A Greek court has dismissed criminal charges against Yegor Sak, the founder of privacy-focused VPN provider Windscribe, in a ruling that affirms no-log policies as a legitimate legal defense — marking a critical moment for infrastructure operators across the privacy tech sector.
The two-year legal case stemmed from a June 2023 incident in which a Windscribe-operated server in Finland was allegedly used to access a Greek computer system without authorization. Greek authorities, assisted by INTERPOL, traced the activity to a Windscribe IP address and, rather than contacting the company for user information, subpoenaed the Finnish data center hosting the server. That inquiry yielded only billing data, which listed Sak as the account holder — prompting prosecutors to charge him directly under Greek cybercrime laws.
The case was officially dismissed on April 11, 2025, with the court citing insufficient evidence and confirming that Sak bore no responsibility for the actions of the VPN user. Crucially, the ruling also accepted Windscribe's no-logs stance, acknowledging that the company could not provide user data it never collected.
Founded in 2016 and based in Toronto, Windscribe is a VPN provider with a global user base. It differentiates itself through a strict no-logs policy and open-source applications, positioning itself as a staunch advocate of online privacy and censorship resistance. The company does not run ads and claims not to track or monetize user behavior — a stance that, in this case, forced it into a prolonged legal defense rather than compliance through data disclosure.
Sak's ordeal highlights the risks faced by infrastructure owners in jurisdictions where digital tools can be misused by end-users. While VPN providers typically receive subpoenas that they address with policy-based refusals, this case bypassed Windscribe entirely. Greek prosecutors initiated criminal charges without any prior contact, and proceedings were delayed for months due to procedural backlogs and a parallel case involving a Moroccan co-defendant. Legal fees, according to Sak, ran into five figures.
The case could have set a troubling precedent had it gone the other way. Charging infrastructure providers for actions carried out by anonymous users would erode the legal viability of no-log policies and impose near-impossible expectations on services designed to protect user anonymity.
The broader concern, as underlined by Windscribe, is that if VPN providers are expected to collect and store user logs, their utility as privacy tools is fundamentally compromised. Logs, once stored, become accessible to authorities, even in countries where online speech is criminalized for political or cultural reasons.
This decision now stands as a rare legal validation of a privacy provider's no-logs policy, offering some assurance to other operators in the field. However, the incident also underscores the need for legal clarity in international cybercrime investigations, especially when infrastructure and ownership span multiple jurisdictions.
For privacy-conscious users and providers alike, this outcome serves as a reminder that the integrity of a no-logs promise may one day be tested in court, and surviving that test may be the strongest proof of all.
Leave a Reply