VPN companies have always promised privacy. Canada is calling their bluff.

Swiss-based Proton VPN says it will resist compliance with Canada's Bill C-22, which requires VPN providers to cooperate with government surveillance requests. The standoff highlights growing tensions between privacy services and national security demands.

Here's the context: Bill C-22 is part of a broader push by governments to break encryption and compel cooperation from privacy-focused tech companies. Canada isn't alone - the UK, Australia, and other Five Eyes nations have pushed similar legislation. But Proton is picking Canada as the test case.

Proton VPN operates under Swiss jurisdiction, which has stronger privacy protections than most countries. Their business model is built on not logging user activity and not cooperating with surveillance requests. That's the product: a VPN that actually keeps you private.

Bill C-22 threatens that promise. If VPN providers must comply with Canadian surveillance demands, they're no longer privacy services - they're data brokers with a privacy marketing strategy.

Proton's resistance sets up several possible outcomes. They could block Canadian users entirely, creating a precedent for jurisdictional VPN blocking. They could face legal consequences in Canada, though enforcing penalties against a Swiss company is complicated. Or they could maintain service while refusing compliance and dare Canadian authorities to do something about it.

This is the test case for whether "we don't comply with surveillance" is real or marketing. Many VPN companies make privacy promises that don't hold up under government pressure. Proton is putting their business model on the line.

The technical reality is that if Proton VPN doesn't log user activity, they can't provide it to authorities even if compelled. But governments increasingly demand that companies build surveillance capabilities into their infrastructure - not just hand over existing data.

Canadian VPN users face a choice: trust that Proton will maintain service and privacy, or switch to providers who comply (and therefore log activity). Neither option is great if you actually need privacy protection.

The technology is impressive. The question is whether privacy services can exist in a world where governments demand backdoors, or whether "encrypted" and "private" become meaningless marketing terms.