The VPN industry is notorious for unscrupulous or even malicious players, so it’s reasonable to ask why Proton VPN can be trusted. Here are some qualities that set us apart from other VPN providers.
In 2017, Proton entered the VPN space with the launch of Proton VPN. We decided to launch a free VPN service because Proton Mail protects journalists and activists around the world, and as a result of our activities in that area, Proton Mail runs a high risk of being blocked in various countries. This theoretical risk has become a reality in recent years, with Proton Mail being temporarily blocked in Turkey(neues Fenster) and Russia(neues Fenster). A VPN is often the best way to circumvent such blocks.
Many VPN services already exist, but we launched Proton VPN because we wanted to build a VPN we knew we could trust(neues Fenster).
Many VPNs are notoriously bad — many of them contain malware(neues Fenster) while others knowingly violate the privacy they claim to protect. Hotspot Shield, for example, was the subject of an FTC complaint(neues Fenster) by the Center for Democracy and Technology for data sharing and traffic redirection.
Unscrupulous VPN companies also engage in many questionable business practices. Many supposedly independent VPN reviews are actually paid for or sponsored, and there are also completely fake reviews that make misleading claims. Other tactics we have seen include using anonymous websites and hundreds of Twitter bots to spread fake news or sending anonymous “tips” to journalists with misleading information.
These maneuvers generally are not very effective, especially against Proton VPN, as we’re a transparent company. However, they do have the cumulative effect of reducing user trust in the VPN industry as a whole by exposing the unscrupulous nature of many VPN providers. In this context, we want to provide some facts that demonstrate how Proton VPN is different when it comes to trustworthiness.
Why Proton VPN is trustworthy
In the VPN industry, it can be challenging to sort through all the fake reviews and information. However, there are several factors that set Proton VPN apart, all of which are all well documented.
Business model
Proton, the Swiss company behind Proton Mail(neues Fenster), Proton Calendar(neues Fenster), Proton Drive(neues Fenster), SimpleLogin by Proton(neues Fenster) and Proton VPN, has one and only one business: privacy. Users who pay for one of our services (to access paid features) do so because they wish to keep their personal data private. The Proton community is our only source of income. Even if you ignore all the other reasons that drive us to do what we do, from a pure self-interest standpoint, we’re incentivized to keep our users’ trust. By using a subscription business model, our interests and the interests of our community — online privacy — are fully aligned.
Transparency
As a company, we’re transparent about who we are(neues Fenster). We do not hide behind offshore shell companies. Where we’re based, the address of our headquarters, our company statutes, and even our directors are all a matter of public record and available for inspection at the Swiss commercial register(neues Fenster). The names and backgrounds of our leadership team have been publicly disclosed. So are the locations of all of our offices, our sources of funding, and even a full accounting of all the law enforcement requests we have received. We also clearly state the threat model for the services we offer (i.e., what they can and can’t protect you against), and provide a GDPR-compliant privacy policy.
In other words, you know who runs the company, where we run it from, what data we have, how we interact with law enforcement, and much more, and we do this with a level of transparency that is unmatched in the industry.
Open source and audited
We feel it’s equally important that our code is transparent as well. That is why we were the first VPN service to have open-source apps on Android, iPhone, macOS, Windows, and Linux. All our apps have also undergone an independent security audit(neues Fenster). This transparency increases our security by leveraging the entire IT security community to scrutinize our code and help find and fix any potential weaknesses.
We’ve also had our no-logs policy audited by the independent security experts. The audits of our apps and no-logs policy were carried out by Securitum(neues Fenster), a respected European cybersecurity firm that carries out hundreds of security tests and inspections for major corporations and banks every year.
So not only do you have transparency into who makes up the team at Proton VPN, you also can see the code that makes up all of our apps.
Proven provenance
Proton and Proton VPN have been under the glare of public scrutiny from the very beginning. Our origins and history are a matter of public record. Proton Mail’s creation by scientists who met at CERN (the European Organization for Nuclear Research) is well documented on the CERN website(neues Fenster). The scientific background of our leadership team is also a matter of public record, from our academic careers(neues Fenster) to our scientific publications(neues Fenster).
Proton Mail’s initial financing through crowdfunding is also publicly documented(neues Fenster), along with the identities of many of our initial financial backers. Our longstanding ties to Geneva and Switzerland are also well known, with Swiss public television(neues Fenster), Swiss public radio(neues Fenster), and even official Swiss government publications(neues Fenster) running features on Proton Mail. There is an overwhelming body of public documentation that attests to who we are and our story, which you will not find from any other VPN company.
Legal guarantees
Proton isn’t hidden behind a shell company based offshore in a suspicious jurisdiction. We’re not only incorporated in Switzerland, but also headquartered here, and the bulk of our engineering team lives and works here. Switzerland is not only a country with strong privacy rights but also a country with a strong rule of law and is part of the European Single Market. This means that unlike other VPN companies, we can actually be held legally accountable for breaches in user privacy or false advertising. Under the EU’s General Data Protection Regulation(neues Fenster) (which we’re obligated to comply with), breaching user privacy can lead to fines of up to €20 million. Unauthorized sharing of user data with third parties like foreign intelligence agencies is also a criminal offense under article 271 of the Swiss Criminal Code.
The increased accountability that we have as a Swiss company legally obligates us to respect user privacy and adhere strictly to our no-logs policy.
Vetted by trusted third parties
While transparency and legal guarantees form a strong foundation for trust, you don’t have to take our word for it. Proton VPN has also been thoroughly vetted by Mozilla(neues Fenster), the nonprofit foundation behind the Firefox web browser, which we have partnered with to bring VPN technology to a broader audience.
Furthermore, as the recipient of innovation grants from the Swiss government and also the European Union(neues Fenster), Proton AG has also been exhaustively checked and vetted by the European Commission. (Note that these grants do not give any control to the grant agencies, nor obligate us in any way. Learn more here(neues Fenster).)
Proton Mail is also the tool recommended by the United Nations(neues Fenster) for documenting human rights abuses. The fact that trusted third parties have assessed both Proton Mail and Proton VPN and gone on to work with us provides a further guarantee that we live up to our word.
Community engagement
As a company, we care deeply about our community and making the world a better place. For us, privacy and security are deeply held core beliefs that come before profits. This drives our engagement with our community. Examples include our training sessions with the Second Asian Investigative Journalism conference(neues Fenster), our work in the open source community driving the development of OpenPGP.js(neues Fenster) (one of the world’s most widely used Javascript encryption libraries), the GopenPGP(neues Fenster) project, and the technical talks(neues Fenster) we have given about building privacy.
Sometimes, our engagement happens closer to home, like when we helped force a nationwide referendum(neues Fenster) on Swiss surveillance laws(neues Fenster) (even though Proton Mail is unaffected due to our encryption) or when we won a legal challenge against the Swiss government to strengthen email privacy(neues Fenster).
We also engage more broadly, like when we gave a TED Talk(neues Fenster) that reached millions of people worldwide, or when we spoke at a United Nations conference(neues Fenster) about combating terrorism while protecting human rights online. We recently worked with Reporters Without Borders Berlin(neues Fenster) to sponsor a scholarship program for journalists, and also provided funding for the largest independent news outlet in Belarus(neues Fenster).
Our frequent community engagement means that many people in different fields have had the chance to meet our team, get to know us, and confirm that we are who we claim to be.
Our commitment
We’re committed to making privacy and security available to all citizens of the world and will continue to carry out our mission as effectively as possible. We’re grateful for the more than 10 million people who have joined our community and supported us along the way. We know that trust is earned, not given. Through persistent dedication to our principles of privacy and transparency, we’re trying to be worthy of it.
If you would like to see independent reviewers think of our service, please see our Proton VPN reviews(neues Fenster) page.
Best Regards,
The Proton VPN Team