Case dismissed. These were the welcomed words heard by Windscribe founder Yegor Sak, and ones that marked the end of a challenging, almost two-year-long legal battle.
In an uncommon move, Sak himself had been taken to court in Greece and charged with the crime of "illegal access to information system" – despite the alleged offence being committed by a Windscribe user. However, Sak could not provide evidence, because Windscribe had not collected any data on the user.
The result is in line with the provider's "no-logs policy," and this was a significant factor in the case's outcome. In turn, it has important ramifications for the VPN industry.
It shows authorities can't mindlessly go after VPN providers. But it also shows providers need to ensure they're following their no-logs policies and prepare for them to be examined.
Independent audits verify these claims and assess them inline with the provider's privacy policy. Having them proven in court is even better.
To be considered as one of the best VPNs, a verified no-logs policy is non-negotiable.
The policy is a promise that your browsing history, identifiable personal data, or internet activity is never stored or shared. A no-logs VPN provides maximum privacy and security when surfing the web.
Windscribe's recent legal case has highlighted how important a no-logs policy is. Its importance can be felt not just by Windscribe, but the VPN industry as a whole.
A bittersweet experience
"A bittersweet experience" is how Yegor Sak described his recent legal case. He shared how being charged for a crime he didn't commit, in a country he'd never visited, was a "stressful and challenging" experience.
However, he found the positives, saying Windscribe's no-logs policy was "unequivocally validated" in a way no independent audit ever could.
Authorities discovered that an IP address belonging to a Windscribe server in Finland was used to breach a Greek server. However, Windscribe could not hand over any data relating to the alleged crime because it hadn't been collected in the first place.
The outcome has unequivocally validated Windscribe’s no-logs policy in a manner that no third-party audit ever could
Yegor Sak, Windscribe VPN CEO and founder
In a blog post, Sak stated how the law is "pretty cut and dry" and if you have the data, you must provide it. If you're found withholding data that could be handed over, you're in big trouble.
Windscribe's last independent audit was undertaken in 2024, but although audits are an excellent way of adding weight no-logs policies, they aren't 100% foolproof.
This is why having a no-logs policy proven in court means so much, and it should reassure all Windscribe users that their data is secure.
Sak described a robust no-logs policy as "the cornerstone of any privacy-focused VPN service." He said how "without it, a VPN cannot credibly claim to protect user privacy."
Even under legal pressure, your data will not be compromised – and it's not just Windscribe that can prove this. Private Internet Access (PIA) had its no-logs policy examined in court in 2016, 2018, and 2020 – in all cases it successfully showed no data collection.
In 2023, Swedish police searched Mullvad VPN's offices with the aim of seizing computers containing customer data. This data did not exist and the police left empty-handed.
Providers with verified no-logs policies
You don't want to go to the trouble of hiding your data from third parties and hackers, only for your VPN provider to store this information instead. Many VPNs claim to never store your data, but how many can actually verify this?
Listed below are some reputable providers with proven no-logs policies and when an audit was last completed. This isn't an exhaustive list, but covers most of the major providers.
- IPVanish - February 2025, its second audit
- NordVPN - December 2024, the fifth audit conducted
- Proton VPN - July 2024, its third consecutive annual no-logs audit
- Windscribe - June 2024
- Private Internet Access - January 2024, the second audit conducted
- CyberGhost - January 2024, its second audit
- ExpressVPN - December 2023, the eighteenth audit in a two year period
- Mullvad - June 2023, the third audit. We'd also like an update, but it has completed a number of other security audits since
- Surfshark - Audit conducted in 2023, however we'd prefer an update to this
The majority of these providers publish their audits online, but not all of them were easy to find.
The audits can be published along with transparency reports. These reports often detail the amount of data requests received by a provider and how much of that data is shared. Spoiler alert: it's almost always zero.
It's important to note the difference between no-logs and zero-logs policies. No-logs policies may store the email address you sign up with and the billing information used to pay for the VPN subscription, and often anonymized, aggregated usage data.
For example, Windscribe collects usage data over a 30-day period to enforce its Windscribe Free monthly data limit. However, Windscribe doesn't require an email on sign up – neither does Mullvad.
Zero-log providers collect and store nothing. NymVPN and Obscura VPN are two newer providers who claim to be zero-logging VPNs, but neither has undergone an independent audit yet.
A rise in legal cases?
The potential rise in legal cases involving VPNs or privacy activists is a growing concern, and Sak believes it's "highly probable" we will see a further increase in the coming years.
In recent months we have seen the French broadcaster Canal+ pursue a number of VPN providers, and changes to Swiss encryption laws have been proposed.
Sak said these anti-encryption laws "risk weakening the security infrastructure of the entire internet."
"These initiatives often lack input from technical experts, relying instead on policymakers who may not fully grasp the long-term consequences of their proposals," he said.
"This growing regulatory push threatens to erode the very protections that users rely on, and we anticipate further challenges as governments seek to balance security with control."
A no-logs policy means none of your personal data is collected, stored, sold, or shared. But it's worth understanding what data this is referring to, so here are some examples:
Connection Logs: Details of the VPN server you connect to
Usage Logs: Your online activity, including browsing history
IP address Logs: Your connecting IP address
Timestamp Logs: Records of when you connect/disconnect from a VPN server
Bandwidth Logs: The amount of data transferred through the VPN
Referring to his case in Greece, Sak liked to think it was a "well-meaning attempt to address cybercrime that missed the mark due to a lack of technical understanding" – and this is where problems arise.
Both Tom's Guide and Windscribe condemn the use of VPNs for criminal purposes, but we have to accept that some "bad actors" will take advantage of privacy technology. Attacking VPN providers and the technology they provide is not the answer, and doing so puts our right to privacy at risk.
"Privacy activists must emphasize that sacrificing anonymity to catch a handful of bad actors would undermine the fundamental protections that millions depend on daily," Sak said.
"It is not about enabling wrongdoing but about preserving the right to free expression and access to information in an increasingly surveilled world."
However, should there be a rise in legal cases against VPNs and privacy advocates, Sak believes there's a silver lining.
Successful defenses, like that seen in Sak's case or that of PIA, "establish critical legal precedents that can deter frivolous or overreaching prosecutions in the future," he said. Predicting the future is impossible, but "each victory strengthens the foundation for protecting user privacy and reinforces the legitimacy of privacy-focused services."
Be prepared for data requests to rise
Data collection is on the rise. Whether it's from Western governments or big tech companies, your data is sought after and we must prepare for requests to increase.
This is why having a VPN with a proven no-logs policy is so vital. The data can't be collected if it isn't there and privacy activists must stand firm in the face of any attacks on our freedoms.
Subscribing to a reputable, private, and secure VPN, one with an independently audited no-logs policy, is the best way to protect you and your data.
It is the responsibility of VPN providers to regularly complete these audits and be transparent about their data practises. We can then stand firm against unjust overreach and intimidation by authorities and stand firm in our beliefs that online privacy is a right for everyone.
Disclaimer
We test and review VPN services in the context of legal recreational uses. For example: 1. Accessing a service from another country (subject to the terms and conditions of that service). 2. Protecting your online security and strengthening your online privacy when abroad. We do not support or condone the illegal or malicious use of VPN services. Consuming pirated content that is paid-for is neither endorsed nor approved by Future Publishing.
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
