Originally Posted by
will5404
All this does is change the point of attack. Your trusting a VPN provider to not sniff out your sessionid and use your Facebook account. The real solution is sites have to start sending the sessionid over SSL, and hopefully this will push them to do so.
That is true, but there is too much competition in the VPN field for any sane provider to risk cheating their customers. They'd be out of business overnight. I'm not a shill for them (only a user), but I think they say it best:
The bottom line is, compared to your Internet provider, a hotspot/network owner, or even a government, we have a vested interest in vigorously maintaining your data security and privacy.
After all, that is what you pay us to do.
Not to be too capitalistic or simplistic about it, but that really is quite an incentive. This is how we earn our livelihoods. We don’t sell ads. We don’t have side jobs. This is it. You pay us money and we do everything we can to provide you the best service and protection possible.
If we don’t do it well, or somehow betrayed your trust, we’d guess you’d go elsewhere in an Internet minute. Knowing that, we will strive to earn your trust every single day and, hopefully, year after year.