ProtonVPN Review

ProtonVPN

BestVPN.com Score 9 out of 10

The impact ProtonMail had on the privacy email industry when it opened its doors in 2014 is hard to overstate. Developed by a team of research students from MIT and Harvard, and headed by Harvard PhD candidate and CERN researcher Andy Yen, ProtonMail showed that it is possible to combine a high level of privacy and security with a webmail service that is as convenient and easy to use as Gmail.

VPN Stats

  • Server Locations 16
  • Average Speed 53.67 Mbit/s
  • Simultaneous Connections 5
  • Jurisdiction Switzerland

Likes

  • Five simultaneous connections
  • Secure Core (double VPN) network is fast and… secure!
  • P2P torrenting permitted on selected severs
  • DNS leak protection and kill switch
  • Accepts payment in Bitcoin and cash

Dislikes

  • Swiss data retention laws
  • Netflix and BBC iPlayer blocked

Features

Port forwarding
Total servers 140
Countries 16
Simultaneous connections 5
Bare metal or virtual servers Bare metal
Router Support
Allows torrenting
Port selection

Supported platforms

Windows
MacOS
iOS
Android
Linux

Protocols offered

PPTP
L2TP/IPsec
SSTP
IKEv2
OpenVPN
Other protocols -

Privacy

Jurisdiction Switzerland
Logs Traffic
Logs Connections
Logs Timestamps
Logs Bandwidth
Logs IP Address
Logs Aggregated or Anonymized Data

Performance

BestVPN.com SpeedTest (max/burst) 101.96
BestVPN.com SpeedTest (average) 53.67
IPv4 leak detected?
WebRTC leak detected?

Payment

Visa/MasterCard
Amex
Cryptocurrency

Security

Kill Switch
Obfuscation (stealth)
Self-hosted/Proxied DNS Yes

Support

Free trial Yes - 7 days
24-hour support
Live chat support
Money-back Guarantee

Unblocks:

Netflix
iPlayer

Alternative VPN Choices for You

From $2.99 / month
BestVPN.com Score 9.8 out of 10
Visit Site   Read Review
From $2.75 / month
BestVPN.com Score 9.5 out of 10
Visit Site   Read Review
From $6.67 / month
BestVPN.com Score 9.7 out of 10
Visit Site   Read Review
 

Swiss-based Proton Technologies AG has now also introduced a Virtual Private Network (VPN) service. Given the deservedly good reputation of ProtonMail, it is not surprising that expectations for ProtonVPN are very high. Read on to find out if ProtonVPN lives up to these expectations!

Features

Port forwarding
Total servers 140
Countries 16
Simultaneous connections 5
Bare metal or virtual servers Bare metal
Router Support
Allows torrenting
Port selection

Below are the key features of the ProtonVPN Plus plan. The features vary by plan, however. See the pricing table above for more details.

  • No IP logs and last login time  overwritten on each new connection
  • Five simultaneous connections
  • Servers in 14 countries
  • Secure Core server network
  • Tor through VPN
  • Peer-to-peer (P2P) torrenting permitted on selected servers
  • Domain Name System (DNS) leak protection
  • Kill switch (mobile apps also)
  • Transparency report and warrant canary

Server locations are primarily in Europe and North America, but there are also severs in East Asia and Australia.

Secure Core

Secure Core is a feature that aims to protect users against traffic correlation attacks.

A traffic correlation attack is performed by monitoring internet traffic as it enters and exits a VPN server. If a user always connects to a VPN server at the same time as a user of that VPN service visits a monitored website, then it is fairly easy to identify that individual as a visitor to that website.

It is worth pointing out to the more paranoid out there that such attacks are highly targeted. Someone powerful has to be looking very carefully for you specifically.

Secure Core helps protect against this by first routing your VPN connection through a Secure Core server. This makes it all but impossible to perform traffic analysis on the second (exit) server.

In theory, traffic analysis could still be performed on the initial Secure Core server. However, ProtonVPN has taken steps to make this very difficult. For a start, the Secure Core servers are located only in countries with very strong privacy laws.

They are also owned and operated exclusively by ProtonVPN, and protected by a very high standard of physical security. “Finally, Secure Core servers are connected to the internet using our own dedicated network with IP addresses that are owned and operated by our own Local Internet Registry (LIR).”

Although ProtonVPN claims its Secure Core feature as “unique,” it is similar in principle to the “double-hop” VPN setup offered by the likes of NordVPN .  The fact that it uses its own dedicated network with IP addresses that are owned and operated by its own LIR, however, does make Secure Core a step-up from its rivals.

As ProtonVPN itself points out, “there is no such thing as 100% security.” However, this does indeed sound a very secure setup!

Tor Through VPN

This feature allows you to use ProtonVPN with the Tor network in Tor through VPN configuration. Most usefully, it allows you to connect to Tor Hidden services dark web sites using your regular browser.

It also means that your entire internet connection benefits from Tor through VPN. As I discuss in Using VPN and Tor Together, however, this is not a secure setup. If you want to do Tor through VPN, it is much safer to simply use the Tor browser while connected to your VPN service.

ProtonVPN does run its own Tor servers, so malicious Tor exit nodes shouldn't be an issue. However, the Tor Browser is hardened in ways that your regular browser isn’t. It will also reset your Tor routing every ten minutes by default, while ProtonVPN’s setup requires a static route that is inherently easier to trace.

Interestingly, although advertised on the website and offered as an option in the software, there is no documentation on this feature available anywhere on the ProtonVPN website.

Speed and Performance

All tests were performed on my Virgin Media UK fiber connection, using the OpenVPN User Datagram Protocol (UDP).

The graphs show the highest, lowest, and average speeds for each server and location. See our full speed test explanation for more details, but note that I have switched to Speedtest.net Beta (HTML5) as it currently produces more consistent results than testmy.net.

ProtonVPN speeds

ProtonVPN upload speeds

I have also added average ping results (latency) in brackets, as this best reflects real-world page load times, and thus perceived speed.

Results to a nearby server are superb, although transatlantic speeds are a little underwhelming. It is interesting to note that using the double-hop Secure Core feature has only a very modest impact on speed performance. With such a small speed penalty, there is little reason not to use it!

I was also impressed by speeds to the nearest VPN server to me. Although advertised as “slow,” these outstrip the speeds offered by many paid-for VPN services. Speed is one of the factors why BestVPN.com have included Proton in our best free VPNs list.

Leak tests

BestVPN.com SpeedTest (max/burst) 101.96
BestVPN.com SpeedTest (average) 53.67
IPv4 leak detected?
WebRTC leak detected?

The Windows client has DNS leak protection, and indeed I detected no IP leaks. I also detected no IP leaks when using OpenVPN GUI 4.3.2.

I found ProtonVPN was blocked by US Netflix. The ProtonVPN FAQ states that BBC iPlayer is available using the service, but I found it blocked.

Price

ProtonVPN offers four separate plans. Prices start from completely free, going up to $30 per month if paid monthly. Paying annually nets you a 20% discount. Existing ProtonMail users with paid-for accounts can claim a 20% discount (which is cumulative with the annual discount).

For most people who are willing to pay for a VPN, the sweet spot is likely to be the Plus plan. This provides access to all ProtonVPN servers at the highest speeds available. It also provides access to all ProtonVPN’s advanced features.

Even for ProtonMail users, the Visionary plan only really makes sense for businesses or individuals who wish to support the Proton project above and beyond the call of duty.

This ProtonVPN review will, therefore, concentrate on the Plus plan, although I have run some speed tests using their free version. Users can access servers located in Japan, the Netherlands, and the United States.

ProtonVPN offers an extremely generous 60-day money-back guarantee.  Although not advertised on the website, when I downloaded the Windows software I was granted a seven-day free trial of the Plus plan.

Note that this free trial only applies if you're using the custom client. It's not possible to download the Plus plan OpenVPN server configuration files during the trial period. This means that, at present, only Windows users can take advantage of this offer.

Payment can be made via credit/debit card or PayPal. ProtonVPN uses a third party payment processor for these, so doesn't keep any payment information itself.

It is also possible to pay using Bitcoin. Although not well advertised, Proton has stated that it also accepts payment in cash or via direct bank transfer if you contact support.

Accepting anonymous payment in cash or properly mixed Bitcoin is great, but please do remember that ProtonVPN will always know your real IP address regardless of how anonymously you pay.

Get ProtonVPN

Ease of Use

Windows
MacOS
iOS
Android
Linux

At present, custom software is only available for Windows. Manual setup guides are available for Windows (OpenVPN GUI), Mac (Tunnelblick), Linux, iOS (Open VPN Connect), and Android (OpenVPN for Android and Open VPN Connect). Custom DD-WRT router OpenVPN files are also supplied.

It should also be noted that the supplied OpenVPN config files should be usable on most platforms that support an OpenVPN client.

ProtonVPN for Windows

The Windows client looks very professional. The main page features a funky map, but more usefully also lists all available servers. Each server shows load percentage, which can be handy for picking a fast server.

Alternatively, click Quick Connect to let the software choose the fastest server for you. You can also click on a country to let the software auto-select a server at that location.

Protonvpn Windows 1

Servers that support Secure Core, Tor, and different pricing plans are clearly labelled. When you're connected, a nice graph displays your connection speeds and bandwidth usage.

The client supports DNS leak protection and a VPN kill switch. The kill switch is firewall-based. This is the best kind of kill switch because it makes it impossible for your PC to connect to the internet outside the VPN connection. Please see A Complete Guide to IP Leaks for more details. It is also possible to choose between the OpenVPN UDP and TCP protocols, although port selection is not available.

Overall, I would say that this is a very smart-looking piece of software that includes all the most important things I want from a VPN client.

Get ProtonVPN

Customer Service

Free trial Yes - 7 days
24-hour support
Live chat support
Money-back Guarantee

ProtonVPN Support

The first line of support is a well-presented FAQ. This is not extensive but does appear to address many common questions and issues that people may have.

If the FAQ doesn't answer your questions, you can email the support team. A response to my easy question took about four hours. My difficult question was answered the next day. Although the response to my difficult question was vague, it did link to a webpage that by-and-large provided the answer I needed.
Privacy and Security

Logs

According to its privacy policy:

"Data we retain from ProtonVPN sessions: Each time a user connects to ProtonVPN, we only store a timestamp of the last successful login attempt. While it is stored indefinitely, this gets overwritten the each time you log in... We retain this limited information to know how many devices are being connected and ensure users do not make excessive number of connections."

Proton has also clarified to me that, by default, IPs are not logged (although it is possible to turn on IP logging  if you wish). This makes ProtonVPN pretty darn close to being a fully no-logs VPN service.

Jurisdiction

ProtonVPN is based in Switzerland. On the one hand, this is a country that has famously strong privacy laws, is not subject to EU legislation, and is not a member of the Five Eyes (or even Fourteen Eyes) US-led spying alliance.

On the other hand, Switzerland has passed some alarming new surveillance laws. These require Internet Service Providers (ISPs) and telecoms operators to store detailed metadata connection logs for 12 months. What isn't clear (because the wording of the laws themselves isn't clear) is whether these logging requirements apply to email and VPN services.

A statement by Proton, updated in 2017, says:

We appreciate that the Swiss government has recognized the leading role that Proton Technologies AG plays in developing the cybersecurity tools of the future, along with the role that we play in the economic re-orientation of Geneva, and Switzerland as a whole towards the high tech sector, and sought a meeting with us to discuss how to ensure both security and privacy in the digital age.

"As a participant in these discussions, we can confirm unequivocally that upon implementation, the provisions regarding data retention introduced by the BÜPF will exempt companies like ProtonMail and ProtonVPN which are not major telecommunications operators.”

This sounds great, and may well indeed be the case. However, it does mean taking Proton’s word on a promise made to it behind closed doors. Whatever the practical implementation of the new laws will be, the letter of the law remains worryingly vague.

Other stuff

ProtonVPN publishes a transparency report and operates a warrant canary. A transparency report is nice, but still requires trust in Proton to report all incidences. I am also a little skeptical about the real value of warrant canaries, but I understand that many people find them reassuring.

According to ProtonMail’s similar transparency report, Proton has complied with a couple of requests for data that weren't backed up with a valid court order. In both cases, the circumstances appear to justify such a decision. It seems that ProtonMail was able to supply very little information anyway.

Nit-picking aside, at the end of the day, using any VPN requires that you trust your VPN provider. ProtonMail has established a formidable reputation in this regard, so there is every reason to believe that ProtonVPN is sincere in its privacy claims.

Security

Kill Switch
Obfuscation (stealth)
Self-hosted/Proxied DNS Yes

ProtonVPN offers only one VPN protocol – OpenVPN. Although this does mean that users of more obscure or legacy hardware may not be able to use the service, it is a commendable decision. Properly implemented OpenVPN is the only VPN protocol that is believed to be 100% secure.

Encryption Protocols

PPTP
L2TP/IPsec
SSTP
IKEv2
OpenVPN
Other protocols -

For the OpenVPN data channel, ProtonVPN uses an AES-256-CBC cipher with HMAC SHA-512 hash authentication.

For the control channel, ProtonVPN supports a number of cipher suites, the weakest of which is an AES-256 cipher with RSA-2048 handshake encryption and HMAC SHA-1 hash authentication. Perfect forward secrecy is provided by a Diffie Hellman key exchange.

This is a secure setup and, as I say, stronger control channel cipher suits are also supported.

Want to know more? Please check out my VPN Encryption Guide.

Get ProtonVPN

Final Thoughts

After ProtonMail, pretty much everyone was expecting something special with ProtonVPN. By-and-large, Proton has delivered. ProtonVPN is a very polished  privacy-focused VPN service that is secure and very fast when connected to a nearby sever.

The Secure Core network is not quite as innovative as ProtonVPN would have us believe, but is nevertheless very well executed. I am impressed by how little impact jumping though an extra VPN server has on speed performance.

At present, ProtonVPN doesn't offer any obfuscation technology to evade VPN blocks. However, it should be remembered that it is a brand new service. Developed by the same team that made ProtonMail the success that it is, we can expect to see additional features rolled out as time goes on.

ProtonVPN is an excellent and highly competitive premium VPN service. You are limited to just three server locations, but with no data limits and speed results that are better than most paid-for services.

Get ProtonVPN

25 Comments

  1. Zeilken
    on November 6, 2018
    Reply

    This review is outdated. ProtonVPN does unblock US Netflix. From their support documentation: Below is a list of suggested VPN servers to watch US Netflix using ProtonVPN. US Netflix US-CA#9 – 12 US-CO#13 – 16 US-IL#4 – 8 US-NJ#1 – 4 US-TX#2 – 3 US-VA#3 – 4 I have tried them all and they all work without any problem.

    1. douglas replied to Zeilken
      on November 7, 2018
      Reply

      Hi Zeilken, We have a lot of published reviews, and we can't keep them all updated with every minor change to the service. That said, ProtobVPN is slated for a new review soon.

  2. Kami Waters
    on October 17, 2018
    Reply

    The single bleeding problem presented by an otherwise fine VPN service with impeccable privacy credentials... no fricking iOS app after many months (years?) of waiting and patience. Manual setup is a yes, but not for the faint- hearted. I’ve given up on Proton VPN. Hello something else.

    1. John Eckart replied to Kami Waters
      on November 23, 2018
      Reply

      There is now an iOS app.

  3. Darren B
    on July 25, 2018
    Reply

    excited to see what this Proton has to offer in the coming months

  4. A VPN Site asks for Names mandatory good joke
    on June 28, 2018
    Reply

    your test is rubbish I tried the ÜrptpnVPN and got the 7 day premium luckily for free because I would never pay for such bad performance no connection from Belgium to Germany that is very very sad performance and how bad the performace for the real free version is is something I will never try to find out. Your "experts" should start checking and testing the vpns for real and don't just create commercials.

    1. Douglas Crawford replied to A VPN Site asks for Names mandatory good joke
      on June 29, 2018
      Reply

      Hi A VPN Site asks for Names mandatory good joke, As your username shows, we do not require real names. I tested ProtonVPN when the service was very new, so things may have changed since then for its free trier. The results I got, however, were the results I got.

Write Your Own Comment

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

  Your comment has been sent to the queue. It will appear shortly.