The problem is that there may be perfectly legal gag orders (issued by a court) that force them to comply to normal police requests - and you would never even know. NordVPN in particular removed their warrant canary without informing their users and only gave some retroactive PR answer when people rightly started to freak out.
The simple truth is that if a VPN provider hasn't been shut down by authorities after more than a year (like VPNLabs was), then they are basically guaranteed to be giving out your data to authorities at this point. The legal situation in most western countries does not allow complete online privacy for normal, law-abiding citizens.
>The problem is that there may be perfectly legal gag orders (issued by a court) that force them to comply to normal police requests - and you would never even know.
Are there any VPN providers that claim they'll take the metamorphic bullet for their clients? I feel like you're setting up unrealistically high expectations where a VPN is like "we don't log or sell your data!", and you retort with "yeah but what if you get a secret court order or the government threatens your family?". I think nordvpn's response is consistent with what reasonable people's expectations are. Otherwise you can apply this logic to all sorts of interactions and find it quickly breaks down, eg. talking to a friend:
>"do promise you won't tell anyone?"
>"yes"
>"yeah but what if government subpoenas you, and grants you immunity so you can't plead the fifth?"