Proton VPN’s no-logs policy confirmed by an external audit
When you connect to a VPN, it becomes your internet provider, meaning any VPN provider is technically capable of tracking and logging what you do online. While many VPNs claim to have no-logs policies, these policies do not always hold up when put to the test.
The best VPNs that maintain a strict no-logging policy
All products featured here are independently selected by our editors and writers. If you buy something through links on our site, Mashable may earn an affiliate commission.
Overview
Best For Streaming
ExpressVPN
Jump to Details
Go to ExpressVPN
Best For Privacy
ProtonVPN
Jump to Details
Go to ProtonVPN
Best For Security
NordVPN
Jump to Details
Go to NordVPN
Best For Multiple Devices
Surfshark
Jump to Details
Go to Surfshark
Best For Tight Budgets
TunnelBear
Jump to Details
Go to TunnelBear
See 0 More
A good VPN provides you with extra security when browsing online, watching Netflix, torrenting, or shopping. We’ve talked extensively about VPNs, giving recommendations on the fastest and cheapest services, but what about the most secure?
What is a VPN?
Virtual Private Networks, or VPNs, are security tools that provide protection for your identity and data by creating a private network that hides your real IP address. The best way to visualise a VPN is to think of it like an encrypted tunnel through which all of your online traffic passes through. Nobody can see into the tunnel, and everything inside is protected against online threats like hackers, viruses, and malware.
Should you care about a VPN’s logging policy?
Connecting to the internet by way of a VPN means that your ISP can’t see what you’re doing and neither can the authorities. That only works if your VPN doesn’t keep logs, though. Otherwise, those logs can help trace your online activities.
This is a particular problem if your VPN service is located in one of the 5/9/14-Eyes Alliance countries whereby surveillance agencies are more likely to be legally allowed to access your browsing history. Understandably, this can all be an issue for some privacy conscious users, especially if you’re trying to use a VPN to get around a country’s restrictive censorship laws.
While many VPN clients promise that they don’t keep any logs of your activities, the idea of a “no-logs policy” can mean a number of different things. Some companies can still keep more information than you feel comfortable about providing. A strict no-logs policy is what’s needed most of all if you want your data to be kept away from roving eyes.
Should you use free VPNs?
There are plenty of free versions of popular VPNs out there, plus free trials of VPNs with full access to everything you get with a premium plan. Alternatively, you can pay for a VPN. So which option is best for you and your lifestyle?
You get what you pay for with VPNs. There tends to always be a catch with free versions, and it’s normally in the form of limited data usage. If you’re just an occasional user, these plans will work fine. But if you’re going to be streaming or downloading, this isn’t going to work. Free trials are a little bit different: they come with everything you get in a paid plan, but obviously they don’t tend to last very long. Trials are great for testing out a service before committing, but this isn’t a long-term solution.
Related Stories
- How to watch U.S. Netflix from anywhere in the world
- The best VPNs in September 2023
- The best VPN deals in September 2023
- The best VPNs for Chrome
- The best VPNs for Windows
Something to consider is that free VPNs don’t require you to input any payment details, which adds another layer of anonymity.
What is the best no-log VPN?
Whatever your reason for staying secure online, it’s important to pick out the right no-logging VPN for you. We’ve lined up your best options, including leading services like ExpressVPN and NordVPN.
These are the best no-log VPNs in 2023.
Proton VPN’s no-logs policy confirmed by an external audit
Posted on April 13th, 2022 by Andy Yen in Proton News.
Today, we are excited to announce we passed a new milestone in our drive to make Proton as transparent as possible with the completion of a third-party audit of our infrastructure that confirmed our strict no-logs policy. Now, when we say we are a no-logs VPN, it is not just a claim: it has been double-checked by independent experts.
As an organization founded by scientists who met at CERN, we believe in peer review and transparency. This is also why we make all our apps open source so that anyone can examine our code.
Of course, we understand that not everyone has the time or skills to inspect code themselves. That is why, in addition to our internal audits, we regularly submit our apps to third-party security audits and make the results public. This way, everyone can get an independent expert’s opinion of our apps’ security.
In the most recent security audit of all Proton apps, security experts from Securitum, a leading European security auditing company that oversees more than 300 security testing projects every year for major corporations and banks, uncovered no significant security issues. This shows that Proton’s internal audits and culture of secure software development are effective. And because our apps’ code is entirely open source, our security is bolstered by our bug bounty program, which brings security experts together from all around the world to check our applications.
However, with a VPN service, it’s also important to verify what is happening on the server side and not just the application side.
Why it’s important to verify a VPN’s no-logs policy
When you connect to a VPN, it becomes your internet provider, meaning any VPN provider is technically capable of tracking and logging what you do online. While many VPNs claim to have no-logs policies, these policies do not always hold up when put to the test.
Proton VPN’s strict no-logs policy was tested in a legal case in 2019. We were ordered to turn over logs to help identify a user, but we were unable to comply because these logs did not exist. Proton VPN’s Swiss jurisdiction also confers additional benefits for VPN services. For example, within the current Swiss legal framework, Proton VPN does not have any forced logging obligations. However, there remains the possibility that an incorrect server configuration or flawed system architecture could cause logs to be accidentally stored.
To address this, we asked Securitum to perform a thorough examination of our infrastructure and server-side operations. Securitum security experts spent several days on site reviewing our VPN configuration files and server configurations, assessing our operating procedures, and interviewing our staff. The audit was extensive and checked the following:
- Does Proton VPN track your activity on VPN servers (servers that are passing the traffic)?
- Does Proton VPN log metadata about the activity on VPN servers, such as DNS traffic?
- Does Proton VPN inspect or log the network traffic on VPN servers?
- Does Proton VPN monitor or log information about which services (websites, servers, etc.) you connect to?
- Does Proton VPN monitor which services (websites, servers, etc.) have been used by a specific VPN server?
- Does Proton VPN apply the same privacy policy to all servers, regions, and subscription tiers?
- Does Proton VPN have a specific process to ensure that any unauthorized configuration change (such as “log=false” to “log=true”) will be detected? Will it trigger an automatic alarm?
- Does Proton VPN have a proper change management process in place to ensure that any authorized changes applied to the logs-related configuration files are reviewed and approved by another employee (dual control)?
- Do VPN configuration files have any logging enabled?
- Does Proton VPN log information about which VPN server you are connected to at a given time (or which users are connected to a specific VPN server at a given time)?
The resulting report confirms that we do not keep any metadata logs, do not log your VPN activity, and do not engage in any practices that might compromise your privacy.
You can read the full report from Securitum below:
Trust through transparency
At Proton, we believe that all claims should be investigated and verified, including our own. Going forward, we will continue to perform periodic security audits and publish the results so you can read an independent security professional’s report before you entrust us with your data.
If you are a security researcher, we also invite you to support security at Proton through our bug bounty program that offers generous bounties to anyone who can identify vulnerabilities in our open-source services.
Sign up for Proton VPN to get a transparent, open-source, and fully audited no-logs VPN that respects your privacy
Update August 1, 2023: This article was updated to feature the latest audit of our no-logs policy by Securitum, which was concluded on April 26, 2023. You can read Securitum’s audit of our no-logs policy from 2022 here.
Andy Yen
Andy is a founder of Proton, the company behind Proton VPN and Proton Mail. He is a long time advocate of privacy rights and has spoken at TED, SXSW, and the Asian Investigative Journalism Conference about online privacy issues. Previously, Andy was a research scientist at CERN and has a PhD in Particle Physics from Harvard University. You can watch his TED talk online to learn more about our mission.