> If you can't see your VPN's source code, you can almost safely assume that they're broken in some way.

This is definitely true insofar that you better be able to see client code. That said, since you cannot see what the server is running, even if they release their code, you will still end up with a trust actor or two (vpn operator or sometimes multiple vpn operators in double hop cases).

That’s exactly the reason we introduced deterministic and verifiable VPN technology on https://VP.NET which allows you to actually see the code the VPN servers are running. Instead of trust in a non deterministic human actor you can now trust deterministic and verifiable code.

It is the end of privacy theater!

[1] I am a co-founder of VP.NET