signature tokens*

Hand waving, smoke and mirrors.

When the authentication and the service are both run by the same company on their servers, a huge potential exists for there to be nothing really "blind" about.

As many, many examples show; Google = Privacy Invasion. It's way too late for them to try and establish privacy credibility.

[lxgr]

The blind signing part runs locally on your VPN client.

> It's way too late for them to try and establish privacy credibility.

I personally don't think it's a good idea to trust any corporation to be a good or bad custodian of your personal data based on their public image or even past actions. These values can change very quickly, especially in publicly-traded corporations.

What matters much more than self-proclaimed statements or public perception are economic incentives, and I believe Google has quite strong incentives to not get hit by huge fines for violating the GDPR and other privacy regulations.