Created by the team behind the world’s largest privacy-focused email service, ProtonMail, ProtonVPN is a newer VPN that has very interesting features.
A trustworthy free plan, a great mobile app, and solid (but standard) desktop features make ProtonVPN a solid choice, especially for those who use ProtonMail.
As per the about us page, the founders of ProtonVPN/ProtonMail met each other while working at CERN. The founding team is made up of scientists (particle physicists, cryptographers), designers, and developers.
ProtonVPN operates under Swiss law. Switzerland is one of the most privacy-friendly destinations in the world and does not require ProtonVPN to maintain any logs.
ProtonVPN does not maintain a warrant canary, as it is “not meaningful under Swiss law”, but does disclose law enforcement events that it considers meaningful on its website.
A recent request from January 2019 states that ProtonVPN was compelled by a local Swiss court to aid in an investigation for a foreign country. Due to their no-logging policy, they were unable to provide any information.
Desktop clients are available for Windows, macOS, and Linux. Mobile clients are available for Android and iOS devices.
Router support is also available for DD-WRT routers.
I created an account, paid for a month of the Plus (top level) membership, and installed the apps on my iOS and macOS devices.
Upon opening the macOS app, you’ll see an onboarding wizard that explains several critical features of the service.
ProtonVPN has a small but respectable server network. As of June 2019, ProtonVPN claims 409 servers in 33 countries.
As with virtually all modern VPN services, ProtonVPN initially recommends using its Quick Connect feature to connect to the closer (and fastest) server location. Depending on your threat model, and the core reason you’re using a VPN, this could be all you need to know to move on.
For the rest of us, there’s also a Profiles feature, which allows you to save your preferred connection settings (server type, country, server) for quick connections.
ProtonVPN features two primary types of servers: Standard and Secure Core. Which you’ll be able to connect to depends on the subscription plan you’ve selected.
Secure Core Secure core offers another level of privacy and security. It is essentially a double VPN, where you first connect to a Secure core server (based in Switzerland) and then to the location-specific server that you select. This helps offset some of the risk associated with accessing a server in a territory that allows law enforcement or government eavesdropping on the servers physically located there.
Secure Core is currently only available for Plus and Visionary members.
Forward Secrecy - ProtonVPN uses encryption ciphers with perfect forward secrecy — which means that your traffic, even if captured, cannot be decrypted at a later date. The ciphers used for encryption/decryption are only valid for a short period, significantly eliminating the future risk of past data.
Kill Switch - Most VPN services come with a Kill Switch, and ProtonVPN is no exception. A kill-switch blocks your internet traffic in the event of a connection disruption that may expose your un-cloaked IP address.
The kill switch functionality is not enabled by default, so you’ll have to head into the preferences panel to enable it.
Always On - This feature allows for automatic re-connection if a connection is dropped. This should probably be enabled for most users, especially those with the kill-switch activated.
Tor Over VPN In addition to the standard and secure core VPN servers, some ProtonVPN servers are configured to access the TOR network.
ProtonVPN supports the two most modern and secure protocols:
They do not support PPTP or L2TP/IPSec.
Using the Quick Connect feature connected me to a server in Chicago, Illinois.
Chicago, Illinois, United States
Using the same connection settings, I toggled on the Secure Core feature. The map now showed that I was connected to Chicago, and then connected through the Secure Core in Switzerland. The server reflected a 51% load at the time of testing.
Checking for DNS and IP leaks with ipleak.net produced an anomaly: It showed that I was currently located in New York, United States. I found that strange, as I was supposedly running through Chicago and then Switzerland, both quite a distance from NY.
When I evaluate the mobile version of a VPN, I’m doing two things: assessing it in isolation, and evaluating it in comparison to the desktop app.
Most mobile apps that I have tested have had very poor feature parity with the desktop iterations. I’m glad to report that this isn’t true for ProtonVPN.
I loaded the app on my iPhone and was pleasantly surprised by how many of the desktop features are present. One notable missing feature is the kill-switch — there’s a disclaimer saying that it does not work on iOS devices. Bummer.
Other than that, I prefer the iOS app. It’s one of the best ones on any VPN. You’re able to view real-time load data for each of the servers too.
Testing the connection using quick connect:
ProtonVPN has a fairly unique pricing structure. There are 3 VPN plans available:
Annual plans typically save you 20%. It’s not readily apparent on the pricing page, but after creating an account, users can upgrade to 2-year plans, which offer 33% discounts.
Users of ProtonMail can also select a Visionary plan which includes 5 devices and the ProtonMail visionary features for $30 per month (or $288 per year).