No system is safe, no method is bulletproof.
VPN ads try to convince you that your online security is at risk and that only they have the cheapest, safest, best solution on the market. This is fearmongering and has absolutely no real facts backing it up. It is true that by not using a VPN, tracking companies have an easier time following your every step through the interwebs. The claim that your security is being compromised is a lie though, let me break down this scam for you.
A company with your privacy and best interests in mind should set an example on how to treat customer data. They should also try to be independant and to reside in a jurisdiction with strong privacy laws. The seemingly endless selection of different VPN providers and their thousands of locations, hundreds of countries makes you think it does not matter who you choose, as long as they are cheap and private. But this first look is misleading, if you start investigating each and every company you will stumble upon multiple disturbing trends. Starting with, all mayor VPN companies are owned by 3 organizations. And here they go:
And more that I missed.
Every single one of those big 3 has security labs and numerous other very suspicious things attached to them. Like how every one owns a review outlet that gives their own VPN a high score. How they provide both a VPN service and web traffic analytics. If that is not a conflict of interest, I don't know what is.
Short answer: No VPN is good.
Long answer: Any mainstream VPN with ties to big companies should be avoided out of conflict of interest. Futhermore, research the VPN and its company before purchasing it, read Reddit reviews, check payment methods, check what information they collect, etc.
Using only a VPN will not keep you safe by itself. You need to practice proper OpSec and use further protective layers like Tor and I2P. Even then, there are advanced methods to track users. A VPN nowadays is just a feel good about yourself purchase and does nothing to protect you. Every tracking company can and will track you beyond a VPN using your OS, browser, DNS/WebRTC leaks, user accounts, browsing patterns, etc.
If you are not doing anything inherently illegal, you do not have to worry about a VPN, you will be tracked either way. Harden your OS and make the data they obtain worthless instead of investing money into a useless service.
Torrenting has become such a widespread "issue" that ISPs, especially in the US send threatening letters to people, telling them that they will be sued. Of course, that will never happen and has no legal basis. 9 / 10 times if they take you to court, they are trying to make an example out of you and will fail.
If you want to be reasonably safe while downloading material of questionable legality, use Tor, yes it is slow but it opens up access to the entire internet unlike I2P.