ProtonVPN Review Summary
ProtonVPN does a great job at marketing, but unfortunately, their VPN has numerous issues that pose a risk to ProtonVPN users. Extensive testing and research for this ProtonVPN review identified the following problems: buggy applications, DNS leaks, IP address leaks, connection problems, kill switch issues, slow speeds, and delayed support. They even hit up their users for donations, while at the same time charging $8 to $30 per month for access to the “secure core”. The poor test results raise questions as to exactly how and why ProtonVPN receives so much media promotion online.
Kill switch problems
(timestamps retained indefinitely)
- Based in Switzerland
- Double-hop VPN configurations (but only available with higher-priced subscriptions)
- Free tier (but very restricted with mediocre speeds)
- IP address leaks (WebRTC)
- DNS leaks (Linux)
- Kill switch problems
- Poor support (long delays)
- Connection problems
- Buggy Windows client
- Higher price (for access to “secure core”)
- Connection logs (timestamps)
Since ProtonVPN has rolled out their Android app, I have seen various users complaining about IPv6 leaks. It appears as if ProtonVPN decided to release the Android app knowing full well that it actively leaks IPv6 addresses because they did not block IPv6. According to their various posts, ProtonVPN eventually rolled out a new version of the Android app that blocks IPv6. However, there are still users complaining about IPv6 leaks with the ProtonVPN Android client.
Android client released that does not block IPv6:
ProtonVPN claims that the IPv6 leaks are now patched, although I have still seen complaints from various users.
The best solution to the IPv6 leak problem is a VPN service that offers full IPv6 support.
About the company
ProtonVPN is an off-shoot of Protonmail, an encrypted email provider based in Switzerland.
The company founders were all working on the Large Hadron Collider project at CERN when they stumbled upon the idea for encrypted email, as the story goes:
The idea of ProtonMail was born in the CERN cafeteria. All of us were scientists working on the Large Hadron Collider, the world’s largest proton collider. That was the origin of the name ProtonMail.
CERN does appear to be a well-regarded institution, despite receiving some strange publicity last year with “fake” human sacrifice rituals carried out by “CERN scientists”.
Switzerland jurisdiction – Being based in Switzerland is advantageous in terms of privacy. It is an independent country with good privacy protections and it’s not a member of mass surveillance alliances (Five Eyes and 14 Eyes).
ProtonVPN receives government funding
One unusual caveat I found is that the business receives funding from the Swiss government, as they point out on their website:
ProtonMail is a beneficiary of financial support from the Swiss government, and we also adhere to a policy of strict neutrality.
When one commenter asked for clarification, they suggested the government funding was to “create jobs” and “strengthen [Switzerland’s] economy”.
This issue is not discussed anywhere in the ProtonVPN Transparency Report. It’s unclear whether ProtonVPN is still receiving money from the Swiss government, and how this may affect the independence of the business and customer privacy.
I have never seen a VPN service – whether based in Switzerland or anywhere else – claim to accept government funding.
ProtonVPN response – Here is the exact response I received from ProtonVPN regarding this government funding situation:
Proton Industries is primarily a research company and as a result , we receive government grants to conduct fundamental research in computer science, so we are the principle investigators on a project funded by the swiss federal innovation and research agency in collaboration with eth Zurich. Our research is also funded by the European Union horizon 2020 program for fundamental research. So, this is not the government investing or exerting control, we just get funding from the same agencies that fund universities because of the research we conduct.
You can draw your own conclusions here.
ProtonVPN Price and refund policy
ProtonVPN’s pricing plans are somewhat complex. Below are the monthly prices for the different subscriptions (annual rates are slightly cheaper).
To get connections for 10 devices, you would need a “Visionary” account for $30 per month. Access to the “Secure Core” servers will run you $10 per month (or $8 per month with the annual plan). So despite offering a “free” tier, getting access to all the features is rather expensive.
In addition to server limitations, the lower-priced “basic” plans apparently have slower speeds than the “Plus” and “Visionary” plans. And finally, the basic plan is also limited to only two devices.
Proration and refunds – According to their Terms and Conditions, users can request “a refund for any unused service period within 60 days of the initial purchase.” This is not a 100% money back guarantee, as you will still need to pay for the days that you used ProtonVPN.
The problem with “free”
As discussed in the free VPN guide, many VPNs are now offering “free” services as a marketing tactic to lure in customers.
These “free” VPN services can be broken down into two different categories:
- Freemium VPNs – These VPNs give the user a small “free sample” in the form of a limited bandwidth or a few days to try out the service. Examples of the freemium VPN business model can be seen with TunnelBear (500 MB data), Windscribe (10 GB data), and CyberGhost (7 days free trial).
- Unlimited free VPNs – These VPNs give the user an unlimited amount of data, thereby allowing continuous VPN use by all free users. However, independent studies have found the vast majority of these VPNs to be unsafe, either due to leaks, hidden tracking, or malware embedded in the VPN app. Why do unlimited free VPNs contain malware and tracking? To collect your data and sell it to the highest bidder (when something is free, you are usually the product).
ProtonVPN falls into the second category. While it does restrict access to some servers, ProtonVPN’s free VPN is unlimited in terms of data transfer. (Note: early versions of ProtonVPN had a high malware presence (five positive test results), which is explained further below.)
Why is this a problem?
Assuming that ProtonVPN is not collecting user data for third parties, there is still a problem with offering an unlimited free VPN: it must be subsidized by all the paying users. In other words, all of the paying users will be forced to cover the costs of a large number of free (unlimited) users. Free users take up bandwidth, resources, and also customer support.
This may be another reason why ProtonVPN’s subscription costs are on the higher end of the spectrum. It is for this reason that most reputable VPN providers do not offer any “free” tier, although there are free trial VPN services and VPNs with a long (30 day) refund window.
ProtonVPN setup options
Below are the ProtonVPN setup options for different operating systems.
Note: the ProtonVPN client is only available for Windows at this time.
Windows – ProtonVPN client (below)
Mac OS – Tunnelblick client (There’s currently no support for IPSec IKEv2 – which allows you to use the Mac OS built-in VPN configuration.)
Update: ProtonVPN now supports the IKEv2 protocol
Linux – Network Manager or command line
Android – OpenVPN for Android or OpenVPN Connect (both are third party clients)
Update: ProtonVPN now offers an Android app, as discussed above.
iOS – OpenVPN Connect (third party client)
For this review, I tested ProtonVPN’s Windows client as well as the Tunnelblick client on Mac OS (Sierra).
What is ProtonVPN’s “secure core” feature?
The “secure core” feature is just a double-hop VPN server configuration routed through Switzerland, Sweden, or Iceland.
While multi-hop VPN chains are a great feature, they are not unique to ProtonVPN.
With ProtonVPN, you are can select between ten double-hop VPN configurations, which include “secure core” servers. You do not have the ability to create your own multi-hop configurations (not self-configurable).
Other VPN providers that offer double-hop VPN configurations include: VPN.ac (review), NordVPN (review), and VPNArea (review). VPN.ac currently has 18 double-hop configurations – but they are also not self-configurable.
Interesting claims – ProtonVPN makes some interesting claims on its website regarding the “Secure Core” feature:
ProtonVPN’s unique Secure Core architecture allows us to defend against network attacks that other VPNs cannot defend against.
Perhaps, but the “secure core” feature is just a double-hop VPN configuration through a country that ProtonVPN considers to be “secure”. You would arguably get more privacy and security with a self-configurable three or four hop VPN chain via Perfect Privacy or ZorroVPN.
First, servers are located in specifically selected countries with very strong privacy laws (Iceland, Switzerland, and Sweden).
Sweden is a member of the 14 Eyes mass surveillance alliance. Recently news broke that the Swedish government intends to increase data retention, further erode privacy protections, and also target VPNs operating in Sweden – see this report.
Secure Core servers are also located in extra high security datacenters to ensure strong physical security. ProtonVPN infrastructure in Switzerland and Sweden are located in underground datacenters, while our Iceland servers are located within a former military base.
I’m not sure having servers “underground” or in a “former military base” offers any real benefit (aside from marketing, perhaps). Furthermore, state actors, such as the NSA and GCHQ, operate internationally without respect to borders.
Therefore, even though ProtonVPN is based in Switzerland, we cannot know for sure that our VPN servers in other countries such as the US or the UK are not being monitored and user privacy compromised.
Correct – but that holds true for any server in the world, including all “Secure Core” servers.
Ultimately a multi-hop configuration is a good feature. However, ProtonVPN seems to be implying that this setup is somehow unique to their service and that other VPNs may be “compromised”.
The main drawback with ProtonVPN’s “secure core” is that the servers are static. Because the endpoints in the double-hop configuration never change, entry and exit IP addresses could be monitored by adversaries and potentially matched up to users.
In my opinion, a self-configurable multi-hop is a better option. With this setup, you can create a unique VPN cascade as often as you like. Because the user can always create new multi-hop chains, tracking and or targeting individuals becomes more difficult.
For an even higher level of security, NeuroRouting may be a better solution. This feature is a multi-hop VPN that dynamically changes your IP address based on the network route and server location of the website you are visiting – see here for more details.
IP address leaks
I ran the ProtonVPN Windows app through extensive testing (see testing procedures here) for IP address leaks using:
Due to a new update with the ProtonVPN Windows client that was released just days after this review was first published, I decided to conduct new testing. I tested the new Windows client (version 22.214.171.124) and identified IPv6 leaks via WebRTC (also known as WebRTC leaks).
Windows testing version:
Important note: You can see in the screenshot above that I was testing version 126.96.36.199 of the Windows app for this review. Therefore if you are using a different version, your results may be different.
Settings for testing (kill switch and DNS leak protection enabled):
IPv6 Leaks via WebRTC
Netherlands server – local IPv4 addresses (non leak) concealed (black), and IPv6 WebRTC leaks begin with 2 (red).
Note: there are many factors that may affect WebRTC leaks, including your network setup, web browser, and browser settings (testing results may vary).
While it is possible to disable WebRTC in various browsers (Firefox, Chrome, Opera), WebRTC leaks are still not a good sign.
For more of an explanation on WebRTC leaks see here (toward the bottom).
IP address leaks and kill switch problems have been raised by other users with previous versions of the ProtonVPN Windows client.
These issues may or may not affect current users with the latest version of the Windows client.
The best option is to periodically test your VPN to verify everything is working correctly, especially after software updates.
DNS leaks with Linux
DNS leaks are an ongoing issue for Linux users according to the ProtonVPN website:
To address frequent DNS leaks on linux, we’ve updated this guide with new Linux specific config files and new instructions to connect via CLI…
Attention: At this point, there is a known issue with DNS Leaks on distributions up to Ubuntu 16.04LTS (and its dependencies and parents).
I did not test ProtonVPN with Linux for this review.
There were two issues that came up when testing ProtonVPN’s kill switch feature:
- Sometimes the kill switch would not work and regular internet traffic would get through.
- Sometimes all traffic would be blocked after connecting to a VPN server (this would occasionally occur when the kill switch was activated).
I observed that the kill switch would not block internet traffic immediately after starting up the ProtonVPN client. Most VPN clients have a kill switch that will block non-VPN traffic to prevent any leaks whatsoever, whether you are connected to a VPN server or not.
In the image below, the VPN client is not connected to a VPN server, but the kill switch is active, while non-VPN traffic is getting through (exposing my real IP address, DNS requests, etc.).
The other issue I found is that sometimes all traffic would be blocked, despite apparently being connected to a VPN server.
I occasionally observed this issue when the kill switch was activated. Here is one example:
Update: Some users are still reporting that the kill switch fails, despite further updates to the ProtonVPN Windows client.
As an alternative to using the ProtonVPN kill switch (Windows client), you could create firewall rules to allow only traffic through the VPN.
Additional update: ProtonVPN has informed me that they have modified their kill switch, which may have fixed these problems.
ProtonVPN Windows client
The ProtonVPN client has a good basic design, although it is somewhat busy.
Unfortunately there are various bugs that still need to be worked out.
In addition to the leaks and kill switch problems mentioned above, here are some more bugs I found when testing out the Windows client:
Bug #1: ProtonVPN not connecting
When testing the Windows client for this review I would often have problems with ProtonVPN not connecting.
For whatever reason, the Windows client was often unable to connect to any server. This seemed to occur randomly.
I did not have all these “connecting failed” problems when testing the older version of the Windows client. This seems to be a new problem with the latest version.
I see there are also various complaints about connection issues in the forums – although it does not seem to affect everyone.
But #2: ProtonVPN cannot remember login
The other annoying bug I found was that the Windows VPN client would not remember login details, even with the “Remember Login” option enabled.
Again, this is also a known problem:
Rather than using the buggy Windows client, ProtonVPN users can opt for a third-party VPN client, which is discussed further below in the Alternative Solutions section.
ProtonVPN Mac OS testing results
ProtonVPN does not offer any client for Mac OS.
This means you will need to use Tunnelblick or some other third-party solution.
Unlike the native Mac OS IKEv2 setup, Tunnelblick does not offer a kill switch that will block all non-VPN traffic if the VPN is disconnected, as in the screenshot below:
Above you can see all regular traffic is getting through when the VPN is not actively connected via Tunnelblick.
Creating firewall rules would be a good idea if you are using Tunnelblick.
Update: ProtonVPN is beta testing a Mac OS client and they now support the IKEv2 protocol, for native Mac OS support.
ProtonVPN speed test results
I tested servers in Europe, the US, Canada, and Asia for this ProtonVPN review.
Overall, the speeds were decent.
While there are many variables when it comes to VPN speed, I did do some back-to-back testing for comparison. I ran some tests using common locations with OpenVPN 256-bit encryption and the speed testing website speedof.me (which does not use Flash).
Speed comparison Amsterdam
ProtonVPN download speed = 23 Mbps
VPN.ac download speed = 99 Mbps (4.3 times faster than ProtonVPN)
Perfect Privacy download speed = 69 Mbps (3 times faster than ProtonVPN)
Additionally, I also tested the “secure core” server speed in comparison to a double-hop server configuration setup with Perfect Privacy.
Double-hop “secure core” speed comparison (Switzerland >> UK)
ProtonVPN download speed = 7 Mbps
Perfect Privacy download speed = 36 Mbps (5 times faster than ProtonVPN)
Notice with the Perfect Privacy VPN Manager application I first connected to the Zurich server and then the London server. You can see the numbers on the left of the application (1 and 2) corresponding with the hops.
Perfect Privacy allows you to self-configure your VPN chains with up to four hops directly in the VPN Manager app – adding or removing servers in the chain without losing your connection.
Conclusion on speeds – It’s important to note that speeds can vary considerably depending on many factors. Nonetheless, if you want a multi-hop VPN that offers excellent performance, VPN.ac and Perfect Privacy are two good options.
ProtonVPN is yet another service that carries out some logging, but still claims to be a “no logs VPN service” on its homepage.
This is a fairly common issue (see also the Betternet review, Windscribe review, and PureVPN). Many VPNs claim to be “no logs” on their homepage, but then carefully disclose data that is “retained” or “collected” in their privacy policies.
They know most people won’t bother reading the fine print if they see “no logs” somewhere on the website.
Here you can see that ProtonVPN is claiming to be a “no logs VPN service” on its homepage:
However, if a VPN service is actively enforcing limitations, this usually requires some form of logging.
ProtonVPN limits connections and access to server configurations. Even more, they also enforce a “no torrenting” policy on their free VPN servers. Therefore it would be surprising if they were able to do all this and still be “no logs”…
They log timestamps to limit connections, which should not be a surprise. However, this clearly violates their “no logs VPN service” claims.
To be fair, this is a minimal level of connection logs.
Nonetheless, the contradictory statements may confuse users who believe that ProtonVPN is truly a “no logs VPN service” – which it is not.
Overall, I found the ProtonVPN support to be quite poor.
I sent their support team multiple requests and only one was answered within 2 days. Another request took 6 days, and another went completely unanswered.
They may be working to improve response times, however, this was the status at the time of this review.
You can also find others also complaining about slow support:
ProtonVPN explains in the post above that they are “trying to staff up [their] support team.”
Update from ProtonVPN: ProtonVPN has informed me that they have “invested heavily in customer support field” [sic]. Therefore response may now be better.
Given all the issues with ProtonVPN, and particularly the ProtonVPN Windows client, you may want to consider some alternatives.
ProtonVPN with AirVPN’s app (Eddie)
Due to the bugs and leaks with the Windows client, Windows users may want to consider using the AirVPN app, which is called Eddie.
The AirVPN client is free, open source, supports many platforms, and appears to be stable and leak-proof (when I tested it out). You don’t need an AirVPN subscription to use it (but you also won’t get any support). For basic setup instructions see here.
You can download the app here for free.
Note: this may also be a good solution for Mac OS users who don’t want to use Tunnelblick.
There are three VPNs that passed all privacy/security tests (no leaks), are based in good privacy jurisdictions, and also offer multi-hop VPN server configurations (like “secure core” with ProtonVPN).
As I pointed out earlier, there are two alternatives that offer self-configurable multi-hop VPN chains (up to four servers) and can be used with the Tor network for more anonymity:
- Perfect Privacy – based in Switzerland; €8.95 per month; unlimited connections (read review)
- ZorroVPN – based in Belize; $10.00 per month; 5 connections (read review)
Another alternative that is a bit cheaper and offers 18 double-hop VPN configurations:
ProtonVPN review conclusion
ProtonVPN is a newer service that was in BETA testing for a while before being finally released to the public in June 2017. Unfortunately, it still performs as if it was in BETA testing and suffers from a number of bugs and leaks.
While ProtonMail may be a decent option, ProtonVPN is simply not yet up to standard.
In the meantime, you may want to consider alternatives – see the Best VPNs List.
UPDATE: Malware test results
After seeing users complain about ProtonVPN software being flagged by antivirus programs, I decided to take a closer look. I downloaded the latest version of the ProtonVPN Windows client and then uploaded it to VirusTotal, which inspects the file using over 60 antivirus scanners.
The results were alarming:
VirusTotal showed five positive test results when I first scanned the file on October 11, 2017.
False positives? While there is a chance for false positives, it seems very unlikely that five separate antivirus tools would flag the VPN as being malicious if that were not the case.
When classifying VPNs as malicious or not malicious using VirusTotal results, there is one accepted definition we can use.
In this published study, researchers defined anything with two or more positive malware test results to be malicious. From the study: “We flag all applications as malicious that are detected by at least two of the scanners” [from VirusTotal].
With five positive test results, ProtonVPN’s Windows client would meet this definition of a malicious application.
Note: Many VPNs have been caught embedding malware into applications – see this study. Malware is often hidden in VPNs to collect user data, which can then be sold to third parties or used for other purposes. This is especially the case with free VPNs.
Disclaimer: I am not a malware expert and mainly rely on VirusTotal for testing various VPNs. However, these results are clearly on par with some of the free mobile VPN apps that I have tested, which are full of malware to collect user data (see for example VPN Master).
As a comparison, I also tested both Windscribe (Windscribe review) and TunnelBear (Tunnelbear review), which are very similar to ProtonVPN in that they offer both free and paid plans. With both Windscribe and TunnelBear, VirusTotal did not detect any malware presence whatsoever (0 positive hits) with their Windows applications. The same goes for the other paid (non-free) VPNs I have tested.
Reply from ProtonVPN: ProtonVPN has informed me that their newest app is no longer getting flagged for malware by VirusTotal. They also state that the previous positive test results for malware were “false positives”.
Alternatives to ProtonVPN: