CyberGhost VPN’s Quarterly Transparency Report

January, February, and March 2022

New year, same strong commitment to online privacy. We are now in 2022, 2 years after the onset of the COVID-19 global pandemic — an event that decisively shaped and changed the digital landscape as we know it.

Though, not much has changed for our mission. We still operate under our strict No Logs policy, and we’re continuously improving our services and staying ahead of the latest cyber threats. And now it’s that time where we disclose exactly what we’ve been doing behind the scenes. That’s right. It’s time for our first Quarterly Transparency Report of 2022.

Read on below and find out how many DMCA complaints, malicious activity flags, and police requests we’ve received in the first 3 months of the year. We’re also letting you know what else we’ve been up to, so make sure you read until the end.

Legal Requests for Q1


This is the number of requests we received from various authorities in the first 3 months of 2022. We group these requests into 3 categories:

          • Digital Millennium Copyright Act (DMCA) complaints
          • Malicious activity flags
          • Police requests

Remember, we have a strict No Logs policy in place. We don’t monitor, collect, or store any data on our Ghosties. We don’t have any user data to hand over to the authorities, and therefore, cannot comply with these requests.

We’re also headquartered in privacy-friendly Romania. According to our local laws, we’re under no obligation to store user activity. Our headquarters also puts us outside of any international surveillance alliance. This means that no other government can force us to change our policies or pressure our authorities to do so.

You are safe with us, and it’s a promise that we don’t take lightly. And since we pride ourselves on our transparent nature, we’ve always made sure to let you know what we do to protect your online privacy. This is why we’ve released transparency reports since 2011, and we were the first ones in the VPN industry to do so.

In 2019, we decided to change our M.O. and put quarterly updates on the Privacy Hub.

January February March
DMCA Requests 29,567 31,251 32,986
Malicious Activity Flags 211 223 243
Police Requests 4 2 3

Compared to last year’s Q4 report, we noticed a 15% decrease in overall requests. Let’s break that down.

Pie chart showing the total legal requests CyberGhost VPN got in the first quarter of 2022.

DMCA Complaints


DMCA stands for Digital Millennium Copyright Act. As the name implies, it has everything to do with protecting copyright and intellectual property. Entertainment companies use this law to protect their intellectual property online. This includes movies, TV shows, books, games, and other forms of media.

Any copyright holder can file a DMCA complaint if one of our IPs was used to share or distribute copyrighted material.

January February March
29,567 31,251 32,986

As usual, DMCA complaints make up the majority of all the requests we receive. This time, they make 99.2% of all requests. While the situation looked similar in the latest edition (99% of total), we can actually see a 15% decrease in the DMCA requests over the past three months.

Chart showing the decrease in DMCA complaints.

You can notice a slight increase in March, which has us wondering if this trend will persist through Q2 as well. Only time will tell.

Malicious Activity Flags


Sometimes, people use the increased privacy CyberGhost VPN offers for nefarious purposes. These acts include DDoS attacks, automated spam email, suspicious login attempts, botnet attacks, and various types of scams.

We get malicious activity flags when authorities let us know that one of our IP addresses was used in one of these attacks. We received a relatively consistent number of these requests.

January February March
211 223 243

Malicious activity flags make up 0.6% of all requests we received. The numbers looked similar in our last 2021 edition, sitting at 1%. In the past few years, this figure has constantly decreased, as we’ve actively taken measures to prevent abusive behavior on our systems: our infrastructure team blocks domains and IPs associated with malicious and illegal activities, and the results are telling.

Chart showing malicious activity flags in the first quarter of 2022.

While there’s still a way to go, our methods seem to keep abusive behavior on the low.

Police Requests


Law enforcement agencies around the world can file a request when a criminal investigation leads them to one of our IP addresses. This request usually reaches the datacenters that store our servers, and they forward the request to us.

In most cases, these requests ask us to hand over any information that could help shed light on a case or identify a perpetrator. This can include IP addresses, browsing history, account usernames, and other details.

Since we have no user data, we have no information to share with the police.

January February March
4 2 3

Police requests routinely make up the smallest percentage of overall requests. This time around, they make up just 0.2% of all requests, but the number remained consistent when compared to our Q4’s 8 police requests.

There isn’t much variation here.

Chart showcasing police requests in the first quarter of 2022.

Russia’s Invasion of Ukraine and Our Server Network

February 24, 2022 is the day Russia started their campaign against Ukraine, attacking cities and civilians. Our hearts go out to all those affected by the atrocities of this war.

CyberGhost VPN is not a political entity, but we are a business that operates globally. While we can’t influence state matters or change any world leader’s mind, we can focus on what we do best: online security and privacy. But the war no doubt had an impact on our service and servers.

Here’s how the situation looks for us.

Our Services Help Russians Bypass Censorship

CyberGhost VPN has always been about helping people access information online free of surveillance and censorship, while protecting digital privacy. We stand in solidarity with Ukrainians but also with the Russians who oppose their government’s actions. We’ll continue to provide unrivaled privacy to those who expose the Russian government’s crimes, and those who want to access information outside the state narrative.

Since the invasion started, the number of people using our Moscow servers has increased considerably. Here we can see the increase from a peak of roughly 2.6k users to 6.41k users.

Infographic showing increased VPN usage in Russia.

Our Moscow servers aren’t physically located within Russian borders. This means that we are under no legal obligation to hand over any data to Russian authorities or allow government officials access to our servers.

We have never signed any contracts with Russian companies, so we aren’t funding Vladimir Putin’s war efforts.

We Moved Our Kyiv Servers

CyberGhost VPN’s network covers servers in Kyiv. Seeing as how the capital city is a main target for the Russian troops, we took measures to secure our Ukrainian infrastructure. We moved it away from the bombing and shelling to Bucharest, Romania.

Physically they are in Bucharest, but virtually they are still in Kyiv and offer access to Ukrainian sites and regional content. They have the same strict 256-bit AES security standard that all our servers have, and don’t record or store any data as per our No Logs policy.

This is a temporary move, but until the Russian army’s hostilities end, we won’t return them to their rightful place.

A New Year, the Same Fight for Online Privacy

Time flies by, but our credo stays the same. CyberGhost VPN will always promote and support an uncensored and free internet culture. We’re also committed to building the best tools to protect your online privacy. And we plan on keeping you updated with our progress so far.

🎯 We’ve Updated the CyberGhost Antivirus Database

Malware and similar cyberthreats keep evolving to cause more damage to your devices and be better at siphoning our private information. We are constantly making sure that our antivirus solution will detect and swiftly quarantine all potential threats.

With the updated database, your system is well protected from all the latest malware forms.

🎯 We’ve Expanded Our VPN Network

We’re always expanding our server number to fit our Ghosties’ needs based on your feedback. This time around due to popular demand, we added streaming-optimized servers for Netflix Canada, Spain, and India. Never lose access to your favorite shows and movies no matter if you travel abroad or you’re on a restrictive network.

🎯 We’ve Helped Ukrainian Refugees Fleeing to Romania

Ukraine and Romania are neighboring countries in Eastern Europe, so when the war broke out, we knew we had to help. We set up a program to host families with children, and we transformed our office into a place for them to stay during the day.

Read our detailed timeline of events right here on the Privacy Hub.

We Released Our 2021 Transparency Report

It’s published on our website under the Transparency Report section. Take a look under the hood, and you’ll find:

    • ➡ A detailed report on how many DMCA complaints, malicious activity flags, and police requests we received.
    • ➡ Key statistics about our infrastructure.
    • ➡ A sneak peek into the team.

In case you missed them, you can also check out the breakdown of our quarterly transparency reports for 2021.

Although it’s been an intense year so far, we still have a lot planned for 2022. Keep up with us on our socials or here on the Privacy Hub to see our releases and updates. Questions? Feedback? Leave them in the comments below.

Until next time, stay safe and secure!

Leave a comment

Write a comment

Your email address will not be published. Required fields are marked*