I've been researching warrant canaries. And overall, they don't seem all that useful. The EFF ended its Canary Watch in May 2016, after a year, because "there is no way to know for certain whether a canary change is a true indicator". By the end, they knew of ~100 warrant canaries (followed or submitted). But let's look at the evidence. There have been warrant canary lapses for both BolehVPN and VikingVPN. BolehVPN blamed database problems, and VikingVPN blamed circumstances. But whatever, both were restored. Reddit, Silent Circle and SpiderOak switched from warrant canary to transparency report. But of course, gag orders would prevent mentioning investigations in transparency reports. So perhaps these examples demonstrate that warrant canaries can work. Or maybe the changes were proactive business decisions. ProtonVPN has a "Transparency Report & Warrant Canary" which is defined rather backwards: "This warrant canary is updated whenever a new legally binding request is received, or about to be received if we have advanced warning." That's silly, because gag orders would prevent mentioning covered investigations. After a two month lapse, Riseup updated its warrant canary, but changed the definition to exclude "minor things" like targeted investigations, and only "major thing" that affect all users. I see the point, but it's sad that investigations with gag orders are too common for broad warrant canaries to be useful. Anyway, please share comments and other examples.
You sometimes wonder who's running some of these VPN's? I get the feeling that some of them are run by three letter agencies. Call it a hunch.
Well, there are lots of VPNs. So I wouldn't be at all surprised if some were run by TLAs. But that's one reason why I recommend using nested VPN chains
There is rational skepticism and irrational paranoia. I have to facepalm every time I read this sort of nonsense, and it's used for basically "every company I don't like". You had massive leaks with Snowden showcasing exactly how powerful the NSA is in regards to exploits, backdoors, wipe taps, etc. Not once did you hear about them "being behind a company". I wonder why? Maybe because they have no use for such a massive expense when they have a treasure trove of exploits to take advantage of? Step outside for a while.