In order to respect our users’ privacy, Proton VPN enforces a strict no-logs policy. This means we keep no session usage logs of what you do online, and we do not log metadata that can compromise your privacy.
We don’t log which websites you visit
We don’t log your traffic or the content of any communications
We don’t log your IP address
We don’t log your session lengths
We don’t log or track any location-based information
This level of privacy is possible in part because we are based in Switzerland, which has some of the strongest data protection and digital privacy laws in the world
Now, when we say we are a no-logs VPN, it is not just a claim: it has been double-checked by independent experts.
That is why, in addition to our internal audits, we regularly submit our apps to third-party security audits and make the results public. This way, everyone can get an independent expert’s opinion of our apps’ security.
In the most recent security audit of all Proton apps, security experts from Securitum, a leading European security auditing company that oversees more than 300 security testing projects every year for major corporations and banks, uncovered no significant security issues. This shows that Proton’s internal audits and culture of secure software development are effective. And because our apps’ code is entirely open source, our security is bolstered by our bug bounty program, which brings security experts together from all around the world to check our applications.
However, with a VPN service, it’s also important to verify what is happening on the server side and not just the application side.
When you connect to a VPN, it becomes your internet provider, meaning any VPN provider is technically capable of tracking and logging what you do online. While many VPNs claim to have no-logs policies, these policies do not always hold up when put to the test.
Proton VPN’s strict no-logs policy was tested in a legal case in 2019. We were ordered to turn over logs to help identify a user, but we were unable to comply because these logs did not exist. Proton VPN’s Swiss jurisdiction also confers additional benefits for VPN services. For example, within the current Swiss legal framework, Proton VPN does not have any forced logging obligations. However, there remains the possibility that an incorrect server configuration or flawed system architecture could cause logs to be accidentally stored.
The resulting report confirms that we do not keep any metadata logs, do not log your VPN activity, and do not engage in any practices that might compromise your privacy.
Under Swiss law, Proton VPN is not obligated to save connection logs, and we adhere to a strict no-logs VPN policy. Therefore, we are unable to comply with requests for user connection logs, even if they are legally binding. Furthermore, under Swiss law, a Warrant Canary is not meaningful, because under Swiss law, the target of a surveillance or data request must always be eventually notified, so they have the opportunity to contest the data request.
Lol. I will tell you something which will be very valuable for you in life and which you should always remember: You can not trust anyone 100%. I personally believe them but I still wouldn’t use the their VPN to do something which could lead me to prison. Always consider your threat model. If your goal is to hide from the content mafia while downloading torrents, then ProtonVPN is exactly what you need. If your threat model involves anything of interest for the major intelligence services, then suppose that they are watching over everything you do via ProtonVPN.
(To be clear, I don’t accuse ProtonVPN of being a honeypot, I just say that there is never a way to know anything for sure)
When it comes to “YOUR” information, whether it’s private or not, you should always be hesitant. Not saying Proton is not Trustworthy because so far they are doing a great job in the Privacy Field but never keep your guard down when it’s your personal information.
Prime example I use Filen(Cloud Service) who pushes Privacy with E2E service and i upload personal stuff. But what i do is i encrypt with Cryptomator and then upload it as a backup since i have a USB on hand with that information as well encrypted.
I don’t see why I should trust them more or less than any other VPN provider (excluding those already caught with their pants down)
In fact selling VPNs to user was so much snake oil a while ago (when NordVPN and the likes make some absurd claims what a VPN could protect you from) that I’m in general leaning towards the more cautious side with any VPN provider.
Not saying I do believe they do shady things or are lying, just agreeing with the others who said one should generally be cautious about companies promises and claims.
i saw this from proton “Proton VPN does not have any forced logging obligations. However, there remains the possibility that an incorrect server configuration or flawed system architecture could cause logs to be accidentally stored.” - this is the bit that has me worried, as there can always be an intentional accident in place for snooping at a very high level, hence do we 100% trust these policies?
… and the bit from Securitum where they said audit needs to be done annually and we are now 6 months since the current one. So
This is misinformation and therefore is removed. Please make sure all submissions and comments adhere to our content guidelines. Otherwise, they will be subject to removal. Our content guidelines can be found here: https://www.reddit.com/r/ProtonMail/wiki/index#wiki_content_guidelines
What’s the practical difference between 99% confidence and 100% confidence when there’s no reasonable way to get from 99 to 100? Literally every provider is going to be subject to the same possibilities as Proton. So, how does it help to dwell on the fact that you can never be 100% sure?
The server needs to maintain the connection, so of course it holds the destination IP for the duration of the session. The no log policy is for what happens after you close that session. The VPN doesn’t work at all without being able to ‘see the traffic’
When needed, Proton can query real-time traffic to see where they need to focus infrastructure strategies. So I would expect that reports are generated to show where problem areas are located. But I would also expect that such reports will not include personal metadata
It also would go against Proton’s stated mission to run packet inspection routines like what a typical american ISP does in order to throttle targeted types of traffic
For example, before I used a VPN, I always had problems maintaining a live stream from my radio station. It would run no more than a couple hours, then crash. I would then have to re-start the stream. After installing this VPN, the stream runs all day long with only issues at the station itself causing problems
Yes. I think the most important part to remember is that the protection measures must always be in relation to the threat.
Even when intelligence has access to their servers, I absolutely don’t expect them to blow their cover to go after some torrent users or some people buying illegal drugs online. They will probably go after the big fish, terrorists, whistleblowers, journalists, activists, spies, cartels, pedophiles. If you aren’t one of them intelligence will probably don’t care about you.
Proton is “safe enough" for 99.9%+ of users and use cases.
Even if you’re in the 0.1%, you probably need to worry much more about physical security (NSA team attaching bugs to PC while you’re at work), targeted attacks (0 day exploits sent to your phone or PC ), or waterboarding.
