Two years ago I turned down a paid placement request by a Windscribe affiliate. Besides every single page of Pocketables saying we don’t accept advertising or fake guest posts I have the great issue of not trusting anything I can’t put my hands on. This is why I don’t review stuff that I don’t have. Oh, I could…
Windscribe’s servers in the Ukraine were evidently impersonated by Ukrainian authorities. and all traffic passing through was decrypted as far as we know.
Basically, according to what Ars Technica says, they left the private key sitting around unguarded, it got yanked, traffic logged (probably,) boom.
So yeah, chances are the Ukraine shared that key with other governments, although you didn’t do anything illegal or anger a regime did you?
Ars Technica has a good writeup on it, but the short of it is all of this has happened before and all will happen again and anyone selling you security can only be trusted as far as you can outthink them