Which VPNs include warrant canaries, attack disclosure, or law-enforcement data in their transparency reports?
This fact-check may be outdated. Consider refreshing it to get the most current information.
Executive summary
Several major VPN providers publish either warrant canaries, transparency reports that list law-enforcement or government data requests, or both. Examples documented in the available reporting include NordVPN maintaining a historic warrant canary while introducing transparency reports [1], Surfshark publishing a warrant-canary-style statement of “0” gag orders and warrants [2], and multiple providers (ExpressVPN, CyberGhost, PureVPN, IVPN, X‑VPN and others) publishing regular transparency reports that break down legal requests and whether data was disclosed [3] [4] [5] [6] [7] [8].
1. What a warrant canary is — how it’s used and its limits
Warrant canaries are public statements a company updates to declare it has not received secret subpoenas or gagged orders; if the statement disappears or stops updating, users infer a secret order arrived [9] [10]. Reporting notes the mechanism is inherently indirect and can lack detail — absence signals are useful but imperfect because orders can forbid any public change and because canaries rely on timely, verifiable updates [1] [10].
2. VPNs that explicitly publish warrant canaries
Several VPNs run warrant-canary pages or similar declarations: Surfshark publishes a canary-style status showing counts of national security letters, gag orders and warrants as “0” [2]; Perfect Privacy posts a regularly updated warrant canary stating “NO warrants” and similar categories [11]; providers such as Mullvad, IVPN and Proton have historically used canaries [12] [13]. Trust.Zone and SlickVPN also maintain warrant-canary pages or statements in the sources provided [14] [15].
3. VPNs shifting from canaries to fuller transparency reports
Some providers are moving from a single canary signal toward detailed transparency reporting. NordVPN announced it historically used a warrant canary but is adopting a phased approach that keeps the canary while launching fuller transparency reports that describe government inquiries and legal requests in more detail [1]. Proton VPN noted Swiss law limits the meaning of a canary because targets are eventually notified under Swiss procedures and therefore emphasizes transparency reporting [13].
4. VPNs that publish regular transparency reports with law‑enforcement data
Multiple reputable VPNs publish transparency reports showing numbers and types of legal requests and whether data was turned over. ExpressVPN publishes thorough transparency reports listing customer data requests, gag orders and national security letters [3]; CyberGhost posts quarterly reports breaking down legal requests and responses [8] [16]; PureVPN says it discloses how many court orders it received and its responses, and published high counts of abuse and legal requests in 2025 [5] [17]. IVPN provides a transparency report table of valid legal requests [6]. X‑VPN’s 2025 report claims it received law‑enforcement inquiries and DMCA takedowns while reporting zero identifiable user data disclosures [7].
5. What transparency reports typically include — and what they sometimes omit
Transparency reports commonly list counts of government and law‑enforcement requests, DMCA or civil takedown notices, and the provider’s response [18] [5]. Reports sometimes separate warrants or gag orders as distinct categories [4]. But reporting warns that formats vary, categories change (CyberGhost stopped reporting one category after Q2 2024), and some reports stop short of granular case-level details — that variation complicates direct comparisons [19] [10].
6. How to read these disclosures — trust signals and caveats
Regular transparency reporting, frequent updates to canaries, independent audits, and memory‑only server designs are complementary signals of privacy posture [17] [11] [7] [20]. Journalists and auditors caution that a canary’s absence is not definitive proof of a gagged order because legal rules and update cadence matter; readers should cross-check transparency reports with independent audits and jurisdictional risk [10] [20] [13].
7. Practical takeaways for users choosing a VPN
If you want explicit warrant-canary-style notices, sources show Surfshark, Perfect Privacy, SlickVPN, Trust.Zone, Mullvad/IVPN and Proton have used canaries [2] [11] [15] [14] [12] [13]. If you prioritize numerical transparency about law‑enforcement requests and DMCA notices, look to ExpressVPN, CyberGhost, PureVPN, IVPN, X‑VPN and NordVPN’s new transparency reporting [3] [8] [5] [6] [7] [1]. Combine any single disclosure with independent audits and jurisdictional review before concluding a provider’s resistance to legal demands [20] [21].
Limitations of this article: available sources do not mention every VPN and there is no single authoritative list; claims here are drawn only from the provided reporting and each provider’s published pages cited above [2] [1] [13] [15] [11] [14] [12] [3] [4] [5] [6] [7] [8].