Of course the likes of Apple and Google are complying with lawful orders from the governments of countries they do business in.
Businesses that don't generally cease operating in said country. LavaBit was a highly visible instance of a business shuttering itself instead of complying with such lawful orders.
That's also the ploy of basically every VPN provider out there. They say they don't store or give out data, but they still adhere to lawful requests. That necessarily includes requests from countries where they legally offer their service, even if their HQ is in some country with lax legal frameworks. It also means, if there is a legal way to coerce them into recording your data or handing it over, they will do so.
https://www.pcmag.com/news/nordvpn-actually-we-do-comply-wit...
They also mentioned they only respond to court orders (ie. not just because the cops asked nicely), will try to appeal as well. That's better than most ISPs, who would either give up data without a court order, or won't bother appealing.
The problem is that there may be perfectly legal gag orders (issued by a court) that force them to comply to normal police requests - and you would never even know. NordVPN in particular removed their warrant canary without informing their users and only gave some retroactive PR answer when people rightly started to freak out.
The simple truth is that if a VPN provider hasn't been shut down by authorities after more than a year (like VPNLabs was), then they are basically guaranteed to be giving out your data to authorities at this point. The legal situation in most western countries does not allow complete online privacy for normal, law-abiding citizens.
>The problem is that there may be perfectly legal gag orders (issued by a court) that force them to comply to normal police requests - and you would never even know.
Are there any VPN providers that claim they'll take the metamorphic bullet for their clients? I feel like you're setting up unrealistically high expectations where a VPN is like "we don't log or sell your data!", and you retort with "yeah but what if you get a secret court order or the government threatens your family?". I think nordvpn's response is consistent with what reasonable people's expectations are. Otherwise you can apply this logic to all sorts of interactions and find it quickly breaks down, eg. talking to a friend:
>"do promise you won't tell anyone?"
>"yes"
>"yeah but what if government subpoenas you, and grants you immunity so you can't plead the fifth?"