NordVPN Replaces Warrant Canary With Transparency Reports to Improve Transparency

Todd Faulk
Todd Faulk Senior Editor
Todd Faulk Todd Faulk Senior Editor

NordVPN announced last month that it was transitioning from a warrant canary to detailed transparency reports to inform its users of government inquiries. Many tech firms use warrant canaries to indirectly inform their customers whether or not government or law enforcement agencies have requested access to customer information.

For instance, if a VPN posts every day on its website that it’s received no requests for information, and then one day the notice is gone, that would suggest to users that a request has been received. A warrant canary is designed to circumvent court orders that might prohibit a company from disclosing the existence of a secret warrant for customer browsing information, for example.

NordVPN said in its statement that it’s making the move to build more trust with its users. NordVPN already has a strict no-logs policy that’s been independently audited four times.

However, its security reputation was damaged in 2019 when the company revealed that a server at a third-party data center in Finland had been hacked. The VPN provider informed its users of the breach six months after the fact, and only after the breach was leaked on Twitter (now X). NordVPN assured its customers that none of their data was compromised, that only a single server was breached, and that the server was quickly destroyed.

In its latest statement, NordVPN says the warrant canary approach is outdated and not especially useful to its customers. It will gradually do away with posting warrant canaries and instead post a monthly transparency report on its website.

The transparency report will show the number of automated Digital Millennium Copyright Act (DMCA) requests it has received, the number of inquiries from government institutions, and the number of orders that resulted in the disclosure of user information. Below is NordVPN’s first transparency report for January under this new policy:

  • Number of DMCA requests: 783,751
  • Number of inquiries from government institutions: 35
  • Orders which resulted in any disclosure of user information: 0

NordVPN continues to maintain that it has never received any National Security Letters, gag orders, or binding warrants from any government organization that forced it to turn over customer information.

About the Author
Todd Faulk
Todd Faulk
Senior Editor

About the Author

Todd Faulk is a Senior Editor at SafetyDetectives. He has more than 20 years of professional experience editing intelligence reports, course plans, and online articles. He's a freelancer who has produced work for a wide variety of clients, including the US Government, financial institutions, and travel and technology websites. Todd is a constant traveler, writer of his own travel blog, and avid reader of new developments in science and technology.