VPN Guild: Statement in Support of the Global “Defend VPNs” Day of Action

Date: September 25, 2025

As an association of VPN developers committed to a secure, private, and open internet, the VPN Guild joins civil society, technologists, and users worldwide in the Defend VPNs Day of Action. Today’s coordinated mobilization underscores a simple truth: VPNs are essential infrastructure for human rights, economic opportunity, and personal safety online—not loopholes to be closed. We urge lawmakers, regulators, and platforms to protect access to VPNs and to reject measures that, intentionally or not, criminalize privacy, chill free expression, and endanger vulnerable communities.

Why this matters now

Over the past year, proposals and practices that would restrict or stigmatize VPN use have accelerated in both authoritarian and democratic contexts. In the United Kingdom, the rollout of age-verification requirements under the Online Safety Act triggered an immediate surge in VPN downloads (1,000% to 1,800%), illustrating how blunt policy tools tend to drive ordinary users toward privacy tech to preserve lawful access and anonymity.

Public rhetoric has since veered toward “taking a very close look” at VPN usage. UK government statements deny plans to ban VPNs yet—while simultaneously signaling closer scrutiny due to the very increase in demand the law induced. This is a classic policy trap: create incentives to use privacy tools, then frame that uptake as grounds for restricting those tools. That approach erodes public trust and pushes users toward higher-risk workarounds. Some outlets even speculated about outright bans; whatever the politics of the day, we caution that normalizing talk of criminalizing a standard privacy technology sets a dangerous precedent at home and abroad.

Authoritarian copying—and why platform choices matter

In more repressive environments, the stakes are existential. Russia has expanded technical and legal measures to suppress information about and access to VPNs, including at-scale DPI blocking (TSPU), new penalties for sharing VPN-related information or advertising VPNs and waves of demands to remove VPN apps from app stores. These steps directly undermine rights to privacy and access to information, and have been condemned under international human-rights norms.

Corporate choices can blunt or amplify that repression. Apple removed dozens of VPN apps from the Russia App Store in 2024, significantly constraining user access; by contrast, Google appears to have largely resisted recent Roskomnadzor takedown demands. These divergences show that platform policy—and the willingness to resist overbroad, often duplicative or unverified state requests—has immediate, real-world consequences for millions.

The issue is not limited to app distribution. Telegram has recently implemented a ban on VPN advertisements targeting users in Russia—and in some cases reportedly extended this restriction into other markets. By doing so, Telegram effectively cuts off one of the few reliable channels through which users can learn about circumvention tools. This move, while framed as “compliance,” is an instance of excessive and preemptive compliance: Russian law does not explicitly require Telegram to block such ads, nor does it regulate ads outside Russia. Yet Telegram’s decision to over-enforce state restrictions across jurisdictions plays directly into the hands of censors, starving citizens of information about secure technologies.

For millions who rely on Telegram to access independent journalism and civil-society channels, this is not an abstract matter—it is a tangible weakening of their lifelines. By blocking VPN promotion, Telegram unwittingly aids state efforts to isolate populations, undermine dissent, and funnel users toward state-approved alternatives. If replicated by other platforms, such “voluntary” overcompliance will normalize censorship and undermine the trust that platforms have earned as bulwarks of free communication.

VPNs are not a loophole. They are a lifeline.

International standards are unambiguous: encryption and privacy tools enable the exercise of fundamental rights. UN special rapporteurs, the European Court of Human Rights, and digital rights advocates such as Access Now, Article 19, Freedom House, RSF have all affirmed that restrictions on access to information and on technologies that safeguard privacy must be lawful, necessary, and proportionate. Banning tools because they might facilitate unlawful content is no more legitimate than banning printers because they can reproduce prohibited material. The same logic applies to VPNs.

VPNs also protect targets of harassment and violence, from survivors seeking support to LGBTQ+ communities and dissidents evading surveillance. Journalists, human-rights defenders, and election observers depend on secure channels to protect sources and document abuses. In conflict-affected and censored environments, VPNs are often the only viable bridge to independent media, humanitarian resources, and emergency communications. Treating this infrastructure as suspect by default chills legitimate speech and magnifies risk where it is already acute.

Our policy recommendations

To lawmakers and regulators designing safety regimes, we recommend:

1. Affirm the legality of VPN use and prohibit discrimination against users for employing privacy tools. Where age-assurance or content rules apply, build in explicit safeguards that protect the right to use encryption and location-privacy technologies. (Do not convert legal privacy practices into grounds for suspicion.) Recent UK experience shows that sweeping verification mandates predictably drive citizens toward VPNs; this is a feature of human behavior, not a bug to be policed.

2. Apply strict necessity and proportionality tests to any measure that would restrict access to VPNs, protocols, or transport layers. DPI-based blocking, app-store removals, and bans on sharing information about circumvention tools are neither targeted nor proportionate; they undermine rights and public safety.

Our expectations of platforms are the following:

1. Publish all government takedown demands (and legal bases), notify developers promptly, and provide appeal paths.

2. Commit to human-rights impact assessments before geoblocking or de-listing applications, and report aggregate outcomes.

3. Enable resilient distribution. Where local stores are tightly controlled, support alternative, secure distribution channels that preserve update and safety mechanisms for users at risk.

4. Resist “pre-compliance” with vague or extra-territorial demands; where compliance is legally unavoidable, tailor it narrowly in scope and time.

5. Establish special compliance-review procedures for non-democratic governments. Platforms must adopt stricter standards when faced with requests from jurisdictions with poor human-rights records, including mandatory external review, independent oversight, and a presumption of denial for any demand that lacks clear legal basis consistent with international norms. Without such safeguards, platforms risk becoming enablers of authoritarian repression.

6. Protect end-to-end encryption and privacy-by-design, including for age-appropriate design codes. Safety online cannot be built by compelling universal identification; it emerges from empowering users with secure defaults, robust privacy controls, and meaningful redress.

To underscore these expectations, the VPN Guild is sending today a formal letter to Telegram urging the company to lift its VPN advertising ban in Russia and to refrain from further restrictive measures towards VPN distribution on the platform. Restricting visibility of VPNs under authoritarian pressure directly undermines freedom of expression and safety. We ask Telegram to reaffirm its founding commitment to resist censorship and to stand with users, not with censors.

Signed,

VPN Guild

(With thanks to the coalition partners organizing the Defend VPNs Day of Action and to researchers documenting state pressure and platform responses.)