All VPN providers claim to be experts in privacy, but there’s not usually much evidence to back that up. Swiss-based ProtonVPN is different though, because the company has a track record in security – it’s also behind ProtonMail, the popular end-to-end encrypted email service.
ProtonVPN’s network has grown significantly since our last review, and now provides a fair-sized 722 servers across 46 countries. Most servers are in Europe and North America, as usual, but there are also locations in Australia, Brazil, Hong Kong, India, Japan, New Zealand, South Africa, South Korea and more.
ProtonVPN owns and manages its own servers, too, and they’re connected to the internet using the company’s own network. Apart from giving ProtonVPN great control over how the service is set up and managed, it also shows us that this isn’t just some shell company making profits from reselling other people’s kit: there are real resources and expertise here.
- Want to try ProtonVPN? Check out the website here
You can see benefits from that control in ProtonVPN’s Secure Core, a smart technology which routes traffic through multiple servers before it leaves the network (meaning that even high-tech snoopers monitoring an exit server won’t be able to trace individual users).
Most customers don’t really need that level of protection, but ProtonVPN has plenty more familiar features. The service is P2P-friendly, supports up to 10 devices (the industry average is just five), has a kill switch, DNS leak protection and built-in Tor support for accessing Onion sites. A versatile split tunneling system routes all internet traffic through the VPN, apart from the apps and destination IPs you define. And there are now native apps for Windows, Android, Mac and iOS to enable using ProtonVPN on almost anything.
App-related improvements since our last review include OpenVPN support for the Android app, while the Linux client now features a kill switch.
Improved localization sees the apps now available in French, Italian, Spanish, Polish, and Brazilian Portuguese.
Editor’s Note: What immediately follows is a rundown of the latest changes and additions since this review was last updated.
- New locations – Argentina and Mexico, for a total of 48 countries and 785 servers. (April 2020)
- New locations – Slovenia and Malaysia, for a total of 50 countries and 801 servers. (May 2020)
- Smart Protocol is available for Android. This helps you to stay connected to ProtonVPN, even when someone is trying to block your access. (May 2020)
- iOS app now supports OpenVPN protocol. (May 2020)
- Server coverage increased. The service now has 849 servers in 50 countries. (June 2020)
- Server coverage increased. The service now has 897 servers in 50 countries. (July 2020)
All apps are now open source and audited, too, a level of transparency you’ll rarely see elsewhere.
The ProtonVPN Plus plan delivers all the features we’ve described here, covers five devices, and can be yours for 10 Euros billed monthly, 8 Euros on the annual plan, 6.63 Euros over two years. That looks a little on the high side to us, and you can get capable VPNs for much less (Private Internet Access is just $3.33 a month on its annual plan, Surfshark charges just $1.99 a month over two years).
The company has some cheaper options. The Basic plan doesn’t give you access to the premium servers, won’t stream Netflix, can’t route traffic through multiple servers, and only supports two devices, but it’s just 4 Euros a month on an annual subscription, 3.29 over two years. That’s better, but some of the competition give you an unrestricted service for a very similar amount.
ProtonVPN does have something for bargain hunters, though, in the shape of its free plan. Okay, it covers one device only, and gives you access to just three countries (US, Netherlands, Japan).
However, the service performed well for us, with our nearest Netherlands server averaging 65-70Mbps, and, crucially, it has no bandwidth limits. No more bumping up against tiny data allowances: you can use ProtonVPN Free as much as you like. That’s a big deal, and makes ProtonVPN interesting all on its own – even if it’s never going to match the likes of ExpressVPN or NordVPN.
- We’ve also rounded up the best free VPN services
ProtonVPN’s Swiss home gives it an immediate privacy advantage over most of the competition. The country has very strong privacy laws, is outside of US and EU jurisdiction, and isn’t a member of the 14 eyes surveillance network.
The company states its logging policy very clearly on the website: “ProtonVPN is a no logs VPN service. We do not track or record your internet activity, and therefore, we are unable to disclose this information to third parties.”
Session logging is almost non-existent. The company stores the timestamp of the last successful login attempt, but that’s it. This is overwritten when you next log in, so it only ever reflects the last session.
ProtonVPN associates your account with an email address when you sign up, but this address can be whatever you like. The company suggests using ProtonMail if you’d prefer to remain completely anonymous.
Sign up for the free plan and you won’t have to provide any payment details. Choose something else and you can opt to pay by Bitcoin. If you use PayPal or a credit card, the payments are processed by a third-party, and ProtonVPN won’t see your billing details.
A Transparency Report or ‘Warrant Canary’ page which in theory reports on ‘notable legal requests’ and what happened. Sounds useful, but it seems to have only ever listed a single request (no data was handed over), and that was dated January 2019.
Better news arrived in January 2020 when ProtonVPN announced that its apps were now open source, and released independent audit reports on them all from security experts SEC Consult.
The results were good, with only 11 vulnerabilities found across the desktop and mobile apps, and those only in the low or medium category.
Eleven may sound a lot, but it really isn’t. The whole point of this kind of audit is that it’s extremely thorough, identifying even the smallest issues, and none of ProtonVPN’s vulnerabilities were show stoppers.
For example, in one item, SEC Consult identified that the Windows client temporarily stored data about the current session for processing. That’s hardly surprising, and the data disappears when the app is closed. Unless an attacker has access to your system, manages to dump a copy of your RAM, take it away, identify the VPN process and figure out its data structures, it’s not going to be a problem.
Put it all together and ProtonVPN deserve huge credit for exposing itself to this level of scrutiny. There’s scope to go a little further, so for example TunnelBear’s audits don’t just cover its apps; they look at its infrastructure, back end and front-end systems, even the website. But ProtonVPN still tramples all over most of the competition, who don’t have the courage to put themselves through any audit at all.
Signing up for ProtonVPN is mostly very easy, although with one or two unexpected complexities. You can pay in Bitcoin, for instance, but if you’re a new user (you don’t have a free plan) then you can’t simply provide your details on a payment form. The form doesn’t even mention any support for Bitcoin. You have to somehow know this in advance, contact support, follow their instructions and perhaps wait up to 36 hours.
There were no issues with our PayPal payment, though. After handing over the cash, ProtonVPN directed us to our account dashboard, a handy web portal with useful files and information. That includes account details, login credentials, an OpenVPN configuration file generator, a download link for the Windows client, and links to instructions for setting up Mac, Linux, iOS and Android devices.
We grabbed a copy of the Windows client. It downloaded and installed in seconds with no technical hassles. We logged in with the user credentials we specified while signing up, and the main console appeared.
The client looks great, with a professional and polished interface. It opens with a large world map which, for once, works mostly as you’d expect: spin the mouse wheel to zoom in and out, left click and drag to move around, hover the mouse cursor over a server icon to see its location, and click to get connected.
If you don’t like map interfaces, no problem, you can collapse the client down to a standard list of locations. Icons highlight servers which support P2P (five, at the time of writing) or Tor (just three: United States, Switzerland and Hong Kong.) Expanding any location lists all its available servers, with an indication of load, and you can connect with a click.
A Profiles feature works as an unusually powerful Favorites system. This could be as simple as creating a profile which connects to a New York server, but there are many more options. You could connect to the fastest server in a country or a location, maybe choose a random server to reduce the opportunity for tracking, select the best P2P or Tor-friendly server, and optionally choose to connect via TCP or UDP.
The client gives you an unusual amount of feedback on the current session. You don’t just get to see your new IP: there’s also the time connected so far, data downloaded and uploaded, the current server load, download and upload speeds.
There’s some real value here. If speeds appear slow, for instance, you can check the server load as it is right now, and if it’s high, reconnect to something else. A simple idea, but not one we’ve seen with other apps.
The Settings dialog allows you to enable or disable key features (kill switch, DNS leak protection), configure what the Quick Connect action does (connect to the fastest location, a random server, a specific server of your choice) and set up the split tunneling system. These all worked for us, but there are some options you don’t get, including the ability to change protocol (it’s OpenVPN-only) or automatically connect when you access an insecure network.
We finished our look at the Windows client with some in-depth kill switch tests, and found it performed very well. The client didn’t leave us exposed during normal operations, such as switching to a new server while connected to another. And if we simulated a major problem by manually closing a TCP connection or terminating a VPN process, the client instantly displayed an alert and blocked all traffic until we reconnected.
The ProtonVPN Android app looks and feels much like the desktop build, with a very similar map view, country list and Favorites-like Profile system. Even the Settings panel has almost identical options and controls, including the OpenVPN support which has arrived since our last review.
If you’re hoping to set up an OpenVPN-compatible app or piece of hardware, there is good news: ProtonVPN offers better support for this than anyone we’ve seen. Instead of forcing you to work with a single set of generic configuration files, or generate custom files individually, ProtonVPN’s web console gives you the best of all worlds.
You’re able to customize your OpenVPN files according to the platform and protocol you need, then view files by country or individual server, and download them individually, or grab the full set in a ZIP file. If you’ve ever had to grab 120 OpenVPN configuration files individually, by clicking a Download file for each one, you’ll appreciate how thoughtful this is.
Our speed testing began by connecting to the fastest server from two locations (one UK, one US), then checking performance with the benchmarking sites Speedtest.net and TestMy.net.
UK speeds were reasonable at 66-69Mbps, an 8-9% drop on our results with the VPN turned off. That’s fractionally below average – we typically see around 6% loss – but unless you’re also running speed tests, you’re unlikely to notice the difference.
ProtonVPN’s speeds from our US test location peaked at 12Mbps and were often less, hugely disappointing when you consider that our test location could handle speeds of more than 600Mbps.
These results were so poor that we couldn’t quite believe them, and extended testing from the UK to the US did show significantly better results, with a range of 50-65Mbps.
The review took place in late March 2020, when much of the US was at home following coronavirus-related restrictions, so it’s plausible that played a part. More people using ProtonVPN more often, overloading the servers; more people streaming Netflix, gobbling up internet bandwidth.
That seems unlikely to be a complete explanation, because ProtonVPN’s results were also poor in our previous review (6 months earlier) at a peak 25Mbps. But we can’t know that for sure, and as the current situation is so exceptional, and there are so many unknowns, we’re not going to count the slow speeds as a major black mark.
ProtonVPN sells itself more on privacy than website unblocking, but our tests showed positive results and some improvements since our last review.
We were now able to access BBC iPlayer, for instance. UK and US Netflix are accessible with the Plus plan, although as we’ve seen before, the player sometimes took a very long time to play anything, and occasionally timed out, forcing us to try again. ProtonVPN unblocked Disney+, too, though with similar odd performance issues. And it got us into Amazon Prime Video with no speed problems at all.
With ExpressVPN and some other providers, you can turn to live chat support and get an update on the situation, maybe a recommendation of which server to use, in under five minutes. ProtonVPN doesn’t have live chat support, though, and while you can send an email, the company says the response time is ‘usually within 1-2 days.’ Most providers reply within hours, not days.
We ‘only’ waited just under a day for a reply to our test question, so ProtonVPN’s estimate was maybe a worst case. The reply was clear and helpful, too, offering multiple suggestions and asking well-chosen questions, just in case our issues weren’t resolved.
The good news continued up to the end of the review, when we ran our usual set of privacy tests. All ProtonVPN servers were in the locations promised, and they all returned the same IP and DNS address, with no DNS or WebRTC leaks to give our real identity away.
ProtonVPN unblocks almost everything, and its well-designed apps are now open source and independently audited. We’ve had speed issues with the service and support is a little slow, but overall, this is a decent service, and we have to applaud any VPN which offers a free, unlimited bandwidth plan. Give it a try if that sounds good, or head to ExpressVPN if you want something even better.
- Check out the best VPN services