Why do you say this? Isn't it generally believed that most/all large VPN services are monitored specifically by the governments of the countries in which they operate?
Vodafone runs a large vpn, and I know from the people who sell them logging services they are obligated by the governments of multiple nations to keep url logs for a number of months that vary depending on the target's information retaining laws.
Mullvad on the other hand does not log anything at all (other than their Stripe payments where they try to keep data minimal). Is that in violation of the Swedish law? Maybe, but as long as one of the medium sized ISPs, Bahnhof, is still fighting the law in court I cannot foresee any court cases against small fry like Mullvad or any of the other Swedish VPN providers.
I think it is more about us being culturally less friendly towards secret court orders, and with just handing over customers to the authorities without proper process. Does our sigint operations monitor Mullvad's exit and entry nodes in Sweden? Maybe, but I do not think Swedish authorities will be able to force Mullvad's staff to silently add a backdoor. I mean they have not yet managed to get Bahnhof to comply with the current law since Bahnhof argues that some EU directive makes the Swedish law illegal.
To their own citizens sure, but they have had absolutely no qualms about invading the privacy of those who are not their own citizens, which is the entire point of the 'Eyes' programs.
Unlike many countries includingany European countries the US does not require logs to be kept.
Also legally national security letters can not require monitoring of the contents of communications but only compel the recipient to produce existing records regarding the communications. For a VPN service that did retain logs a NSL could require them to be turned over; however, for one which doesn't there would be nothing to turn over and a NSL can't compel the collection of such information when it doesn't exist. A NSL which tried to exceed these restrictions can be fought in court.
Sure, there's also a city in Croatia (Pula) which means "dick" in Romanian. People don't usually verify what their brand means in other countries, especially if they have no desire to expand to said country.
By that logic everyone and everything is corrupt, monitored, etc. Including the hardware you might install your own VPN node on, all messenger apps, all phone lines, the mail, and so on. Your best friends are all spies. Your bedroom is bugged.
That would mean there is absolutely no way to improve your privacy and you might as well do nothing.
I think an increase in ownership base fundamentally makes it easier to trust an entity, especially in a public company setting where transparency is a must.
Rather than trusting 1/1 owner of a company you just need to trust 1/n with significant control.
The original PIA group will maintain significant control.
The problem with trusting 1/n is that my trust in you is compromised when you choose to associate with an unscrupulous party, so even that 1/n is no longer trustworthy.
(Long time PIA subscriber who cancelled over the news of acquisition.)
And in the VPN world, trust is fundamental.
I am still surprised you didn't see this coming.