Alternative Choices for You
Swiss-based Proton Technologies AG has now also introduced a Virtual Private Network (VPN) service. Given the deservedly good reputation of ProtonMail, it is not surprising that expectations for ProtonVPN are very high. Read on to find out if ProtonVPN lives up to these expectations!
ProtonVPN offers four distinct plans, each of which offers a 20 percent discount if you purchase an annual subscription (except for the Free VPN plan, of course), or a generous 33% discount if you buy a 2-year subscription.
ProtonVPN won our Best Free VPN 2021 Award for good reason. Unlike most other "free" VPNs, it provides a largely unlimited service which is so good that many users may feel no need to upgrade to a more premium plan.
The primary limitation is access to only seven VPN servers, located in Japan, the Netherlands, and the United States.
There are no bandwidth or speed limits, although the inevitable increased load on the free server's means that speeds are not as good as when using ProtonVPN's premium servers (at least in theory – in practice we found free servers to be almost as fast as the premium ones!).
Free users cannot use this VPN for torrenting. Only one simultaneous connection is allowed, but there is nothing to prevent you from signing up for multiple free accounts.
In the past, it was necessary to verify free accounts with an SMS message sent to your phone, so we are pleased to note that it is now possible to verify accounts using just an email address. And a disposable email address works just fine for this.
The main limitations for most users with this plan are only two simultaneous connections and no access to ProtonVPN's special streaming servers. You otherwise get access to most of ProtonVPN's high-speed standard server network, including servers where P2P torrenting is allowed.
This is the primary plan with 5 simultaneous connections and access to all of ProtonVPN's features, including Secure Core, Tor over VPN and additional content unblocking powers.
This is the Plus plan with a subscription to the ProtonMail Visionary Plan and an additional five simultaneous connections thrown in. It has to be said that the Visionary Plan does not make strong economic sense for most users when you look at the regular pricing for ProtonMail, so is probably only likely to appeal to businesses and those who wish to support Proton above and beyond the call of duty.
If you sign-up for the Free Plan then you get offered a 7-day 100% free trial of the Plus plan. This is fantastic because getting a free VPN trial without entering credit card details is scarce.
ProtonVPN accepts payment via card or PayPal. It is also possible to pay via Bitcoin once have an account. Not so well advertised is the ability to pay in cash or via direct bank transfer if you contact support.
Supported Payment Platforms
ProtonVPN offers various plans with higher-priced plans providing access to a greater number of features, as shown below:
This is a review of ProtonVPN's "Plus" plan. This provides full access to all of ProtonVPN's mainstream features:
- No logs (see the Privacy and Security section below for full details)
- Up to 10 simultaneous connections
- P2P torrenting allowed on selected servers (including US servers)
- Full access to all 1048+ servers in over 54 countries
- Full access to Secure Core and onion servers (Plus and Visionary plans only)
- Tor over VPN (Plus and Visionary plans only)
- Transparency report and warrant canary
- Unblocks US Netflix and many other services (paid plans only)
- Open-source apps
- Alternative routing through third party networks (optional)
All servers used by ProtonVPN are bare metal single–tenancy physical servers. To deal with a surge in usage thanks to the COVID-19 crisis, ProtonVPN has increased its server capacity. Proton is also donating spare computing resources to [email protected], a project run by the University of Washington that predicts the atomic-scale structure of important coronavirus proteins.
This is a "double-VPN" feature aimed at protecting users from time correlation attacks, which just means monitoring connections as they enter and leave a server in order to correlate them with behavior of interest on the internet.
Such attacks are difficult to pull off anyway, but routing connections through two servers located in different jurisdictions makes an already hard job even harder.
It is still possible to perform traffic analysis on the initial Secure Core server, but ProtonVPN has mitigated against this by locating these only in countries with very strong privacy laws and by protecting them with a very high standard of physical security.
Furthermore, "Secure Core servers are connected to the internet using our own dedicated network with IP addresses that are owned and operated by our own Local Internet Registry (LIR)."
Secure Core is undoubtedly unnecessary overkill for the vast majority of VPN users but does provide meaningful extra privacy for those concerned about targeted surveillance from state-level actors.
The mark of a private VPN service is privacy by design, and Secure Core shows that a lot of thought has been put into designing ProtonVPN.
Tor over VPN
ProtonVPN allows you to connect to Tor (onion) servers through the VPN. In this configuration, you connect first to a VPN server, and then to the Tor network before accessing the internet.
This makes connecting to the Tor network very easy and means you do not need to install Tor Browser. It prevents your ISP from knowing that you are using Tor, hides your real IP address from the Tor entry node, and allows you to access Tor Hidden services (.onion dark web sites).
It should be noted, though, that a similar effect can be achieved by using Tor Browser when connected to any VPN service. Indeed, this configuration is more secure than the Tor over VPN setup offered by ProtonVPN.
All of ProtonVPN's apps are fully open source. ProtonVPN says that it has been audited by SEC Consult, although as far as we can tell, these audits (or even their summaries) have not been made public, which is a shame.
We are big fans of open source, but a VPN provider can see what you get up to online anyway, so from a security perspective, the main advantage is simply that the code can be checked for flaws by anyone qualified to do so.
Speed and Performance
ProPrivacy.com SpeedTest (max/burst)
ProPrivacy.com SpeedTest (average)
IPv6 leak detected?
WebRTC leak detected?
IPv4 leak detected?
Since our last review, we've been able to gather more data on ProtonVPN's average speeds, with the last few months showing an impressive 53.4 Mbps average speed with a maximum burst hitting 490.4 Mbps. This is plenty for data-intensive tasks, streaming, and even online gaming. It certainly holds its own against the top names in the industry, and shows that Proton is continually improving its service.
An average DNS lookup time of 0.94 seconds is pretty quick (albeit about half a second slower than some leading VPNs). A 7.2 second connection time is nothing to write home about and will have you twiddling your thumbs when you first turn the VPN on. However, after that, it should be smooth sailing, as Proton operates fast servers. We'll keep monitoring these speeds to see whether it improves over the coming months, as this is the only downside we have discovered.
It's not nearly as scientific as our full speed tests, be we also wanted to get a rough idea about how using the free service and Secure Core affects internet performance. Tests were performed from the UK.
As we can see, the difference between using a free and non-free server in the Netherlands is negligible. Given that our data was being routed to Belgium via Iceland, we are also very impressed at how fast Secure Core is.
We detected no IP leaks of any kind in Windows and macOS, including WebRTC and IPv6 leaks. We cannot currently test IPv6 on mobile devices but detected no IPv4 WebRTC leaks in iOS or Android VPN apps.
Does ProtonVPN unblock Netflix
ProtonVPN tells us it's Plus and Visionary plans (only) now unblock Disney+, Netflix (US, UK, and Germany), Amazon Prime Video (US and UK), HBO Now, Hulu, and ESPN. We haven't tested all of these but can confirm that ProtonVPN unblocks the US Netflix catalog.
Ease of Use
Custom VPN apps are available for Windows, macOS, Android, and iOS. A command-line Linux script is also available for auto-configuring and controlling OpenVPN (which must be installed separately, along with various other packages). A manual IKEv2 setup guide is also available for Linux.
We are pleased to note that the ProtonVPN website and all its apps are now available in English, Dutch, French, Italian, Polish, Spanish, and Portuguese.
The ProtonVPN Windows Client
The Windows VPN client is smart looking and provides a ton of useful information. The cool-looking server map is mainly for show, but once connected, the app shows useful session traffic statistics. The Windows app uses the OpenVPN protocol (UDP or TCP).
Selecting a country will auto-connect you to a server in that country – you can specify by speed or randomly. Alternatively, you can select individual servers. These are all clearly labeled whether they are available to free users, can be used or P2P, or support Tor over VPN. They also show server load to help you pick a fast server.
The kill-switch is firewall-based but does not use the Windows system firewall. This means if the OpenVPN daemon suffers a crash then your real IP will be exposed. The kill-switch otherwise works well. DNS leak protection is enabled by default, and as we have seen, it works well.
Unique to the Windows app is split-tunneling. This allows you to decide which apps do or don't use the VPN, and to exclude or include specified IPs. It is worth noting that split tunneling does not work with sites or services that resolve to multiple domains, which includes Netflix, Amazon, BBC iPlayer, and many other popular streaming services. But this a shame, but is an inherent limitation of the technology. This VPN will also enable you to unblock YouTube videos that are restricted within your region,
A new Linux graphical user interface (GUI) client
As of June 22nd, Proton now offers a Linux GUI client. You can even access the GUI on the free Linux plan – making it the best free Linux VPN! The GUI comes with a wealth of features, too:
- Quick connect
- NetShield ad-blocker
- Kill-switch/Permanent kill-switch
- Secure Core
- DNS leak protection
- IPv6 leak protection
- Easy access to P2P torrenting, Tor over VPN, and streaming servers
- Linux desktop integration (via NetworkManager)
The macOS, iOS, and Android apps use the IKEv2 VPN protocol (with OpenVPN support now available in the MacOS and iOS apps). MacOS and iOS users can also benefit from alternative Routing to iOS and MacOS apps, which lets people connect to our VPN servers over networks that are very difficult to block; alongside Smart Protocol which automatically selects the optimal protocol to provide peak performance and bypass network censorship attempts.
The macOS VPN, Windows, Linux and Android apps all feature a built-in kill-switch for added protection. The iOS app doesn't, but has "Always-on VPN", instead, which re-establishes a dropped VPN connection quickly and automatically.
Other than an FAQ-style support page, which is not extensive but which seems useful, support is only available via email and can take a day or two to respond (about one day in our experience) We were nevertheless impressed by the quality of the answers when they arrived.
Privacy and Security
IPv6 leak protection
WebRTC leak protection
Bare Metal Servers?
ProtonVPN logs a timestamp of the last successful login attempt. This is stored indefinitely but is overwritten each time you log in. By default, IPs are not logged. This logging setup meets our VPN logs criteria, as is poses a minimal threat to users's privacy.
Switzerland is generally regarded as a good place to base a privacy company thanks to its strict privacy laws, the fact that it is not subject to EU legislation, and is not a member of the Five Eyes (or even Fourteen Eyes) US-led spying alliance.
On the other hand, Switzerland has passed some alarming new surveillance laws. These require Internet Service Providers (ISPs) and telecoms operators to store detailed metadata connection logs for 12 months. What isn't clear (because the wording of the laws themselves isn't clear) is whether these logging requirements apply to email and VPN services.
Proton says it has received assurances from both the Swiss government and its own lawyers that the new laws do not apply to VPN or email services based in the country, but on both counts, it has been unable to provide hard evidence of this.
Protocols and Encryption
The Windows client and Linux script use OpenVPN, while the macOS, Android, and iOS VPN apps use IKEv2. OpenVPN is known to be highly secure if properly configured, while IKEv2 is theoretically very secure and is usually faster than OpenVPN. ProtonVPN uses the following OpenVPN settings:
Data channel: an AES-256-CBC cipher with HMAC SHA-512 hash authentication.
Control channel: ProtonVPN supports a number of cipher suites, the weakest of which is an AES-256 cipher with RSA-2048 handshake encryption and HMAC SHA-1 hash authentication. Perfect forward secrecy is provided by a Diffie-Hellman key exchange (key length unknown).
Even at its weakest settings, this setup is secure. IKEv2 uses an AES-256 cipher with RSA-2048 handshake encryption, which, again, is secure.
As already mentioned, ProtonVPN uses only bare metal servers, and none of the software we tested suffered IP leaks of any kind. It is also possible to pay for the service in Bitcoin and even cash.
Obfuscation tech for evading VPN blocks is limited to using OpenVPN TCP (presumably port 443) to disguise VPN traffic as regular HTTPS traffic. This can be quite effective but is defeated using even fairly basic Deep Packet Inspection techniques.
The website uses a number of trackers, including Google Analytics (GA). Proton has told us, however, that GA is not used on sensitive pages.
ProtonVPN publishes a transparency report and operates a warrant canary. A transparency report is nice, but still requires trust in Proton to report all incidences. According to ProtonMail's similar transparency report, Proton has complied with a couple of requests for data that weren't backed up with a valid court order. In both cases, the circumstances appear to justify such a decision. It seems that ProtonMail was able to supply very little information, anyway.
We are somewhat dubious about the real value of warrant canaries, but many people find them reassuring.
ProtonVPN is a fast and secure VPN service with lots of servers, some innovative ideas, and great software. It also shows a strong dedication to privacy, as befits the fearsome reputation ProtonMail has built in this regard.
Our only real criticisms are that we would like to see proper kill-switches in iOS, and that the Visionary plan pricing is quite steep in comparison to its other plans. The iOS kill-switch issue is mitigated to a certain extent by the "Always-on VPN" feature in both apps, and Proton's Plus plan is extremely reasonable. It's a solid service that holds its own against some of the top names in the industry. We'll be keeping a close eye to see how ProtonVPN continues to improve its service.
1 User Reviews
Leave a Review - Step 1
Leave a Review - Step 2
Please tell us in more detail about this product