Proton VPN is one of only a few VPNs to have both open-source apps and a published third-party security audit.
Proton VPN’s Windows, macOS, Android, and iOS apps are all open-source. The source code is freely available to view on Github, and all vulnerabilities discovered so far have been fixed.
The benefit of open-source apps is that anyone can view and contribute to their development. This improves the app’s security due to the error checking of a larger community.
This represents a level of transparency and commitment to security that we rarely see from other VPN providers — we love that Proton VPN has made the effort to do this.
Proton VPN’s Highly Encrypted Connections
As part of our security tests, we inspected Proton VPN’s connection logs to assess the strength of the encryption used. We were impressed with what we saw.
Here are Proton VPN’s encryption specifications:
- Traffic is securely encrypted using the AES-256 cipher.
- Connections established via an RSA-2048 handshake.
- Perfect Forward Secrecy via an ECDH key exchange.
- Authentication is provided using an SHA-384 hash.
Proton VPN successfully encrypted our test data transfers.
Our tests confirm Proton VPN’s encryption exceeds the security needs of most users. The VPN’s encryption will protect and hide your data from your ISP and any potential snooper or attacker.
Proton VPN’s Advanced Security Settings
Proton VPN’s applications include many advanced security and privacy settings. Below we listed the most important app features:
A VPN kill switch is a key security feature. Without one, you risk exposing your IP address to snoopers if your VPN connection disconnects unexpectedly.
Proton VPN includes a kill switch on its Windows, Mac, iOS, and Android apps. It’s not enabled by default, so make sure you turn it on in the ‘Connection’ tab within the Preferences menu.
We put Proton VPN’s kill switch to test by running a series of manual IP and DNS leak tests, while disconnecting the VPN connection. In all cases, the kill switch worked perfectly and did not expose our true IP address.
Proton VPN’s kill switch.
With split tunneling, your VPN creates a separate tunnel that goes directly through your ISP, just like you weren’t using a VPN at all.
This feature is particularly useful for retaining compatibility with devices and services that require a local IP address, like a wireless printer, for example.
Proton VPN includes split tunneling on its Windows and Android app, but it isn’t included on macOS or iOS. To use it, simply toggle on the apps that you want to be excluded from the encrypted VPN tunnel.
Proton VPN’s split tunneling setting interface.
We tested split tunneling and were able to access devices on our local network, all while using a Netherlands VPN server to safely download a torrent file.
EXPERT ADVICE: All apps you exclude from the VPN tunnel will use your true IP address. Never use this setting for sensitive activities, like when using free public WiFi.
Proton VPN’s IP & DNS Leak Test Results
Before trusting a VPN with your sensitive data, conducting a real-world IP and DNS leak test is a good way to verify the VPN is working properly.
All of Proton VPN’s apps include IPv6 and DNS leak protection, but we needed to verify these tools actually work. We ran these tests using Proton VPN on both macOS and Android.
To test for any IP address leaks we connected to several Proton VPN servers, including the US, South Africa, Germany, and Australia. Proton VPN didn’t leak our true IP address on any server.
Proton VPN didn’t leak our IP address in our third-party tests.
We then used our IP and DNS leak testing tool to test Proton VPN for any DNS leaks. DNS leaks occur when your browser routes DNS requests through your ISP instead of the VPN, but we experienced no DNS leaks with Proton VPN.
This is no surprise, as Proton VPN operates its own DNS servers, and therefore directly handles your DNS requests. This removes the risk of leaks from third-parties.
Proton VPN didn’t suffer DNS leaks in our tests.
NetShield Is a Poor Ad Blocker
Proton VPN Plus and Unlimited subscribers have access to NetShield, the company’s ad, malware, and tracker blocker. You can enable this by clicking on the shield icon from the app home screen.
We found NetShield stops malware and trackers effectively, but it was very poor at blocking ads.
Running NetShield through d3ward’s ad block test tool it reported just a 27% success rate.
Unlike other ad blockers, NetShield doesn’t fully prevent advertising elements from showing on web pages. Instead, it replaces them with a gray box, which is an eyesore.
On top of this, NetShield only works when you’re connected to a Proton VPN server. Therefore, you’ll have to stay constantly connected to Proton VPN to stop ads from showing.
Proton VPN’s Secure Core Servers
Proton VPN owns servers in 67 of its locations. These make up its Secure Core network.
This feature — only available on Plus and Unlimited plans — bounces traffic via a Secure Core server before relaying it onto another server in Proton VPN’s network.
This feature is an example of Double VPN, also known as Multi-Hop. Double VPN typically routes your traffic through two VPN servers instead of one, increasing your security.
Because Proton VPN owns and has sole access to these servers, Secure Core is even more secure than similar solutions like NordVPN’s or Surfshark’s Double VPN.
It wasn’t long ago that Secure Servers only existed in three countries – it’s great to see Proton VPN expanding that number so frequently.
Proton VPN’s Secure Core servers setting in the iOS app.
The drawback of using Secure Core servers is that they noticeably slow down your internet speed.
Below are the download speed reductions connecting to normal UK and US servers compared to secure server connections:
Below are the download speed reductions connecting from the UK to UK and US normal servers compared to secure server connections:
- US: 87Mbps (13% loss)
- UK: 89Mbps (11% loss)
Secure Core Server:
- US: 30Mbps (70% loss)
- UK: 18Mbps (82% loss)
Download speeds are much slower using the Secure Core network given the increased encryption overhead and the extra distance the data has to travel.
Additional Security Features We’d Like to See
- A seriously improved ad blocker. As demonstrated above, NetShield just isn’t good enough. We like that it’s included in the app, but Proton VPN desperately needs to improve it.
- A working Stealth protocol. Currently, Proton VPN does not reliably work in China, despite having Stealth protocol available. We’d like to see it improved to the point where it works consistently to beat the Great Firewall.
- An advanced kill switch. With Proton VPN’s kill switch activated as it is, you have no choice but to lose access to your local network and all the devices on it. A more advanced version could add some customization there.