Yegor Sak, the Co-founder and CEO of Canada-based Windscribe VPN, couldn’t believe his eyes when he received a letter from the Canadian Department of Justice informing him that he was being charged in Greece for the crime of “illegal access to an information system.”
“We do receive quite a few subpoenas every single month, but this has never occurred before. It was extremely unexpected. They just wanted to get a person as quickly as possible,” Sak told TechRadar, explaining that the charges were in connection with an alleged internet offence perpetrated by an unknown user in June 2023.
Two years later, the Windscribe case was dismissed by an Athens Court on April 11, 2025, in a landmark victory for no-log VPN services. This comes, however, as lawmakers worldwide keep considering new laws that could expand current data retention obligations for Windscribe and some of the best VPN providers alike. We talked with Sak to understand what’s at stake.
Yegor Sak
Since founding Windscribe in 2016, Yegor Sak has upheld a bold principle: collect only the data essential for service operation. A passionate advocate for online privacy and free expression, Sak promises to build products that prioritize users over ad networks or governments.
A slippery slope
The Windscribe case is a clear example of the ongoing tensions between law enforcement and privacy-preserving technology.
You may have heard about the idea of creating a backdoor into encrypted messaging apps. This stems from police officers arguing that this level of privacy interferes with criminal investigations, de facto preventing them from catching the bad guys.
Stricter requirements for tech companies to keep details about how customers use their services are another side of the same debate.
Put simply, law enforcement bodies increasingly want a lawfully accessible record of who does what on the internet to fight crime and, especially, protect children online. Yet, tech experts have long argued that these obligations would end up harming the privacy and security of everyone instead.
This debate is especially flaring up in Europe lately.
Although digital privacy advocates managed to save encryption in France yet again last March, online anonymity and secure encryption are now at risk in Switzerland, a country once praised for its great commitment to citizens’ online privacy. If passed, these new obligations will make the work of Swiss no-log service providers like Proton VPN, Proton Mail, NymVPN, and Threema impossible.
On a wider level, after trying to pass a proposal to scan all people’s chats in the lookout for child sexual abuse material, the EU has now unveiled a new plan to deal with encryption and no-log software. ProtectEU is the first step in the EU Commission’s strategy to secure lawful and effective access to data for law enforcement across the bloc.
“For VPNs to be able to help such governments catch the bad guys and protect children online, providers have to do extensive logging and collect data on all users, including their identities and everything else [they do], which is a problem,” said Sak.
As Sak points out, Canada is currently free from laws that would require Windscribe and similar services to store any details about their users.
Yet, “there are proposals of all kinds of silly stuff,” Sak told TechRadar, adding that what he’s most concerned about at the moment are those linked with age verification requirements.
For example, many US States have so far enforced age verification laws to prevent minors from accessing harmful content online, including adult-only content. To do so, these laws require online service providers to collect vast amounts of personal identifier data, such as government-issued identification.
Privacy experts have strongly criticized US age verification requirements, warning that these laws put everyone’s privacy at risk. From his side, Sak is also worried about how VPN services may become the next target of this legal battle to get rid of online anonymity.
He said: “It’s a fairly slippery slope because you could use a VPN to access a prohibited website. That means that VPNs are potentially making this content available to minors. So, why shouldn’t a VPN be subject to the same laws? This will defeat the whole point of using a privacy-oriented VPN.”
While VPNs may be able to disguise the source of your internet activity, they are not foolproof—nor should they be necessary to access legally protected speech. https://t.co/rmZHsmDzZkJanuary 19, 2025
“If such a law were to be passed in Canada, we would have no option but to move to a different jurisdiction, because we would not be able to operate under our existing privacy policy,” Sak added.
More data, more problems
What all these legal efforts have in common is that they could require tech providers, including VPN firms, to change their current infrastructure and policies to keep a track record of all users’ identities and activities that law enforcement can access whenever they need.
Let’s forget for a second the inherent security risks of recording all this sensitive information – hackers could breach these details, for example. Let’s also forget about the possibility of US or EU police officers misusing these powers to better surveil citizens.
The elephant in the room here is that countries across the world have very different takes on what constitutes a crime online. Authoritarian countries are used to regularly persecute people for their political affiliations, religion, or sexual preferences.
So, what will happen when using a privacy tool like a private virtual private network (VPN) or secure email service cannot ensure that your activities won’t be traced back to you?
“Once you have the data, you have to cooperate with everyone,” Sak told TechRadar. “This means a lot of people could end up in jail for activism, for sharing some memes, or for being a whistleblower.”
What’s next?
Windscribe’s Greek Court case is yet another example that, despite the global push to reduce online anonymity to fight back against crime, judges are still recognizing the importance of no-log VPNs.
Such a principle may be the reason why EU lawmakers still cannot agree on the so-called Chat Control proposal to scan all citizens’ chat after 3 years in the making.
That said, VPN providers are increasingly at a crossroads of this debate across Western democracies. Take the age verification laws expanding from the US to Europe now. Take the fact that some EU experts even mentioned VPN as a key challenge to the investigative work of authorities, alongside encrypted messaging apps, for the first time last March.
The road is still long and may be bumpy, but what Sak learned from his troubles in Greece is that fighting is all worth it.
He said: “It’s hard to say what kind of precedent this [case] sets, if any. But my biggest takeaway is to never accept these things and always fight to the end, even though it takes time, it takes money, and some nerves as well.”
You might also like
https://cdn.mos.cms.futurecdn.net/HXjwb27v3qiaB8u9JLsKiT.jpg
Source link
chiara.castro@futurenet.com (Chiara Castro)
