AnchorFree, a major VPN provider, just released its 2017 transparency report. This lists government demands for user data by country, and the legal mechanism used. Perhaps the most eye-catching figure is that of the 81 formal legal requests received by the company, an astonishing 63 came from the US
For context, the country that sent the second-most legal requests was France, which sent seven. Although AnchorFree — which owns Hotspot Shield — is a US-based company, the vast majority of its 600 million users are based elsewhere.
Do you want to be a cryptocurrency millionaire?
Don't get your hopes up.
The most common type of legal request the company received is a subpoena. 38 requests fit into this category. According to AnchorFree:
“A subpoena is a form of legal process that a government agency, which has been granted authority to issue subpoenas, can use to request limited types of information about AnchorFree’s customers.”
Using this mechanism, a government agency might ask AnchorFree for customer details. This could encompass things like biographical details (names, phone numbers, and email addresses), how long they’ve used the service, and so on.
Over the course of 2017, AnchorFree also received four search warrants, where a judge or magistrate provides legal authorization for law enforcement to access (typically) the company’s servers, plus one court order.
Interestingly, the company received 38 legal requests which AnchorFree has categorized as “other.” This is equal to the number of the more formal subpoenas received by the company, and typically includes things like letters from foreign governments, demands, and requests forms. The majority of these are not recognized under US law.
In all cases, as Anchor Free does not associate IP addresses with user information, it’s not actually in a position to reveal any user information. But this report paints a troubling picture of the scrutiny VPN providers find themselves in. It also closely mirrors the experiences of other companies that have issued transparency reports, like CyberGhost .