Proton VPN Passes Fourth Consecutive Annual No-Logs Audit – What Does it Mean For You?
Published
- Audit Success: Proton VPN passed its fourth consecutive independent no-logs audit by Securitum.
- No Data Stored: Audit confirmed no user activity, metadata, or traffic logs exist on servers.
- Transparency Focus: Proton VPN publishes reports, keeps apps open source, and runs bug bounty program.
Proton VPN has successfully completed its fourth consecutive annual third-party audit, confirming once again that the service adheres to its strict no-logs policy. The audit was carried out by Securitum, a leading European security auditing company, which reviewed Proton VPN’s infrastructure and server operations.
Independent Audit Confirms No-Logs Policy
Proton VPN has long claimed that it does not track or store user activity. To ensure this, the company submits to regular external audits. This year’s review by Securitum found no evidence of activity logging, connection metadata storage, or traffic inspection.
The audit also verified Proton VPN’s use of automated configuration management and strict administrative processes, such as dual-control change approval, which help prevent any unauthorized configuration changes that could enable logging.
According to the official report:
Why VPN Audits Matter
When users connect to a VPN, the provider essentially becomes their internet service, with the technical ability to monitor and log activity. While many providers claim “no-logs” policies, these claims often go untested.
Proton VPN’s policy has been tested both technically and legally. In 2019, the company was ordered to hand over user logs in a case but could not comply because no logs existed. Additionally, Proton VPN operates under Swiss jurisdiction, where there are no mandatory data retention requirements for VPN services.
Still, Proton VPN acknowledges that risks such as misconfigured servers or flawed architecture could lead to accidental logging. To address this, it invites Securitum each year to conduct a detailed review.
The annual audits include:
- Checking whether any user activity is tracked on production VPN servers.
- Assessing if metadata (DNS queries, timestamps) is stored.
- Verifying that traffic contents are not logged or inspected.
- Ensuring the no-logs policy applies to all servers and user tiers worldwide.
- Reviewing safeguards such as automated alerts for unauthorized configuration changes.
Each of these areas passed inspection in the 2025 review.
Transparency and Open Source Approach
Proton VPN highlights its roots in scientific research, noting that its founders met at CERN. This background underpins its commitment to transparency, peer review, and open-source development. All Proton VPN apps are open source, allowing independent experts to review the code.
The company also maintains a bug bounty program, offering rewards to security researchers who discover vulnerabilities in its services.
Previous no-logs audits are available for public review:
Looking Ahead
Proton VPN says it will continue submitting to independent audits and publishing results to strengthen user trust. The company emphasizes that its growing set of features will not compromise its no-logs commitment.
Users interested in the details can read the full 2025 Securitum No-Logs Audit Report.
Related
Get expert insights on threats, breaches, scams, and security trends — delivered every Saturday.
Most Popular
Get expert insights on threats, breaches, scams, and security trends — delivered every Saturday.
Most Popular