Short version: I strongly do not recommend using any of these providers. You are, of course, free to use whatever you like. My TL;DR advice: Roll your own and use Algo or Streisand. For messaging & voice, use Signal. For increased anonymity, use Tor for desktop (though recognize that doing so may actually put you at greater risk), and Onion Browser for mobile.
This mini-rant came on the heels of an interesting twitter discussion: https://twitter.com/kennwhite/status/591074055018582016
Again I strongly do not recommend using any of these providers.
Provider / known "Secret" Key
Astril / way2stars
EarthVPN / earthvpn
GFwVPN / gfwvpn
GoldenFrog / thisisourkey
IBVPN / ibVPNsharedPSK!
IPVanish / ipvanish
NordVPN / nordvpn
PrivateInternetAccess (PIA) / mysafety
PureVPN / 12345678
SlickVPN / gogoVPN
TorGuard / torguard
TigerVPN / tigerVPN
UnblockVPN / xunblock4me
VPNReactor / VPNReactor
Yes, I know. Many/most of these offer OpenVPN, or special clients for IPSec. But for all of the above, they are actively placing a significant portion of their user base (particularly those with older Androids and desktops) at risk by not using per-user PSKs. If your threat model is streaming BBC or helping your cousin geo-shift Hulu, go wild and plug into the Mad Max-esque Thunderdome commons and take your chances. If you're a dissident in Tehran or Riyadh, be extremely cautious of any of these providers.
Lastly, a VPN Hall of Shame honorary mention goes to DoubleHop.me
* on general principle for blatant sexism and utter insincerity. Their privacy/legal policy section includes LGBT slurs and literally has your-mom jokes. But even ignoring that, as of this writing, there is virtually zero technical information provided, only YouTube videos apparently intended for 10 year-old boys.
Moral of the story: Don't believe everything you read on, say, TorrentFreak and PCMagazine. And (crucially) think about your threat model—are you guarding against amateur WiFi snoops at Starbucks or Marriott? Reducing identity monetization profiling by ISPs (ie ad tracking)? Minimizing exposure to government surveillance? Trying to be anonymous online? If the latter, a VPN won't help much.
Citations:
https://www.google.com/#q=goldenfrog+thisisourkey Archive: http://archive.is/qlrLK
http://www.gfwvpn.com/?q=node/224 Archive: http://archive.is/EdpFV
https://www.vpnreactor.com/android_l2tp_ipsec.html Archive: http://archive.is/uwJvk
http://unblockvpn.com/support/how-to-set-up-l2tp-on-the-android.html Archive: http://archive.is/4To5Y
http://www.ibvpn.com/billing/knowledgebase/34/Set-up-the-VPN-connection-on-Android-handsets.html Archive: http://archive.is/srptW
https://www.astrill.com/knowledge-base/50/L2TP-IPSec-PSK---How-to-configure-L2TP-IPSec-on-Android.html Archive:http://archive.is/PZpRU
http://billing.purevpn.com/knowledgebase.php?action=displayarticle&id=33 Archive: http://archive.is/R4JTi
https://www.privateinternetaccess.com/pages/client-support/ Archive: http://archive.is/U1bkL
http://torguard.net/knowledgebase.php?action=displayarticle&id=58 Archive: http://archive.is/iKJjl
https://www.ipvanish.com/visualguides/L2TP/Android/ Archive: http://imgur.com/IQU1mdg
http://www.earthvpn.com/android-l2tp-setup-guide/ Archive: http://archive.is/roKtf
https://nordvpn.com/tutorials/android/l2tpipsec/ (scroll down) Archive: http://archive.is/BQumt
https://help.tigervpn.com/support/search/solutions?term=shared+secret+tigerVPN Archive: http://archive.is/xZ136
https://www.slickvpn.com/tutorials/ipsec-for-iphone/ and http://archive.is/h4rI9
*DoubleHop.me: Archive:http://archive.is/G11WQ and http://archive.is/MZgWE and http://imgur.com/Zn5HSIj
This strikes me as rather exaggerated. It's not great that some of these VPN services are providing instructions for using a known IPSec PSK in some cases but I'm going to hazard a guess that the majority of VPN customers are using the native app from their service provider, not following those instructions. In NordVPN's case at least, the Windows app is a wrapper around OpenVPN and the Linux client has Wireguard support, so the IPSec PSK isn't relevant. And even in the worst case where someone's using L2TP/IPSec with a known PSK, it's still better than nothing because IPSec provides forward secrecy if you're not being actively MITM'd. As for no-logs policies, I wouldn't necessarily trust them but "possibly logs" is still better than your ISP which "definitely logs."