The story begins in June 2023 when we received a letter from the Canadian Department of Justice part of the Mutual Legal Assistance Treaty (MLAT) process, which informed us that I, Yegor Sak, am being charged in Greece for the crime of "illegal access to information system".
This was followed by 100 pages of disclosure which was virtually indecipherable, it might as well have been in Greek (it was). It showed that an IP address that belonged to one of Windscribe's servers in Finland was used to breach a server in Greece.
Given the nature of VPNs, especially ones that value your privacy, some "bad apples" sometimes use VPNs to commit crimes. Some people will say this is why VPNs should be banned, but that's a rather misguided approach. By this logic we should ban cars and hammers, since 0.0001% of owners of those objects choose to hurt people with them, but I digress.
When a Windscribe user does something allegedly illegal, we usually get a subpoena which includes an IP address and a timestamp associated with the alleged crime. We get 5-10 of these per month. Since we're a non-logging VPN service, we state this fact and 99.9% of the time that makes the matter go away since we're not obligated to store logs.
This time, something unusual happened. Greek authorities, with the help of INTERPOL, subpoenaed the hosting provider of the server in Finland in order to get the billing information associated with the account, which in that case was me. This account, much like 100+ other accounts we maintain with various hosting providers world wide, is a corporate account, and the fact that Windscribe, a VPN provider, owns the server is very evident. Nothing that occurred thus far is unusual, and the next step usually involves a subpoena that is sent to our abuse department, and in rare circumstances - a server seizure. None of that happened this time. Instead, they took the only name that appeared on the account, mine, and started criminal proceedings against me personally, as if I committed the alleged crime myself.
Lawyer Up
Although Windscribe has legal representation in Canada, they cannot do much as far as international criminal proceedings are concerned, so we had to retain legal counsel in Greece in order to dispute the charge.
This kicked off a nearly 2 year long process of fighting this in the court of Athens. This as you can imagine is a costly matter (think 5+ figures). It would have been a lot faster (and cheaper) to simply hand over the logs in order to identify the actual culprit behind the alleged crime. However, you cannot hand over what you do not have, so off to court I go!
December 2023
The first court hearing was supposed to take place in December of 2023, where we were hoping to get the case dismissed. Unfortunately, due to a lawyer strike, all cases got pushed forward, so we got a new date in March of 2024.
March 2024
We got our first hearing, it didn't go as planned. We were informed that I now have a co-defendant, in Morocco, and the Moroccan authorities didn't submit the necessary documents for the case to proceed. We tried to separate the 2 cases, however that was not successful, so the matter was postponed once again to April 2025. The wheels of justice do indeed move slowly.
April 2025
On April 11th 2025, I finally got my day in court, and was found not guilty, or rather the case was dismissed. Hurray for justice!
Keep the Pandora's Box Closed
We obviously do not condone the use of Windscribe for any criminal activity. Some crimes are indisputable and universally frowned upon (fraud, hacking, child abuse material, revenge porn, extortion, etc) and we would love to help put people in jail who do these things. However in order to do that, we would have to keep extensive logs, and once those are known to exist, we would have no choice but to cooperate with legal authorities in various countries when it comes to any kind of "crime".
- Insulted Mohammed bin Salman Al Saud's beard? Jail time.
- Compared Xi Jinping to Winnie-the-Pooh? Jail time.
- Spoke ill of Ali Khamenei's glasses? Worse than jail.
- ?????
The law is pretty cut and dry, if you have the data, you must provide it, and if you say you don't have what you do in fact have, guess what? That's a crime, and we would very much be guilty of it - if that was in fact the case.
When we say we don't keep logs, we really mean it. Even if you don't believe our audits, or any of the previous articles I wrote on this subject, believe this simple fact: None of us want to go to prison for a $9 subscription, and keeping logs for multiple years is pretty expensive.
