Thank you very much, we should always strive to back up claims with relevant links and data, no matter if it's common sense or how trivial it might seem.
While the quote and linked paper give a good picture of the VPNs and their controversies, such as ExpressVPN, CyberGhost, and PIA being under ownership of a less-than-trustworthy company which also happens to be specialized in malware and surveillance, I did not find anything that directly supported @spudwart@spudwart.com's claim.
The only controversy (except questionable ownership) I could find in the article was a few paragraphs lower regarding the Andrey Karlov assassination, where ExpressVPN denied the existence of logs but investigators somehow still managed to extract a serial number of a computer(?) after a datacenter raid. Not sure if I got that right, but it would fit the established profile from this comment chain:
ExpressVPN, on the other hand, told investigators it did not have any logs or customer data on
a server in Turkey, which was raided by Turkish authorities, according to Hurriyet Daily News.
According to the site, authorities said the server was used to hide details regarding an
assassination of a Russian ambassador. ExpressVPN released a statement about the incident.
It's almost midnight here, so please correct me if I missed something.
Oh, and nice paper, has a good, natural flow and appears to keep technical jargon to a level where anyone should be able to draw well informed conclusions.