CyberGhost VPN Transparency Report 2014

This is an important moment for us and we would like to share it with our readers and users. Being one of the first anonymizing services comes with a responsibility, so we decided it’s time to publish a transparency report of state discovery operations, copyright issues and complaints from website operators and individuals.

CyberGhost_Transparncy ReportTransparency reports of Internet companies are a common thing in many countries, as opposed to transparency reports of VPN providers, for which there are just a few reports available. The reason is simple: many countries have concerns that a disclosure of requests from police and other organizations might endanger ongoing investigations.  The actual numbers of requests by authorities and others can be bad for business, especially if a provider logs their users’ online activity.

Click to view the entire Transparency Report!

CyberGhost_ Transparency Report_Evolution of abuses on Q1

We are proud to say that we are among the world’s fastest growing anonymization services and one of the few with a no logging policy. Today, CyberGhost becomes one of the first VPN companies which provide a statistic insight to their customers about requests received from investigation authorities, economy enterprises and individuals. We plan to update the report at the end of each quarter.

The Transparency Report shows the our received requests from founding (2011) to present. Most requests and complaints are related to alleged infringements of the Digital Millennium Copyright Act (DMCA) such as illegal downloads. But it also contains requests regarding copyright issues, police investigations and different malicious acts which were sent by authorities (investigations) and lawyers (copyright issues) as well as webpage providers, datacenters and individuals, where the latter are usually complaining about spam mails, automatic send mails, cyber-attacks (Botnets, DDoS) and hacking attempts.

This data is shown on our official website.

CyberGhost Transparency Report_Evolution of abuses by typeAccording to data from the company’s Transparency Report, the number of complaints and requests to disclose user data more than tripled year after year: there were 105 requests per 100,000 users in 2013, compared to just 30 requests per 100,000 users in 2012. The number of complaints and requests per 100,000 users received in the first quarter of 2014 is eight times higher compared with the first quarter of 2013, and 20 times higher than the corresponding period of 2012: CyberGhost registered 265 complaints per 100,000 users in the first three months of this year, against 33 complaints per 100,000 users in the first quarter of the previous year, and just 13 requests per 100,000 users in the similar period of 2012.

“When we receive requests to disclose user information, we reply every time that we are a VPN service operating in Romania, so according to the local law we are not obliged to maintain logs, so we do not keep any records, which means we can’t help identify any of our users,” said Ana Schiopu, CyberGhost VPN Product Manager.

Worldwide, the relation of numbers is similar: 2.157 requests about copyright issues, 96 requests concerning malicious acts and 18 requests from police investigations.

Comparing the number of CyberGhost’s total users (3.5 million) with the small number of police investigation requests received in 2013 (18), one could argue that VPNs don’t exist to protect crimes, but instead are here to protect citizens  from crimes, such as hackers, data espionage and violence against their privacy. Today, this is truer than ever, especially after Edward Snowden enlightened the world about the NSA scandals.

Thank you for trusting CyberGhost VPN! We will continue our work for a free and private internet!

16 thoughts on “CyberGhost VPN Transparency Report 2014

  1. On your Privacy Policy, You basically say:

    We don’t keep logs, except we do.
    D:
    “CYBERGHOST may process and use personal data collected in the setup and delivery of service (connection data). This includes Customer identification and data regarding time and volume of use”

    Although this isn’t as bad as straight up logging everything, it still sucks. You could get data about what the person is using the service for by analyzing the volume.

    “CYBERGHOST records, processes, and uses data as required of it by law”
    What if the law requires you to keep some sort of logs?

    Also, when using the cyberghost premium, only a few other people are ever using the same server at a time. If you are a wanted target (like multiple governments wanted you), and they could access the ISP of you and the server, cyberghost’s “protection” becomes rather trivial.

    If you are going to say “No logs”, Don’t have “No logs except for some about how much you are sending, to where and where from.”

    I understand it is hard to run a VPN with a true No Logs policy, but don’t lie about it.
    Be the better company.

    • Hey there.
      thanks for your questions.
      1) We don’t even know any person behind an account. We are talkin about completely anonymous data here. The question about records … etc, required by law, does not refer to user logging, but if e.g. CyberGhost is forced to surveil an already known account (e. g. known as a result of investigations).
      2) The exchange of your IP is always the case, even if you’re the only one accessing a server. The number of parallel surfing users is just a second layer of anonymization.
      3) And finally: We never exposed any user data, because we never logged and won’t do it in the future. Privacy is our business. That’s why our servers got raided some years ago in Germany (to no avail, by the way) and that’s why we don’t allow torrents on US servers (because otherwise we would have been forced to log or to shutdown the servers).

  2. 1. Do you keep ANY logs which would allow you to match an IP-address and a time stamp to a user of your service? If so, exactly what information do you hold and for how long?

    2. Under what jurisdictions does your company operate and under what exact circumstances will you share the information you hold with a 3rd party?

    3. What tools are used to monitor and mitigate abuse of your service?

    4. In the event you receive a DMCA takedown notice or European equivalent, how are these handled?

    5. What steps are taken when a valid court order requires your company to identify an active user of your service?

    6. Is BitTorrent and other file-sharing traffic allowed on all servers? If not, why?

    7. Which payment systems do you use and how are these linked to individual user accounts?

    8. What is the most secure VPN connection and encryption algorithm you would recommend to your users?

    • Hello,

      1) No, we don’t log a thing. We once actually did note the amount of traffic for a proper business, but stopped after CyberGhost went free for all (no traffic and bandwidth limits). However, our privacy policy on our homepage is outdated and does not yet reflect this change – but will soon (if you referred to that one).
      2) We run our business under the Romanian jurisdiction – but since we hold no user data we can’t share any.
      3) No tools. The abuse of our service is forbidden by our business terms – and is in fact very small as you can see in the report. We trust our users not to misuse the service and so far we are pretty fond of them. Of course, our goal is to reach nada requests.
      4) We inform the respective sender that we are sorry, but don’t have any data of our users to hand over.
      5) A valid court order doesn’t change the fact that we don’t hold user data and therefore can’t identify a user. If we were able we would, because CyberGhost doens’t operate outside the law.
      6) Torrents are allowed on most servers except US and russian servers. Since DMCA requests in these countries take place often and since we don’t hold user data we are in constant danger of getting raided, so authorities can proof we don’t log. Option 1 had been to abandon all servers in the named countries, option 2 had been to let us get raided on a regular base and option 3 had been to block torrents. That way we keep the servers and our users can still surf and stream.
      7) We have the usual payment methods and accept also Bitcoins. There can be made no connection between individuals and user accounts.
      8) Soon after the Snowden files we updated all our servers to 256 bit AES (also the free ones). It’s safe and will be so for a long time. The widely used 128 bit AES also is still safe, but we wanted to make sure.

    • For example, when a computer system gets compromised, somebody places spying hardware in one’s house and comes to know your credentials. In fact, a further monitoring might then be senseless and bring no new info about the person …

    • Hey! No, we don’t log. Taking a quote, like the one you posted, outside the context,can be interpreted in many ways, like the one you are implying. But we also say this on the same link:
      “The data CyberGhost VPN stores (the amount of traffic and its timestamps) can not be used to identify a user – which finally means, that the use of an anonymization service by a suspect doesn’t offer any additional evidence as already known.” We never had a case of compromised anonymity of a user, so that should say a lot ;) Also we are currently updating our privacy policy so we won;t leave place to interpretation. Thanks for the comment and for reminding us how vigilant our users are. Cheers!

  3. Unfortunately the “Service and Assistance” offered by the Cyberghost staff is the very worst on earth! As a paying customer, not a “Free user” I have been treated very poorly. “Expect to wait 48 hours for a response” should read “Expect to wait 48 days…..and then a lot more”
    I have decided to write off my payment to CyberGhost as a complete loss, and take my business elsewhere….to a more professional VPN provider.

    • Hi Michael!

      There was an unpredictable glitch in the support platform that caused some e-mail messages to block and that’s why you didn’t get a reply yet. We apologize for the inconveniences created.
      We are working now on a solution with the software providers, that will guarantee this will never happen again.

      The Forum is back online so please write to us about your issues there and we’ll try answer them as fast as possible.

      It’s not a sign of disrespect, we are doing our best to find the best solution. Bare with us.
      Thank you!

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>