And with root access to the VPS host, you can just extract private keys from the VPS ram and proxy the connection, logging it all the while..
so no, this claim is not tenable even at the VPS level.
If you're just doing it for privacy, then cool. If you're doing it to mask potentially illegal activity, don't. Use PIA or something like that.
But if you care about privacy in general, a VPN is always a clear win. No VPN will ever be perfect. But for a VPN, this is pretty good with regards to security.
Some may just be avoiding local isp surveillance. Some are just getting a vpn to access a site blocked on their country.
For what you said,it really matters what country it's in and who is hosting it. For example, switzerland and finland means no dmca cooperation (not easily at least). If the owner is publicly known and had a lot to lose outside of the vpn business in the event of a reputaional loss, that would be even more preferable (for me it's freedome or protonvpn due to the risk they take by associating it with f-secure and protonmail respectively)
How can you claim no-logging if you are running on someone else's servers?
The fork is maintained by someone who lacks a basic understanding of networking, system administration and security. I'd suggest against using it.
That is what I do at https://wormhole.network But I don't offer internet access through the VPN, it's purely a virtual network to interconnect your machines in a shared LAN space (100.64.0.0/24 for now).
That's one of the reasons I recommend HTTPS-based approaches over things like Tor for anonymity. Makes things look like all the bland, harmless traffic out there. Smart move. :)
Also Tor circuits are also just TLS
Still good for the many, many, other threats out there.