Which major VPN providers publish warrant canaries and how often are they updated?
Executive summary
Several well-known VPNs still publish warrant canaries, but practices vary: providers such as Perfect Privacy, Mullvad, IVPN, ProtonVPN and Surfshark publish canary statements (or historically have), while larger commercial players like NordVPN have been shifting toward regular transparency reports even as they maintained canaries during transition; update cadences range from daily/weekly claims by some up to an explicit “at least once a month” for others, and many companies now prefer monthly or quarterly transparency reports instead of or alongside canaries [1] [2] [3] [4] [5] [6].
1. Who still posts warrant canaries and the names readers should recognize
Smaller and privacy-focused VPNs are the clearest canary adopters: Mullvad, IVPN and ProtonVPN are repeatedly listed in industry overviews as providers that run warrant canaries [2], Surfshark maintains a visible canary page on its site [3], and Perfect Privacy explicitly runs a canary [1]; legacy or niche operators such as SlickVPN also publish canary-style pages [7].
2. Update frequency: monthly is common, but there’s no single industry standard
Perfect Privacy states its canary “will be updated at least once a month” [1], and multiple explainers and reviews cite monthly updates as a reasonable expectation for VPN canaries [8] [9], while broader reporting on industry practice notes that many providers are moving toward monthly or quarterly transparency reports—an implicit admission that canary cadence is often monthly or slower [5].
3. Major commercial VPNs are trending away from pure canaries toward transparency reports
Coverage of NordVPN shows this shift: the company announced it would introduce monthly transparency reports while continuing a warrant canary during a transition period, framing reports as “more informative” than a canary and promising monthly updates on inquiries and DMCA requests [6]; PCWorld similarly notes leading providers are replacing or supplementing canaries with monthly or quarterly reports [5].
4. What “publishing a canary” actually looks like in practice and its limits
Providers’ canaries range from a simple “no secret warrants as of [date]” line to a dedicated, regularly updated page; some services embed dated headlines or cryptographic fingerprints as verification (SlickVPN’s approach is an example) [7]. Critics and explainers stress that canaries can be ineffective in jurisdictions that forbid disclosure or where legal orders expressly prevent triggering a canary, and that canaries depend on regular updates—so a monthly cadence can lag real-time events [8] [10].
5. Conflicting policies and legal realities: the Proton example
ProtonVPN highlights a legal caveat: under Swiss law, a warrant canary may be “not meaningful” because targets must eventually be notified through court processes, and Proton therefore publishes summaries of legal requests alongside other transparency measures rather than relying solely on a canary [4]. This illustrates why some major providers emphasize transparent reporting over the indirect signal of a canary.
6. How to read vendor signals and what this reporting leaves unanswered
A posted canary or a monthly transparency report is a public signal but not a guarantee—frequency claims (e.g., “at least once a month” from Perfect Privacy) are company assertions and do not prove coverage in every legal scenario, and industry observers note that many top vendors now prefer transparency reports precisely because they offer context and detail that a canary lacks [1] [5] [8]. The available sources enumerate who publishes canaries and state update rhythms but do not provide a definitive, audited list of every major provider or a comprehensive, up-to-date schedule of each provider’s cadence.