Well, a reputated VPN provider today answers the Question and admitted that they sniffed the traffic on one of its United States-based servers in order to catch an alleged hacker.
Proxy.sh, a quality VPN service with no-logging policy, made a surprise announcement:
"We are unfortunate to announce that there have been abuses complaints about hacking activities on our U.S. Illinois 1 node. We have been saddened to learn that these actions were harmful to individuals (human beings). As a result, we will open this node again and monitor it with Wireshark for a period of 7 days.
Torrentfreak noticed that there was no mention of any legal process, court order, police action or other similar outside influence compelling Proxy.sh to do so.
The monitoring was triggered after Proxy.sh received a complaint from someone who claimed they were being harassed by a Proxy.sh user. The VPN provider then allegedly took it upon themselves to try and sort out the problem.
"If you are the hacker, please stop your activities and leave our network. You are not welcome here. Our heaven is reserved for those who are not harmful to other human beings. If you do not leave, we will find you and report your activities to NGO and press officers. For all others, the heaven is still safe for you, dear ones. We will completely remove Wireshark after 7 days and restart the node so that everything is erased (RAM-switch). All other nodes are left unaffected by these actions. Update: Wireshark has now been removed/wiped."
Later Proxy.sh provided the final statement that, "We have decided to install a monitor on our Illinois 1 node so as to locate the hacker. A few hours after we announced this move to our public, the hacker came to us to apologize. We then completely removed the Wireshark installation."
Not all VPN service providers are worth your trust. Some diligently logs your connection times, dates, IP addresses, keep track of how long you're connected, and some even keep an eye on the types of traffic that you send through their networks while you're logged in.
The best defense for user data is a quality VPN service, which will send the data through an encrypted tunnel to a secure inhouse server, hiding sensitive information from potential data thieves.