In a landmark decision, the Athens court has acquitted Yegor Sak, founder of Windscribe, a globally recognized privacy-centric Virtual Private Network (VPN) service. This ruling, delivered on April 11, 2025, concludes a protracted two-year legal battle that has significant implications for privacy infrastructure providers worldwide.
Background of the Case
The legal proceedings originated from an incident involving a Windscribe-owned server located in Finland. This server was allegedly utilized to breach a system in Greece. Greek authorities, collaborating with INTERPOL, traced the activity back to Windscribe’s infrastructure. Diverging from standard international protocols, the authorities initiated criminal charges directly against Sak, bypassing the usual corporate channels.
Legal Proceedings and Defense
Throughout the trial, Sak and his legal team emphasized Windscribe’s stringent no-logs policy. This policy ensures that the company does not monitor or record user activity, thereby rendering it incapable of providing user data to authorities. Sak articulated the broader implications of the case, stating, This was not just about me. It was about drawing a hard legal line around the role of privacy infrastructure providers. As we do not log user activity, we cannot hand over what we do not have.
The court, after thorough examination, found insufficient evidence to implicate Sak or Windscribe in any wrongdoing, leading to the dismissal of all charges.
Global Implications for Privacy Providers
This case has set a significant precedent for privacy-focused technology companies. Typically, law enforcement agencies issue subpoenas to VPN providers when investigating suspected criminal activities. In response, providers like Windscribe inform authorities of their inability to comply due to their no-logs policies—a response generally accepted without further escalation.
However, the approach taken by Greek authorities in this instance deviated from this norm. After subpoenaing the data center provider in Finland and obtaining Sak’s name, they proceeded with criminal charges without first requesting information directly from Windscribe. This bypassing of standard procedures raised concerns about the potential criminalization of infrastructure ownership based on the actions of anonymous users.
Sak highlighted the broader ramifications, stating, This sets a concerning precedent for anyone who owns servers that could be used by others. If upheld, it could have criminalized infrastructure ownership for actions taken by anonymous users.
Windscribe’s Commitment to Privacy
Windscribe’s core philosophy centers on maintaining a free and open internet, devoid of censorship, personal data harvesting, targeted advertising, and geographic restrictions. This commitment is reflected in their strict no-logs policy, which ensures that user activities remain private and untraceable.
Sak underscored the importance of this policy, noting that collecting user logs to assist with legal investigations would fundamentally compromise the trust and utility of a privacy service. He stated, Some say VPNs should be banned because a few people misuse them. By that logic, we should also ban hammers and cars.
Broader Context: No-Log Policies in the VPN Industry
The Windscribe case is not an isolated incident. Other VPN providers have faced similar challenges and have taken steps to validate their no-log policies:
– ProtonVPN: In 2019, ProtonVPN was ordered by Swiss authorities to turn over logs to help identify a user. The company could not comply because there were no logs to turn over. To further substantiate their no-logs claim, ProtonVPN has undergone multiple independent audits. The most recent audit, conducted by security firm Securitum, confirmed that ProtonVPN does not log user data, reinforcing their commitment to user privacy.
– NordVPN: NordVPN has also taken proactive measures to validate its no-log policy. The company has undergone multiple independent audits, with the most recent one conducted by Deloitte in late 2024. This audit confirmed that NordVPN does not log user data, providing users with additional assurance of their privacy commitments.
– Mullvad VPN: In April 2023, Mullvad VPN’s no-log policy was put to the test when Swedish police served a search warrant at their Gothenburg office, intending to seize computers containing customer data. Mullvad demonstrated that they do not store customer data, leading the police to leave empty-handed. This incident served as a strong testament to Mullvad’s strict no-logs policy.
Conclusion
The acquittal of Yegor Sak underscores the legal recognition of no-log policies as valid defenses for privacy infrastructure providers. This case highlights the critical importance of such policies in protecting user privacy and sets a precedent for how similar cases may be handled in the future. As the digital landscape continues to evolve, the commitment of VPN providers to uphold stringent no-log policies remains a cornerstone in the fight for online privacy.
