Although it’s relatively new on the VPN scene, ProtonVPN is making quite the impression recently. However, if you look through its reviews online, you get a bit of a confusing picture. Some people love ProtonVPN and hail its no-logs policy as a new privacy standard while others believe it’s not as clear-cut as it advertised. To clear things up, I tested the VPN out to answer the question “Is ProtonVPN Safe?”
Is ProtonVPN Safe to Use?
“When you use ProtonVPN, we do NOT do any of the following:
- Log users’ traffic or the content of any communications
- Discriminate against devices, protocols, or applications
- Throttle your internet connection”
So far so good, right?
They do state that they log your email (or ProtonID if you’re a ProtonMail user), support tickets, payment details (specifically, your name and the last 4 digits of the credit card number).
ProtonVPN also logs a timestamp every time you use the service, indefinitely. According to them, the timestamp gets “overwritten each time you successfully log in” and you can ask ProtonVPN to erase it once you decide to no longer continue with the service.
However, I personally find there to be a problem with the information. Let me explain.
No Logs and 4 Different Services?
ProtonVPN offers different services for different levels of users. Here are the 4 types of accounts you can get and their prices:
- Free: access to servers from 3 countries. 1 device per connection. Low speeds.
- Basic: $4 a month. Access to all countries. 2 devices per connection. High speeds. P2P.
- Plus: $8 a month. Access to all countries. 5 Devices. High Speed. P2P. Access to Plus Servers, Secure Core servers, and VPN over Tor servers. Secure Streaming.
- Visionary: $24 a month. Access to Plus Servers, Secure Core servers, and VPN over Tor servers. Secure Streaming. ProtonMail Visionary included.
Looking at the offers, you can see that there is big difference between the different types of accounts you can get. Additionally, ProtonVPN (like all VPNs) has limits to how many devices you can use your account on. In general, that dictates a specific type of data logs that can tell the VPN if you’ve exceeded your allotted device limit or not. A timestamp simply won’t cut it.
The next thing to look at is that fact that different account types have different access to services offered by the VPN. That really means that the account type you’ve subscribed to is also logged.
ProtonVPN – Is It Swiss or American?
Next, we’re going to be looking at where ProtonVPN operates from.
If you know anything about ProtonMail (Mother company of ProtonVPN), you’ll know that it was supposedly made by a bunch of scientists working on the Large Hadron Collider. This doesn’t seem to be entirely true, and the idea that ProtonMail was “born the CERN cafeteria” doesn’t quite match the fact that it was actually “advised by the MIT Venture Mentoring Service and is developed, in part at MIT.”
This doesn’t mean that ProtonVPN doesn’t operate out of Switzerland, because it does (and that’s a good thing). However, half of its team is located in MIT, which is in the U.S. (not a very good thing).
In other words, half of the ProtonVPN team reside in a country with sever data retention laws and live under the jurisdiction of the U.S.
It is a little disconcerting that the idea of a Swiss-based VPN is so prominent while the MIT aspect of the story is conveniently dropped out of the narrative. Again, this isn’t something that makes me trust in the privacy of such a VPN.
Does this answer “is ProtonVPN safe”? Not yet, but it does tilt the bar more to the “no” side.
Is ProtonVPN Safe – Security Features
Now that we’ve covered the Privacy aspect of the VPN, let’s move on to security.
ProtonVPN uses the industry standard AES 256-bit encryption, which is pretty solid. As for the VPN protocols, it only offers OpenVPN and IKEv2/IPSec, which isn’t a hefty amount of protocols but is more than enough since OpenVPN is pretty darn secure.
They also offer “Tor over VPN” and “Secure Core” servers. Now, they do kind of make it seem like the Secure Core servers are this brand new advancement in the VPN world and that no other VPN does the same, but that’s not entirely true. This just means that a select amount of servers offer Double VPN (or a VPN hop, if you will), which is a great feature to have but it’s definitely not unique.
Here’s what ProtonVPN has to say about their Secure Core:
“ProtonVPN’s Secure Core architecture gives our secure VPN service the unique ability to defend against network-based attacks”
I did not add the bold-face in that sentence, that’s exactly how it’s written on ProtonVPN’s website. The truth is it’s not really unique.
This is a great security feature, but it’s definitely something that ProtonVPN did not come up with. So no, it’s not unique.
That being said, if you’re only looking at ProtonVPN’s security features, your answer to “is ProtonVPN safe?” would come up as “yes”.
Is ProtonVPN Safe – Final Verdict
So, what’s the final verdict? Let’s recap what we discussed above. First, ProtonVPN does say it’s has a No-log policy, but I question the transparency of that since there are too many specifications per service that do require some form of data-logs to manage. Next, we looked at ProtonVPN’s claim that it purely operates out of Switzerland, and saw that while it is true, there is missing information. The fact that half the staff is located in the U.S. does not make me feel very secure when it comes to this VPN’s safety. Finally, we looked at ProtonVPN’s security features, which I do have to admit are pretty good. However, it does seem like ProtonVPN tends to exaggerate its uniqueness, especially since it wrongly claims to have a feature no other VPN has.
If you couple that with the high prices and the fact that other alternative VPNs offer a lot more features, I do not see ProtonVPN as a solid choice for me. Is ProtonVPN safe? I would say no, simply based on the fact that it’s not really that transparent with its user base.