they also have the potential to cause great harm to their users
What harm is that?
The only harm I can see is either:
(a) by associating their users with those who use VPNs to do illegal things. Which is a nonsense association and shouldn’t be given any weight, or
(b) if they do keep logs and turn those over to authorities. Which is why companies that have been audited and shown not to collect logs, or, even better, companies that have been tested in court and unable to comply with requests for information, are the VPN providers that should be preferred.
What harm is that?
The only harm I can see is either:
(a) by associating their users with those who use VPNs to do illegal things. Which is a nonsense association and shouldn’t be given any weight, or
(b) if they do keep logs and turn those over to authorities. Which is why companies that have been audited and shown not to collect logs, or, even better, companies that have been tested in court and unable to comply with requests for information, are the VPN providers that should be preferred.
The second. It’s unlikely, but not impossible, for a vpn provider to be compelled to keep logs, either selectively or for everything.