VPNs have become a huge market in recent years, with all of them offering essentially the same service but branded differently.
I've talked about VPNs before and how you likely don't need one if all you care about is "privacy". Otherwise it has some usecases for like downloading torrents or accessing geo-blocked content but that's about it.
To synthesize, the VPN owners can see what you do instead of your ISP when you use a VPN. You better trust that they don't keep logs and encrypt your traffic.
Who do you trust more, some VPN company, or your ISP? That's a personal question only you can answer.
Privacy and "security" is what VPNs advertise heavily on. Security is nonsense from their part; there is no additional security to using a VPN. NordVPN for example likes to talk about the evil hackers in starbucks that will hack your wifi, but that literally never happens (not never never but not enough to justify paying them money for it).
In any case, all VPN rankings omit one very important fact: fed involvement. that's security 101.
The CIA controlled an encryption company for decades (established after WW2): Crypto AG. They sold encryption machines to embassies around the world under this name, and it was only found out they were CIA in the 2010s.
We've known since Snowden about backdoors in Windows that allow the NSA to bypass encryption and spy on anyone they want.
And it's a very glaring issue. Look at any of those rankings and they'll talk about privacy and encryption protocols, and never once mention potential fed involvement or other causes for concern.
Even worse, if they do talk about it, they often talk about "Chinese" involvement. How the fuck did the discourse get so bad in just 10 years? They don't even have anything to back it up. Meanwhile we have evidence of NSA and CIA involvement in encryption and surveillance.
NordVPN especially is strange. They advertise a LOT and always sell at a discount (which makes the VPN cheaper than most competition). ProtonVPN too, I don't trust anything Proton ever since they surrendered info to the feds about one of their clients (an eco-activist). Secondly they are a "Swiss" company like Crypto AG, but were not founded by Swiss people.
So again, who do you trust more? Some VPN company trying to sell you a product under false pretences, or your local ISP company?