ProtonVPN
All VPN providers claim to be experts in privacy, but there's not usually much evidence to back that up. Swiss-based ProtonVPN is different though, because the company has a track record in security – it's also behind ProtonMail, the popular end-to-end encrypted email service.
ProtonVPN's network now offers 1,300 servers across 61 countries, up from 55 in our last review, with Cyprus the most recent addition. Most servers are in Europe and North America, as with most of the competition, but there are also locations in Australia, Brazil, Columbia, Hong Kong, India, Japan, Malaysia, New Zealand, South Africa, South Korea and more.
ProtonVPN owns and manages its own servers, too, and they're connected to the internet using the company's own network. Apart from giving ProtonVPN great control over how the service is set up and managed, this also shows us that this isn't just some shell company making profits from reselling other people's kit: there are real resources and expertise here.
- Want to try ProtonVPN? Check out the website here
You can see benefits of that control in ProtonVPN's Secure Core, a smart technology which routes traffic through multiple servers before it leaves the network (meaning that even high-tech snoopers monitoring an exit server won't be able to trace individual users).
Most customers don't really need that level of protection, but ProtonVPN has plenty more. The service is P2P-friendly, supports up to 10 devices (the industry average is just five), has a kill switch, DNS leak protection and built-in Tor support for accessing Onion sites. A versatile split tunneling system routes all internet traffic through the VPN, apart from the apps and destination IPs you define.
Elsewhere, the DNS-based NetShield web filter blocks malware, ads and trackers. There are now native apps for Windows, Android, Mac and iOS to enable using ProtonVPN on almost anything. Oh, and they're all open source and audited.
That's a very long list, but somehow ProtonVPN has found the time to add two major new features since our last review. Firstly, the speedy WireGuard protocol is now available in all its apps. And secondly, if you have any problems with the service, paying customers can now (sometimes) contact Support right away via live chat.
ProtonVPN pricing
The ProtonVPN Plus plan delivers all the features we've described above, covers 10 devices, and can be yours for $10 billed monthly, $8 on the annual plan, or $6.63 over two years. That's above average, and you can get capable VPNs for much less (Private Internet Access is just $3.33 a month on its annual plan, VyprVPN charges just $1.81 a month over three years).
The company has some cheaper options. The Basic plan doesn't give you access to the premium servers, won't stream Netflix, can't route traffic through multiple servers, and only supports two devices, but it's just $4 a month on an annual subscription, $3.29 over two years. That's better, but some of the competition give you an unrestricted service for a very similar amount (and occasionally less).
Any payments are (sort of) protected by a 30-day money-back guarantee. The potential catch here is that you'll only get a refund for any unused subscription time, so if you sign up for a month and ask for a refund after 15 days, for instance, the company only returns 50% of your subscription fee.
While that sounds a little mean, ProtonVPN has a great defense; it already gives users an unlimited amount of time to sample its service with a free plan.
However, that said, this free plan has some significant limits. It covers just one device, supports 'medium speeds' only, and gives you access to 23 servers in just three countries (US, Netherlands, Japan).
However, the service performed well for us, with our nearest Netherlands server averaging 65-70Mbps, and, crucially, it has no bandwidth limits. There's no being restricted by paltry data allowances: you can use ProtonVPN Free as much as you like. That's a big deal, and makes ProtonVPN interesting all on its own.
- We’ve also rounded up the best free VPN services
Privacy
ProtonVPN's Swiss home gives it an immediate privacy advantage over most of the competition. The country has very strong privacy laws, is outside of US and EU jurisdiction, and not a member of the '14 eyes' surveillance network.
The company states its logging policy very clearly on the website: "ProtonVPN is a no logs VPN service. We do not track or record your internet activity, and therefore, we are unable to disclose this information to third parties."
Session logging is almost non-existent. The company stores the timestamp of the last successful login attempt, but that's it. This is overwritten when you next log in, so the most ProtonVPN will know about your account use is the start time of your last session.
ProtonVPN associates your account with an email address when you sign up, but this address can be whatever you like. The company suggests using ProtonMail if you'd prefer to remain completely anonymous.
Sign up for the free plan and you won't have to provide any payment details. Choose something else and you can opt to pay by Bitcoin. If you use PayPal or a credit card, the payments are processed by a third-party, and ProtonVPN won't see your billing details. Or for real anonymity, you can just send the company some cash. Not exactly convenient, but you'll know you're not leaving any electronic audit trail.
A Transparency Report or 'Warrant Canary' reports on 'notable legal requests' and what happened. Sounds useful, but it seems to have only ever listed a single request (no data was handed over), and that's dated January 2019.
Another step forward on the privacy front occurred in January 2020 when ProtonVPN released independent audit reports on its apps, performed by security experts SEC Consult.
The results were good, with only 11 vulnerabilities found across the desktop and mobile apps, and those were only in the low or medium category. ProtonVPN has already fixed everything it accepted as an issue.
While 11 may sound a lot, it really isn't. The whole point of this kind of audit is that it's extremely thorough, identifying even the smallest issues, and none of ProtonVPN's vulnerabilities were close to being showstoppers.
For example, in one item, SEC Consult identified that the Windows client temporarily stored the current session's login credentials in RAM. That's hardly surprising, and the data disappears when the app is closed.
ProtonVPN fixed the problem when it was informed, but even earlier, for an attacker to exploit this, they would need to run code on your system, with the rights to access RAM, while you were connected, then grab the appropriate memory block, and know how to extract it from ProtonVPN's data structures. That's hardly likely, and if you do have malware running on your system, it could do much worse already (like using keyloggers or screen captures to record everything you're doing, say).
Put it all together and ProtonVPN deserves huge credit for exposing itself to this level of scrutiny. There's scope to go further, so for example TunnelBear's audits don't just cover its apps; they look at its infrastructure, backend and frontend systems, even the website, and they've re-run the audit over several years. But ProtonVPN still tramples all over most of the competition, who don't have the courage to put themselves through any audit at all.
Windows app
Signing up for ProtonVPN is straightforward. The company supports paying by card, Bitcoin or even cash if you're looking for extreme anonymity, but we chose PayPal. The process was completed within a few seconds, and ProtonVPN directed us to our account dashboard, a handy web portal with login credentials, an OpenVPN configuration file generator, a download link for the Windows client, and links to instructions for setting up Mac, Linux, iOS and Android devices.
We grabbed a copy of the Windows client. It downloaded and installed in seconds with no technical hassles. We logged in with the user credentials we specified while signing up, and the main console appeared.
The client looks great, with a professional and polished interface. It opens with a large (and resizable) world map which, for once, works mostly as you'd expect: spin the mouse wheel to zoom in and out, left click and drag to move around, hover the mouse cursor over a server icon to see its location, and click to get connected.
If you don't like map interfaces, no problem, you can collapse the client down to a standard list of locations. Icons highlight servers which support P2P (12 at the time of writing, up from five in our last review) or Tor (just three: United States, Switzerland and Hong Kong). Expanding any location lists all its available servers, with a color indicator of load (green being low, red high), and you can connect with a click.
We verified P2P support by accessing torrents from five of the specialist torrent servers, and downloaded them all without any issues.
A Profiles feature works as an unusually powerful Favorites system. This could be as simple as creating a profile which connects to a New York server, but there are many more options. You could connect to the fastest server in a country or a location, maybe choose a random server to reduce the opportunity for tracking, select the best P2P or Tor-friendly server, and optionally choose to connect via OpenVPN TCP or UDP.
Settings
The Settings dialog allows you to enable or disable key features, configure what the Quick Connect action does (connect to the fastest location, a random server, a specific server of your choice) and set up the split tunneling system.
The app now supports WireGuard, but OpenVPN isn't forgotten. A 'Smart Protocol' feature will choose OpenVPN if it looks like the best protocol for your situation, or you can select it manually as required.
A 'VPN Accelerator' option, turned on by default, uses various low-level tricks (threading, network optimizations) to improve performance. It also has an interesting and related option in the Settings box. 'Auto Reconnection' looks out for speed issues with your current server, and connects you to a faster one nearby when necessary. Sounds like a smart idea.
Checking the logs, we found the client was connecting via industrial-strength AES-256-GCM encryption with HMAC-384 for authentication. Works for us, but if you're not a crypto-geek, ProtonVPN has some useful starter articles on its website.
We finished our look at the Windows client with some in-depth kill switch tests, and found it performed very well. The client didn't leave us exposed during normal operations, such as switching to a new server while connected to another. And if we simulated a major problem by manually closing a TCP connection or terminating a VPN process, the client instantly displayed an alert and blocked all traffic until we reconnected.
That's good news, and not just for the kill switch. The ability to cope with extreme and unexpected situations is a measure of code quality, and ProtonVPN scores much better here than most of the competition.
Mobile apps
The ProtonVPN Android app looks and feels much like the desktop build, with a very similar map view, country list and Favorites-like Profile system.
The Settings panel has almost identical options and controls: you can enable or disable the kill switch, set up split tunneling, access the malware-blocking NetShield, and more. The app doesn't enable setting custom DNS servers, as you can on the desktop. But there's also a bonus: it not only supports the OpenVPN and WireGuard protocols, but you also get IKEv2.
ProtonVPN's iOS app looks a little more stylish, with neat visual touches like using colorful flag icons as markers on the map, but it follows the same basic rules. It has the same core settings and options, too: OpenVPN, WireGuard and IKEv2 protocols; NetShield ad and malware protection; DNS leak protection; split tunnelling; and even the ability to tweak your MTU (a very technical but sometimes useful feature.)
It's great to see mobile apps which don't leave out all the most interesting bits from the desktop versions, but that's not the only plus point here. Many VPNs have very different feature sets between platforms, which is confusing if you use the service on several devices. ProtonVPN looks and works much the same everywhere, so when you've mastered one version, you know exactly what to do on all the others.
If you'd prefer to use another OpenVPN-compatible app or device, there's more good news: ProtonVPN offers better support for this than anyone we've seen. Instead of forcing you to work with a single set of generic configuration files, or generate custom files individually, ProtonVPN's web console gives you the best of all worlds.
You're able to customize your OpenVPN files according to the platform and protocol you need, then view files by country or individual server, and download them individually, or grab the full set in a ZIP file. If you've ever had to grab 120 OpenVPN configuration files individually, by clicking a download file for each one, before having to rename them to something usable, you'll appreciate how thoughtful this is.
Performance
Our speed testing began by connecting to the fastest server from two locations (a UK data center with a 1Gbps connection, a US location with a 600Mbps line), then checking performance with benchmarking services including SpeedTest.net (via the website and the command-line app), nPerf, SpeedOf.me and others. We repeated each test five times, ran the full set in both morning and evening sessions, then analyzed the data to compare median speeds.
OpenVPN results were excellent at 400-460Mbps in the UK, and an even better 460-510Mbps in the US. That's far better than we've seen from the other big VPN names. Even the closest contenders are far behind, with Hide.me reaching 390Mbps, HideMyAss 340-350Mbps, and ExpressVPN 310Mbps.
ProtonVPN added WireGuard just before this review, and that ramped up speeds to 560-570Mbps in the UK, 720-740Mbps in the US. Although that's also a good performance, it's not quite leading the way. IPVanish (750-790Mbps), Mozilla (750-850Mbps) and NordVPN (760-880Mbps) all delivered a little more when we put them through their paces in recent reviews.
Netflix and streaming
ProtonVPN sells itself mostly on privacy and security, but it has some serious unblocking abilities, too.
BBC iPlayer is well protected against many smaller VPNs, for instance, but ProtonVPN breezed past its defenses and allowed us to stream whatever we liked. We reconnected and repeated the tests with a couple of further IP addresses, just to confirm Proton's unblocking reliability, and they worked, too.
We were equally successful with UK and US Netflix, again with three out of three of our test connections.
Amazon Prime Video can be a challenge for some providers, but not ProtonVPN. We streamed US-only content from all three of our test locations.
The service completed its 100% record with Disney Plus, where again we got to stream the full US library like a local.
That's a great result, but remember, you need at least a ProtonVPN Plus account to get this level of performance. The free account or Basic subscription won't do.
Support
ProtonVPN's support site has a lot of detailed articles and guides, but these aren't always organized and presented in the most helpful way.
When we searched the knowledgebase for the keyword 'speed' for instance, the first hit was titled 'How latency, bandwidth, and throughput impact Internet speed', and included the advice 'To calculate the maximum throughput on a TCP connection, you can use the Mathis formula and this online calculator.'
The second article had more relevant advice, but was complex in places. For instance, after suggesting we change servers to improve speeds, it went on: 'To be effective, you should switch to a server with an IP address from a different range. For example, instead of switching from 162.210.192.158 to 162.210.192.159, you should switch to 209.58.129.97.' It's good to see a provider which goes beyond basic FAQs, but newcomers probably won't appreciate this level of technical detail in the first documents they see.
Fortunately, if you can't find what you need, ProtonVPN's new live chat support enables getting help right away. Well, hopefully; it wasn't available when we tried on Sunday evening, but we did get to talk to an agent the next day.
Our chat couldn't have gone much better. The agent was friendly, listened to our question and paid attention to our responses, asked sensible questions of their own, offered good advice, and pointed us to online resources where we could get more help.
They even offered to convert our chat into a support ticket, so that if those suggestions didn't help, we'd then be able to carry on the conversation later, without having to describe our problem all over again. Impressive.
But if live chat doesn't work for you, then you can still raise a ticket manually or send an email, and in our experience these generally get helpful replies within a few hours.
ProtonVPN review: Final verdict
ProtonVPN unblocked everything we tried, its well-designed apps are now open source and independently audited, and – thanks to the arrival of WireGuard – speeds are among the best we've seen. This is a great VPN, and it's getting better. Give it a try.
- We've also highlighted the best VPN
0 comments:
Post a Comment