I personally prefer using OpenVPN client. It might not have all features as some custom clients, but it's open source and probably less vulnerable as some other clients.
Yes, there are many scummy VPN services out there. I mean, it's such an obvious ploy to harvest salable data. It's like people will pay you to join botnets!
They neglect to observe that the reason for the market expansion and demand for VPN services - and for many "amateurs" to get involved - is precisely the unwarranted government mass surveillance. The case for such never mentions the collateral damage in weakening and exposing systems. In the UK, where "Internet Connection Records" are being held by the ISPs for 12 months, with access by 40+ agencies, it might well be worth using even dodgy VPN services outside jurisdiction, because although you may get sold, they cannot lock you up on the basis of dodgy selectors on that stored data. Of course, the keys for the VPN service and the sysadmins may well have been owned in a sloppy VPN service. That the IP Bill will have to be modified because it's unlawful is not helpful where we stand.
Hopefully no one here does anything online that puts their safety and wellbeing at risk while trusting any kind of internet privacy service to protect their identity.