All VPN providers claim to be experts in privacy, but there’s not usually much evidence to back that up. Swiss-based ProtonVPN is different though, because the company has a track record in security – it’s also behind ProtonMail, the popular end-to-end encrypted email service.
ProtonVPN’s network has grown by around 20% since our last review to a fair-sized 1,200+ servers across 55 countries, with Cyprus the most recent addition. Most servers are in Europe and North America, as with most of the competition, but there are also locations in Australia, Brazil, Columbia, Hong Kong, India, Japan, Malaysia, New Zealand, South Africa, South Korea and more.
ProtonVPN owns and manages its own servers, too, and they’re connected to the internet using the company’s own network. Apart from giving ProtonVPN great control over how the service is set up and managed, it also shows us that this isn’t just some shell company making profits from reselling other people’s kit: there are real resources and expertise here.
You can see benefits of that control in ProtonVPN’s Secure Core, a smart technology which routes traffic through multiple servers before it leaves the network (meaning that even high-tech snoopers monitoring an exit server won’t be able to trace individual users).
Most customers don’t really need that level of protection, but ProtonVPN has plenty more familiar features. The service is P2P-friendly, supports up to 10 devices (the industry average is just five), has a kill switch, DNS leak protection and built-in Tor support for accessing Onion sites. A versatile split tunneling system routes all internet traffic through the VPN, apart from the apps and destination IPs you define. And there are now native apps for Windows, Android, Mac and iOS to enable using ProtonVPN on almost anything.
Recent improvements since our last review include the addition of NetShield, a DNS-based web filter to protect you from malware, ads and trackers. It’s a little more configurable than similar services, as you’re able to choose whether you only block malware, or want to stop ads and trackers as well (good news as you might find ad and tracker-blocking breaks legitimate sites.) It’s available on the Windows, Mac, Android, iOS and Linux apps.
A new ‘permanent’ kill-switch ensures your internet connection is blocked until you connect to the VPN, even if you close the VPN app or reboot your system.
Smaller app-related tweaks include new support for Android TV, and a bunch of usability-related tweaks. If ProtonVPN’s Windows service stops working, for instance, so will the VPN. Previously you wouldn’t know why, but now the app alerts you to the problem and re-enables the service with a click.
We’re impressed to see that all ProtonVPN apps are now open source and audited. IVPN, Private Internet Access and ProtonVPN also have open-source apps, and ExpressVPN open sourced its browser extensions, but most VPNs keep their apps closed source and out of sight.
The ProtonVPN Plus plan delivers all the features we’ve described here, covers five devices, and can be yours for 10 Euros billed monthly, 8 Euros on the annual plan, 6.63 Euros over two years. That looks a little on the high side to us, and you can get capable VPNs for much less (Private Internet Access is just $3.33 a month on its annual plan, Surfshark charges just $1.99 a month over two years).
The company has some cheaper options. The Basic plan doesn’t give you access to the premium servers, won’t stream Netflix, can’t route traffic through multiple servers, and only supports two devices, but it’s just 4 Euros a month on an annual subscription, 3.29 over two years. That’s better, but some of the competition give you an unrestricted service for a very similar amount (and occasionally less.)
Any payments are sort-of protected by a 30-day money-back guarantee, though with a potential catch: you’ll only get a refund for any unused subscription time. If you sign up for a month and ask for a refund after 15 days, for instance, the company only returns 50% of your subscription fees.
While that sounds a little mean, ProtonVPN has a great defense; it already gives users an unlimited amount of time to sample its service with a free plan.
Okay, this has some significant limits. It covers just one device, supports ‘medium speeds’ only, and gives you access to just three countries (US, Netherlands, Japan).
However, the service performed well for us, with our nearest Netherlands server averaging 65-70Mbps, and, crucially, it has no bandwidth limits. No more bumping up against tiny data allowances: you can use ProtonVPN Free as much as you like. That’s a big deal, and makes ProtonVPN interesting all on its own.
ProtonVPN’s Swiss home gives it an immediate privacy advantage over most of the competition. The country has very strong privacy laws, is outside of US and EU jurisdiction, and not a member of the 14 eyes surveillance network.
The company states its logging policy very clearly on the website: “ProtonVPN is a no logs VPN service. We do not track or record your internet activity, and therefore, we are unable to disclose this information to third parties.”
Session logging is almost non-existent. The company stores the timestamp of the last successful login attempt, but that’s it. This is overwritten when you next log in, so it only ever reflects the last session.
ProtonVPN associates your account with an email address when you sign up, but this address can be whatever you like. The company suggests using ProtonMail if you’d prefer to remain completely anonymous.
Sign up for the free plan and you won’t have to provide any payment details. Choose something else and you can opt to pay by Bitcoin. If you use PayPal or a credit card, the payments are processed by a third-party, and ProtonVPN won’t see your billing details. Or for real anonymity, you can just send the company some cash. Not exactly convenient, but you’ll know you’re not leaving any electronic audit trail.
A Transparency Report or ‘Warrant Canary’ reports on ‘notable legal requests’ and what happened. Sounds useful, but it seems to have only ever listed a single request (no data was handed over), and that’s dated January 2019.
Another privacy plus arrived in January 2020 when ProtonVPN released independent audit reports on its apps from security experts SEC Consult.
The results were good, with only 11 vulnerabilities found across the desktop and mobile apps, those only in the low or medium category, and ProtonVPN had already fixed everything it accepted as an issue.
Eleven may sound a lot, but it really isn’t. The whole point of this kind of audit is that it’s extremely thorough, identifying even the smallest issues, and none of ProtonVPN’s vulnerabilities were close to being showstoppers.
For example, in one item, SEC Consult identified that the Windows client temporarily stored the current session’s login credentials in RAM. That’s hardly surprising, and the data disappears when the app is closed. ProtonVPN fixed the problem when it was informed, but even earlier, for an attacker to exploit this, they would need to run code on your system, with the rights to access RAM, while you were connected, then grab the appropriate memory block, and know how to extract it from ProtonVPN’s data structures. That’s hardly likely, and if you do have malware running on your system, it could do much worse already (use keyloggers or screen captures to record everything you’re doing, say.)
Put it all together and ProtonVPN deserve huge credit for exposing itself to this level of scrutiny. There’s scope to go further, so for example TunnelBear’s audits don’t just cover its apps; they look at its infrastructure, back end and front-end systems, even the website, and they’ve re-run the audit over several year. But ProtonVPN still tramples all over most of the competition, who don’t have the courage to put themselves through any audit at all.
Signing up for ProtonVPN is straightforward. The company supports paying by card, Bitcoin or even cash if you’re looking for extreme anonymity, but we chose PayPal. The process was completed within a few seconds, and ProtonVPN directed us to our account dashboard, a handy web portal with login credentials, an OpenVPN configuration file generator, a download link for the Windows client, and links to instructions for setting up Mac, Linux, iOS and Android devices.
We grabbed a copy of the Windows client. It downloaded and installed in seconds with no technical hassles. We logged in with the user credentials we specified while signing up, and the main console appeared.
The client looks great, with a professional and polished interface. It opens with a large (and resizable) world map which, for once, works mostly as you’d expect: spin the mouse wheel to zoom in and out, left click and drag to move around, hover the mouse cursor over a server icon to see its location, and click to get connected.
If you don’t like map interfaces, no problem, you can collapse the client down to a standard list of locations. Icons highlight servers which support P2P (twelve at the time of writing, up from five in our last review) or Tor (just three: United States, Switzerland and Hong Kong.) Expanding any location lists all its available servers, with a color indicator of load (green being low, red high), and you can connect with a click.
We verified P2P support by accessing torrents from five of the specialist torrent services, and downloaded them all without any issues.
A Profiles feature works as an unusually powerful Favorites system. This could be as simple as creating a profile which connects to a New York server, but there are many more options. You could connect to the fastest server in a country or a location, maybe choose a random server to reduce the opportunity for tracking, select the best P2P or Tor-friendly server, and optionally choose to connect via OpenVPN TCP or UDP.
The client gives you an unusual amount of feedback on the current session. You don’t just get to see your new IP: there’s also the time connected so far, data downloaded and uploaded, the current server load, download and upload speeds.
There’s some real value here. Most VPN apps only show you server load before you connect. As ProtonVPN displays it all the time, if load increases significantly and performance seems to drop, you’ll know to reconnect to something else. A simple idea, but one which could make a real difference to your experience of the service.
The Settings dialog allows you to enable or disable key features (kill switch, DNS leak protection), configure what the Quick Connect action does (connect to the fastest location, a random server, a specific server of your choice) and set up the split tunneling system. These all worked for us, but there are some options you don’t get, including the ability to change protocol (it’s OpenVPN-only, although you can manually set up an IKEv2 connection) or automatically connect when you access an insecure network.
Checking the logs, we found the client was connecting via industrial-strength AES-256-GCM encryption with HMAC-384 for authentication. Works for us, but if you’re not a crypto-geek, ProtonVPN has some useful starter articles on its website.
We finished our look at the Windows client with some in-depth kill switch tests, and found it performed very well. The client didn’t leave us exposed during normal operations, such as switching to a new server while connected to another. And if we simulated a major problem by manually closing a TCP connection or terminating a VPN process, the client instantly displayed an alert and blocked all traffic until we reconnected.
The client now also includes a permanent kill switch. This doesn’t just kick in if your regular connection drops; it completely blocks all internet access until you’re connected to ProtonVPN, so guaranteeing that your traffic is always protected.
We tested this by closing the app, stopping ProtonVPN’s Windows services, even turning off the firewall (some VPNs rely on the Windows firewall for their kill switch), but no change: there was no internet until we connected.
There are some inevitable usability hassles here. If you can’t connect to ProtonVPN for some temporary reason, say, losing your internet might be a very big problem. Fortunately, the app clearly warns you that the kill switch is active and allows you to disable it with a click, making it easy to restore normal operations.
The ProtonVPN Android app looks and feels much like the desktop build, with a very similar map view, country list and Favorites-like Profile system.
The Settings panel has almost identical options and controls: you can enable or disable the kill switch, set up split tunneling, access the malware-blocking NetShield, and more. The app doesn’t enable setting custom DNS servers, as you can on the desktop. But there’s a bonus in support for IKEv2, putting it one step ahead of the OpenVPN-only Windows edition.)
ProtonVPN’s iOS app looks a little more stylish, with neat visual touches like using colorful flag icons as markers on the map, but it follows the same basic rules. Settings and options are a little more limited, too, but the app covers the essentials: an Always-On VPN option quickly reconnects if the VPN drops, you can choose from IKEV2 and OpenVPN UDP/ TCP connections, and there’s support for enabling or disabling NetShield malware protection.
Although that doesn’t leave us much to discuss here, it’s good news for users. VPN apps should have as close to the same interface and feature set as possible across all platforms, ensuring that once you’ve mastered one version, you know exactly what to do on all the others.
If you’d prefer to use another OpenVPN-compatible app or device, there’s more good news: ProtonVPN offers better support for this than anyone we’ve seen. Instead of forcing you to work with a single set of generic configuration files, or generate custom files individually, ProtonVPN’s web console gives you the best of all worlds.
You’re able to customize your OpenVPN files according to the platform and protocol you need, then view files by country or individual server, and download them individually, or grab the full set in a ZIP file. If you’ve ever had to grab 120 OpenVPN configuration files individually, by clicking a Download file for each one, then rename them to something usable, you’ll appreciate how thoughtful this is.
Our speed testing began by connecting to the fastest server from two locations (a UK data center with a 1Gbps connection, a US location with a 600Mbps line), then checking performance with benchmarking services including SpeedTest.net (via the website and the command-line app), Netflix’ Fast.com, TestMy.net and others. We repeated each test five times, ran the full set in both morning and evening sessions, then analyzed the data to compare median speeds.
UK OpenVPN results were good, with the best sessions hitting median speeds of 300-310Mbps.
US OpenVPN speeds were extremely consistent, never once polling below 200Mbps in 60 separate tests. There were a couple of peaks above 400Mbps, but typical performance was broadly similar to the UK at 280-290Mbps.
These are good mid-range OpenVPN speeds for the UK, but well above average for the US, where it was only beaten by HideMyAss! at 300-330Mbps.
ProtonVPN loses out with its minimal protocol support, though, and VPNs with WireGuard or their own custom protocols were often much, much faster. In the UK, for instance, Hide.me, Surfshark, TorGuard and others were capable of 600Mbps and higher, and ExpressVPN’s Lightway reached 490-630Mbps download speeds in the US.
Netflix and streaming
ProtonVPN sells itself mostly on privacy and security, but it has some unblocking abilities, too.
BBC iPlayer is well protected against many smaller VPNs, for instance, but ProtonVPN breezed past its defenses and allowed us to stream whatever we liked. We reconnected and repeated the tests with a couple of further IP addresses, just to confirm Proton’s unblocking reliability, and they worked, too.
We were equally successful with UK and US Netflix, again with three out of three of our test connections. The odd delays we noticed in the last review (long pauses and occasional timeouts before streaming began) weren’t visible, and we didn’t notice any other buffering or playback issues.
Amazon Prime Video can be a challenge for some providers, but not ProtonVPN. We streamed US-only content from all three or our test locations.
The service completed its 100% record with Disney+, where again we got to stream the full US library like a local.
That’s a great result, but remember, you need at least a ProtonVPN Plus account to get this level of performance. The free and Basic accounts won’t do.
With ExpressVPN and some other providers, you can turn to live chat support and get an update on the situation, maybe a recommendation of which server to use, in under five minutes. ProtonVPN doesn’t have live chat support, though, and while you can send an email, the company says the response time is ‘usually within 1-2 days.’ That ‘days’ isn’t exactly encouraging.
When we posted a test question, though, we received an answer in under four hours, suggesting ProtonVPN’s estimate is more of a worst case than a typical wait.
The reply was clear and helpful, too, offering multiple suggestions and asking well-chosen follow-up questions, just in case our issues weren’t resolved.
The good news continued up to the end of the review, when we ran our usual set of privacy tests. All ProtonVPN servers were in the locations promised, and they all returned the same IP and DNS address, with no DNS or WebRTC leaks to give our real identity away.
ProtonVPN review: Final verdict
ProtonVPN unblocked everything we tried, and its well-designed apps are now open source and independently audited. Speeds can’t compete with WireGuard-supporting VPNs and prices are relatively high, but this is a decent service, and we have to applaud any VPN which offers a free, unlimited bandwidth plan. Give it a try.