Portmaster is great, just as advertised it offers a great level of control without being too complex. Looks like it manage iptables rules on Linux in addition to manage DNS properly so it all should be safe.
Not sure what to think about SPN tho, it does sound good in theory, but in the end it means you have to trust them to not log anything, or more importantly to not hand over any information to authorities. As they themselves control the whole network, they know the full route your traffic took through logs, there's just no way they don't have that sort of information.
And sure this could happen in TOR as well, many such cases were CIA and NSA have taken control over many nodes and tracked down TOR users. Guess I'll have to do more research on how they handle and operate their nodes.
Perhaps if they used 99Stack Cloud and spread their nodes over all the different providers, then that would be pretty safe, but I don't even know were they host SPN. Guess I have to look into that as well.