Last week we looked at a number of VPN providers that publish warrant canaries to see just how legally binding they are (or are not).
Since that time Torrent Freak has published its annual VPN provider review, a comprehensive analysis of the privacy and security measures taken by companies to protect customer information. Some of the providers were quizzed over several issues such as where they are based, if they keep logs and if they publish a warrant canary.
We’ve already looked at BolehVPN, LiquidVPN, and VikingVPN. Here’s what several others told TF about their warrant canaries.
Here’s what Slick VPN had to say about warrant canaries, who say it is looking at ways to make its canary specific to each user:
“Yes. We maintain a passive warrant canary, updated weekly, and are investigating a way to legally provide a passive warrant canary which will be customized on a “per user” basis, allowing each user to check their account status individually. It is important to note that the person(s) responsible for updating our warrant canary are located outside of any of the countries where our servers are located.”
Some providers challenged the legal effectiveness of a warrant canary with some being much more skeptical than others meanwhile several companies felt that because they are not based in the US that such a measure does not apply to them.
“Under current Swedish law there is no way for them to force us to secretly act against our users so a warrant canary would serve no purpose,” said Mullvad who is based in Sweden. “Also, we would not continue to operate under such conditions anyway.”
NordVPN made similar remarks as it is based in Panama. “[W]e guarantee that any information about our customers will not be distributed to any third party,” it said. However BolehVPN, in Malaysia, decided to start publishing a warrant notice recently regardless.
It also appears that some providers are hashing out the pros and cons of such a move and many on the list are at least considering a warrant canary.
“We suspect that this will be mandatory for any VPN provider that wants to demonstrate trust, so we are working on our canary now,” says CactusVPN.