Windscribe CEO Says ‘No User Data’ at Risk After Dutch Authorities Reportedly Seize Server

Dutch authorities just seized one of Windscribe’s VPN servers, according to a post on X from the VPN company on Friday. 

The post didn’t include any indication as to what prompted Dutch authorities to seize the server, only that the seizure was conducted without a warrant and that authorities said they would return the server to Windscribe once they “fully analyze it.” But despite how serious the incident might appear at first glance, Windscribe reassured the public that authorities won’t find anything of use on the server that could put its users’ privacy in jeopardy.

Because all of Windscribe’s servers are RAM-only, “the only thing the authorities will find is a stock Ubuntu install,” the company said on X.

Windscribe CEO Yegor Sak told CNET via email that authorities seized the server without explanation beyond wanting it in connection with an active investigation. He said it was possible they wanted to perform a RAM dump, which would capture the server’s memory. 

“However even in the event of it being successful, no user data would be at risk, as there is no user data or any records of active connections in server memory once a network cable is pulled (which it was),” Sak said.

RAM-only servers run on volatile memory, meaning that data is not saved to a hard disk and is completely wiped when a server is powered off or rebooted. As a result, there shouldn’t be anything for Dutch authorities to extract from their analysis of the confiscated server. This is why we always look for VPNs that have a RAM-only server infrastructure or otherwise employ full-disk encryption on their servers to ensure user privacy is properly protected in the event of a server seizure.   

Additionally, Windscribe’s privacy policy states that the company doesn’t keep logs of its users’ source IP, historical record of VPN sessions or anything related to the sites users visit while connected to the company’s servers. Without these logs, there wouldn’t be any useful data on the server for authorities to collect anyway. 

However, no-logs claims are impossible to verify with 100% certainty, which is why we also highlight the importance of regular third-party audits when evaluating VPNs and their privacy protections. Although third-party audits aren’t always foolproof and don’t paint a full picture, they’re important trust signals that can add credence to a VPN’s claims, especially when conducted on a regular basis. 

Windscribe has been audited at a fairly regular clip since 2021, with its latest audit published in the summer of 2024, which looked into the company’s FreshScribe VPN infrastructure. 

Regular audits can make a strong case for a VPN’s privacy, but real-world legal cases arguably make an even stronger case because their timing is not something VPN companies can prepare for. Windscribe encountered such a case in 2023, when Greek authorities charged Sak with “illegal access to information system” after a user misused a Windscribe server to breach a Greek website and send spam emails. However, the case was ultimately dismissed following a lengthy legal battle after Windscribe proved it had nothing useful to hand over to Greek authorities at the time.

“It would have been a lot faster (and cheaper) to simply hand over the logs in order to identify the actual culprit behind the alleged crime,” Sak wrote in a blog post. “However, you cannot hand over what you do not have.”    

‘We get a handful of law enforcement requests every month. And each time we tell them we have no logs,” Windscribe wrote on X in response to the most recent incident involving Dutch authorities. “This time they didn’t ask, they just snatched the server from the rack to look for the logs themselves.”

Windscribe keeps a running real-time tally of the legal requests it receives in its transparency reports. The report states that “zero requests were complied with due to lack of relevant data.”