VPN services have become an important tool to counter the growing threat of Internet surveillance. Encrypting one's traffic through a VPN connection helps to keep online communications private. But, what if your VPN service is compromised by a gag order? This is a question many Proxy.sh customers are asking themselves.

Millions of Internet users around the world use a VPN to protect their privacy online. One of the key benefits is that it hides one’s true IP-address from third-party monitoring outfits, countering a lot of unwanted snooping.

However, law enforcement is not always happy with these services and in extreme cases can compel VPN providers to start logging internal connections to catch a perpetrator.

This is what appears to have happened to Seychelles-based VPN service Proxy.sh. Earlier this month the company excluded one of its nodes from its warrant canary.

“We would like to inform our users that we do not wish any longer to mention France 8 (85.236.153.236) in our warrant canary until further notice,” the company announced on its website, and via email to its customers.

Proxy.sh’s warning



The warrant canary states that no warrants, searches or seizures of any kind have been received, but this is no longer true for the French node. The fact that this has been announced indirectly suggests that the company is not allowed to communicate about it publicly.

TorrentFreak reached out to Proxy.sh hoping to get some additional information. While no further details were provided, the VPN provider strongly advises its users not to connect to the ‘compromised’ node.

“We recommend our users to no longer connect to it. We are striving to do whatever it takes to include that node into our warrant canary again,” Proxy.sh says.

“The warrant canary has been particularly designed to make sure we could still move without being legally able to answer questions in a more detailed manner. We are happy to see it put to use after all and that our users are made aware of it,” they add.

The announcement will come as a shock to most Proxy.sh users and many will be wondering what they should do next. A good question, but unfortunately not one with an easy answer.

Leave or stay?

Some users may be inclined to leave. Why stay with a VPN provider that’s partly compromised if there are many other alternatives out there? This is a logical and understandable response.

On the other hand, one can also value Proxy.sh’s transparency in the matter. The company takes its warrant canary seriously where other VPN providers, with or without a warrant canary, may have stayed quiet.

Ironically, the fact that Proxy.sh received a gag order increases the trustworthiness of the company itself, although that comes at a price.

We suspect that there are only a few VPN providers that would suspend their operations “Lavabit style” on receipt of a narrowly targeted gag order that doesn’t compromise its service as a whole. Considering the fact that only one node is in question, the request does appear to be rather targeted in this case.

It’s also worth keeping in mind that many large Internet companies including Google and Facebook receive gag orders on a regular basis. Most users have no clue that this is happening, and others simply don’t care.

Trust?

VPN users who would prefer their VPN provider to shut down instead of complying with a gag order should leave, that much is clear. But how do you know that the next choice will be as transparent as Proxy.sh?

As is often the case it all boils down to trust. Do you trust your VPN provider to handle your private communications carefully, and to what degree does a gag order on one of the nodes change this?

How one answers this question is a matter of personal preference.

Most of our questions to Proxy.sh remained unanswered, presumably due to the court order, but the company was able to provide some additional details on their compliance with orders from various jurisdictions.

While the company is incorporated in the Seychelles, it also complies with orders from other jurisdictions it operates from.

“Our company respects the law everywhere it operates, but it still has the option to cooperate fully while ceasing any further operations in any specific jurisdiction,” Proxy.sh says.

“Depending on the level of threat to our users’ privacy and according to our legal advisers, we take the decision to bring updates to our warrant canary either for a specific node or for a whole country.”

So what would you do in this situation?