Trust and transparency issues are the foremost concerns in choosing a great VPN, and if a service doesn’t have enough locations to be useful to you, all the security features won’t make a difference. But after those concerns have been satisfied, we recommend that most people use connections based on the OpenVPN protocol, because of security flaws and disadvantages in the PPTP and L2TP/IPsec protocols. (Experienced users may consider IKEv2, but because it has its own debated pros and cons, we ruled it out.) Though AES 128-bit encryption is fine for most purposes, we prefer services that default to the more-secure 256-bit encryption and still offer good performance.

They left a vunerability up for 3 years. Never bothered to do anything about it and never bothered to see if anyone took advantage of the vulnerability.So either they're flat out lying and knew they were being hacked and couldn't do anything about it or it's actually a back door they put there purposely. Can someone explain Googles behavior makes any sense?

Are you so used to your data traveling over Wi-Fi that you've stopped worrying about the security of that data—and about who else might be spying on it, or even stealing it for nefarious purposes? If so, you are—sadly—in the majority, and you ought to consider using a viritual private network, or VPN. In fact, when PCMag conducted a survey on VPN usage, we found that a dismal 71 percent of the 1,000 respondents had never used a VPN. Even among those who support net neutrality—who you might think would tend to be well informed on technology and privacy issues—only 45 percent had used a VPN.