Back in 2017, NordVPN published a blog post that also serves as a warrant canary. It updates the post daily to say something like,
As of 2022-01-22, we:
* Have NOT received any National Security letters;
* Have NOT received any gag orders;
* Have NOT received any warrants from any government organization.
While updating the warrant canary section of the blog post to assure users, it was also apparently stealth editing the claims for its service.
In the original 2017 blog post, NordVPN claimed,
NordVPN operates under the jurisdiction of Panama and will not comply with requests from foreign governments and law enforcement agencies
On January 19, 2022, however, NordVPN updated that to read,
NordVPN operates under the jurisdiction of Panama and will only comply with requests from foreign governments and law enforcement agencies if these requests are delivered according to laws and regulations.
First, NordVPN’s 2017 claim that it wouldn’t honor requests from foreign governments and law enforcement agencies was laughable on its face, and the company had to know that its claim was nonsense.
Second, its new explanation of when it is required to comply with requests from foreign governments and law enforcement agencies is still ridiculously vague.
Finally, NordVPN chose to quietly update a 2017 blog post rather than be transparent about its obligations under Panamanian law.
When VPN companies show you who they are, believe them.