With a lot of free VPN services, it turns out your data is the real price you pay for your freedom. However, ProtonVPN has a strict no-data logging policy and does not sell any user data to third parties. ProtonVPN is also based in Switzerland and was started by CERN and MIT students who came together to create a secure and private VPN that doesn't compromise on speed or safety. This article will take you through various aspects that answer the question - Is ProtonVPN safe?
What Makes ProtonVPN Safe?
ProtonVPN is a safe and easy way to browse the web without having to worry about being tracked or spied on. Here are the features that contribute to its security:
No Data Logging
Under Swiss law, ProtonVPN can't be forced to save any user connection logs, nor can they perform targeted logging on specific users. This ensures that your personal browsing history stays private and cannot be offered to a third party under any circumstances. This policy applies to all their users, including free tier users.
ProtonVPN includes a kill switch feature that can help protect your privacy. If the VPN you're using disconnects while torrenting or doing something else online, your IP address and online activity can be seen by your Internet Service Provider. With the kill switch enabled, ProtonVPN will automatically block all network activity if the VPN connection is interrupted.
Secure Core Servers
When using ProtonVPN's Secure Core architecture, your traffic is routed through multiple servers before leaving the ProtonVPN network. It means that even if an adversary (such as a government or ISP) monitors the traffic from the VPN servers, they won't be able to see your actual IP address or match your activity on the Internet to your IP address. ProtonVPN's Secure Core servers are hosted by specially-selected partners in hardened data centers and protected by strong privacy laws.
VPNs work by making an encrypted tunnel to send all the web data through. ProtonVPN creates two tunnels: one goes to a location specified by you directly, and the second routes your traffic through a VPN-encrypted tunnel. Using this feature, you can access the Internet through public unencrypted Wi-Fi connections and still have encrypted browsing. For example, this feature would let you use the Web in France when connected to the USA server of your VPN service, plus watch Netflix US at the same time. ProtonVPN offers the split tunneling feature for Windows and Android.
Encrypts Network Traffic
ProtonVPN uses the most advanced encryption to protect your privacy with 256-bit AES, 4096-bit RSA, and SHA384 HMAC.
- AES-256: Advanced Encryption Standard (AES) is a cipher that encrypts your data with a key length of 128-, 192-, or 256-bits. AES-256 (Aes with a 256-bit key) is the most popular cipher in the encryption space because it’s quick, secure, and doesn’t require much computing power. The US government uses AES-256 to encrypt top-secret information for this reason.
- 4096-bit RSA: RSA encryption is another kind of encryption whose goal is to encrypt each bit of information. However, it's slower than AES, so it's common in VPNs to use RSA to encrypt keys. ProtonVPN uses 4096-bit RSA encryption because security professionals consider 2048-bit RSA keys secure, but they went the extra mile with 4096-bit RSA encryption.
- HMAC with SHA384: HMAC, otherwise known as hash-based message authentication code, is a cryptographic method that works by calculating the hashes of two different inputs in order to generate a unique key used to verify data integrity. An example of one of the SHA384 hash functions would be how ProtonVPN generates two unique keys using SHA256 and then encrypts them with each other, forming the actual shared secret key used in their security infrastructure.
Full Disk Encryption
Although virtually no identifying data is stored on them anyway, all ProtonVPN servers are protected with full disk encryption, and this helps secure them from attackers of the type that might be after governments. Full disk encryption secures server certificates and other partitions and configuration files so that even if a server is somehow compromised, any data stored on it would still be unreachable.
ProtonVPN only uses VPN protocols known to be secure - OpenVPN, IKEv2, & WireGuard. It does not have any servers that support L2TP/IPSec or PPTP despite being well-known and less costly to operate. By using ProtonVPN, you can ensure that your VPN tunnel is exceptionally resilient and protected by a protocol that does not compromise the security of its users.
DNS Leak Protection
DNS verification is essential when it comes to VPNs. A device can leak your IP address, which compromises the security of your entire private network. Fortunately, ProtonVPN includes a 'DNS Leak Protection feature to help keep your data secure and confidential.
NetShield filters out malwares, prevents ads from displaying, and stops your internet service provider (ISP) from tracking your web surfing habits by randomly assigning your computer a new IP address.
By using a "Perfect Forward Secrecy" protocol, ProtonVPN always generates a new encryption key with each connection. So if an encryption key from a future session is compromised, it cannot be used to decrypt past connections.
ProtonVPN has taken specific measures to protect its Secure Core servers. For example, the hard drives in its servers are encrypted, and a unique encrypted key is used for each data center to prevent attackers from accessing data across various servers. Many of its servers are located in Switzerland at GZ Zurich – Security Datacenter, an underground site that requires two-factor authentication for access.
In Iceland, its infrastructure is protected by putting servers at an old military base. In Sweden, ProtonVPN also uses an underground data center site with biometric entry controls and round-the-clock security cameras monitoring all activity. By designating specific devices at these locations as "special," they ensure safety even at the hardware level.
Tor over VPN
ProtonVPN offers Tor support via its VPN. ProtonVPN's Tor-enabled servers allow you to route traffic through the Tor anonymity network and access dark websites with a single click.