CyberGhost has just released its eighth annual transparency report for 2018, where the VPN provider discloses the numbers of user data requests it received from police, law enforcement agencies, website owners, and copyright law firms last year.

Founded in 2011 in privacy-friendly Romania, CyberGhost is under no legal obligation to store user data, which means the company is unable to comply with any requests to hand over such data to the authorities. Since they don’t keep any records, they have nothing to give – at least on that front.

Unsurprisingly, the Cyberghost transparency report itself doesn’t list any additional procedures following the requests. What’s interesting here, however, are the numbers:

CyberGhost transparency report 2018

Looking over the report, we see some peculiar trends about how the numbers of DMCA (Digital Millennium Copyright Act) complaints, malicious activity flags, and police requests have changed over 2018 in comparison to the previous year.

For example, compared to 2017, the number of DMCA complaints declared in the CyberGhost transparency report has fallen by more than a third from 42,805 to 27,747 in 2018. Presumably, it’s the result of CyberGhost’s decision to tackle copyright issues by allowing its 30 million customers to use its servers for torrenting exclusively in countries with lax copyright regulations.

Malicious activity flags, on the other hand, have risen sharply – from 7,876 to 11,116 – in 2018. These are generally sent by app devs and website owners due to DDoS attacks, botnet activity, and spam emails coming from CyberGhost server IPs. The VPN company tries to prevent these attacks from happening in the future by blocking access to the IPs under attack, barring further attempts to exploit the addresses.

As we can see, police requests also saw an increase in 2018. A massive 117% increase from 17 to 37 in 2018, to be exact. According to the CyberGhost transparency report, police requests generally include inquiries from law enforcement agencies to provide information about IPs linked to investigations or court cases. Despite the huge spike in police requests, CyberGhost had to leave the authorities empty-handed due to their strict no logs policy.

Sharing an annual transparency report about not complying with government requests is a great initiative and we certainly encourage every other VPN to follow suit.

That said, some concerns about the VPN’s commitment to privacy remain, such those we’ve covered in our CyberGhost review, including sending anonymized user connection data to third parties. Had CyberGhost included these numbers in the report, perhaps we could finally read the word “transparency” in the title unironically.