With the new promotion going on I was thinking of switching to Windscribe. There’s already a long thread debating whether it should be recommended or not which I haven’t fully read, but one concern mentioned was its Canadian jurisdiction. Privacy Guides’ VPN criteria states:
Company based in a jurisdiction where it cannot be forced to do secret logging.
I’ve generally heard bad things about “Five Eyes” or “Fourteen Eyes” countries but I’m not sure if Canada itself is a disqualifying jurisdiction for things like VPN or email services?
Q: Why didn't you just comment this question under the Windscribe post?
Because I’m interested in discussing whether Canada would be a disqualifying jurisdiction in general for things like email or VPN services, it’s not specific to Windscribe and is only tangentially related.
I don’t know about Canada, but Eyes alliance is a loose agreement between countries intelligence apparatus, and it doesn’t mean they share the same privacy rules.
Also, this requirements doesn’t mean the state cannot secretly ask data about an individual, it means that the company can provide the data it has (PG-recommended VPNs have basically nothing) but can’t be forced to take active steps to get more data on the individual.
I use Proton VPN that are based in Switzerland,I know nothing is totally anonymous,but I just like to use a service outside my jurisdiction country. Not that i’m doing anything illegal or anything like that.I just like the privacy that Proton offers like any other VPN services.
As far as I can tell, CLOUD Act negotiations are still ongoing. It’s unclear to me whether this would make Canadian businesses subject to U.S. key disclosure laws. The Canadian section of the Wikipedia page doesn’t mention an equivalent to the American national security letter which makes me think Canada isn’t currently a disqualifying jurisdiction.
In addition to offering a mature legal system, Canadian laws do not mandate that VPN providers log any data. Windscribe has also permanently engaged a top legal firm for privacy considerations and opinions.
I’d be interested if Windscribe (@yegor) could go into any more depth on any Canadian law that might impact their ability to refuse to log, disclose keys, or implement backdoors, and whether the CLOUD Act might pose a threat to Canadian businesses like Windscribe. For some inspiration, Mullvad does this with Swedish law.
I caution everyone to put away your “internet lawyer” hats and avoid jumping to conclusions based on proposed laws, that are not in effect. Most proposals don’t become laws.
As it currently stands, Canada has no laws on the books that would force a VPN provider to store logs for a specific user (wiretap) or all users. Canada has no NSL equivalents either, or FISA courts.
The current scope of the “CLOUD Act” is alarming, however considering the recent changes in Canadian political landscape (last 3 months and yesterday’s federal elections) I find it highly doubtful that this act will pass as Trump and US in general are a toxic commodity in Canadian discourse and the politics shaped by it. Nothing is impossible, but I find it highly unlikely.
I don’t know Swiss laws as much as I do Canadian, and I personally think Bill S-210 is far more dangerous than CLOUD Act when it comes to Canadian VPNs, and you probably never heard of it.
If there are new laws on the books, that are going to be enforced in Canada that would prohibit us from maintaining our existing (and recently court proven) privacy policy, we will move jurisdictions. The list of such jurisdictions however is shrinking every year…