Unfortunately, this "privacy by policy" is not secure. How can you trust a VPN provider short of being given root access to their server and looking at the logs? Even then, how can you be sure they don't start logging as soon as you leave? VPN providers can see their whole network. They can see your IP address and the sites you're visiting, if they choose to look. That they don't look is just a promise. The whole point of Tor is to send your circuits over independently operated relays, so nobody has a view of the whole network. The entry guard operator can see your IP address but doesn't know which site you're visiting. The exit node operator can see which site you're visiting, but doesn't know your IP address. In the case of a hidden service, nobody knows which site you're visiting. That's not a promise. That's privacy by design. Furthermore, what's the point of hiding your IP address from PayPal unless you're using a stolen account?