llustration of protonvpn open source

All Proton VPN apps are now open source and audited

We’re happy to be the first VPN provider to open source our apps on all platforms (Windows, macOS, Android, and iOS) and undergo an independent security audit. Transparency, ethics, and security are at the core of the internet we want to build and the reason why we built Proton VPN in the first place.

We launched Proton VPN in 2017 to provide Proton Mail users with a trustworthy VPN service, which was increasingly necessary given the rise of Internet censorship. VPN in particular was an area in dire need of improvement. Studies have found that over one-third of Android VPNs actually contain malware(new window), many VPNs suffered from major security lapses, and many free VPN services that claimed to protect privacy are secretly selling user data to third parties(new window). In general, there is also a lack of transparency and accountability regarding who operates VPN services, their security qualifications, and whether they fully conform to privacy laws like the GDPR(new window).  

Proton VPN changed this by delivering an unparalleled level of transparency and accountability(new window). We have done things differently from the start: We have a strict no-logs policy(new window), we’re based in Switzerland, regulated by some of the world’s strongest privacy laws, we have a deep security background, and we have even opened up our technology for inspection by Mozilla(new window). We’re regularly audited by independent security experts, and our latest security audit(new window) results confirm our no-logs policy.

Making all of our applications open source is therefore a natural next step. As former CERN scientists(new window), publication and peer review are a core part of our ethos. We are also publishing the results of independent security audits covering all of our software.

You can find the open-source code and audit reports here:

You can also find the latest security audit reports for all Proton services on our community page explaining why we prioritize open-source code(new window).

Why it’s important to use an open-source VPN

When you choose to use a virtual private network, you are placing an extraordinary amount of faith in that service provider. Here’s why:

When you are not connected to a VPN, your unencrypted Internet traffic (i.e., that which is not protected by TLS) may be intercepted by your WiFi provider, by your Internet service provider(new window) (ISP), by hackers monitoring the local network, or by the government authorities in your jurisdiction. Your IP address (i.e. your device’s identity and your geographical location) is also exposed, including to the websites you visit, which can use that information to track you across the Internet. Even encrypted traffic can be monitored to observe the websites you visit, and your IP address will remain exposed.

When you connect to a VPN, your Internet traffic is encrypted between your device and the VPN server, protecting it from local network surveillance. Even your DNS lookups (the names of the web domains you visit) are protected. And your IP address is masked to help protect your identity and location. However, when you connect to any VPN, the VPN provider can see the same kind of data that your ISP could when not using a VPN, including your browsing history and IP address. This is why choosing a trustworthy VPN service(new window) is so important.

A VPN application, therefore, has a lot of privileged access to your device and your online activity. Open-source code allows security researchers and the global security community to inspect how we implement encryption and how we handle your data, giving you more certainty that we are adhering to our strict privacy policy. Open-source code provides security through transparency, meaning that because the code is heavily scrutinized, potential vulnerabilities are quickly spotted and fixed. This reduces the risk of a security vulnerability in a VPN app putting you at risk. 

In contrast, proprietary code relies on “security through obscurity,” meaning vulnerabilities are less likely to be discovered. Or worse, these vulnerabilities may be only known to malicious actors who exploit them secretly without users being aware. 

When it comes to online privacy and security software, we believe free and open-source software is better for safety and provides better accountability to our user community. Open source has long been at the core of Proton, and our open-source software includes the Proton Mail web app(new window), iOS app(new window), Android app(new window), and the desktop Bridge app(new window).

This means that all Proton apps that are out of beta are open source.

We also maintain open-source encryption libraries, such as OpenPGPjs(new window), which power a significant fraction of encrypted applications on the web today and serve tens of millions of users.

Third-party security audits

Another unique quality of Proton VPN is our commitment to having independent security researchers inspect our software before releasing it publicly. Previously, Mozilla reviewed our implementations, organizational structure, and our technology as part of their due diligence for a partnership with us. 

Since then, we have initiated more thorough security-focused audits for all our clients. We contracted SEC Consult(new window), a leading security firm, to conduct the audits. Although such audits are expensive and time-consuming, we believe these are a critical step that must go together with open sourcing our code. Going forward, we will continue to do audits on an ongoing basis to have continual independent checks on our application security.

Working with the Proton community

The other important benefit of open sourcing our software is that it furthers our overall mission to build an Internet that’s more secure, private, and free by leveraging the power of the community. Security improvements can now be submitted by developers from around the world through our bug bounty program(new window). And in some cases even features improvements from the community may be incorporated into the official Proton VPN apps, similar to what we have done previously with the official Proton VPN Linux client(new window)

As a community-supported organization, we have a responsibility to be as transparent, accountable, and accessible as possible. Going open source helps us to do that and serve you better at the same time. 

Your feedback and suggestions have become a vital source of ideas and inspiration for us, and we will continue working to meet your expectations in 2020 and beyond. We will be launching new servers all over the world, improving security, and releasing new features to keep you safe and help you bypass censorship. None of what we have achieved to date could have been done without our community.

Thank you for your support!

Best Regards,
The Proton VPN Team

Follow us on social media to stay up to date on the latest Proton VPN news:

Twitter(new window) | Facebook(new window) | Reddit(new window) | Instagram(new window)

To get a free Proton Mail encrypted email account, visit: proton.me/mail(new window)

Proteggi la tua privacy e la tua sicurezza online.
Passa gratis a Proton VPN

Articoli correlati

en
Update July 18, 2024: This article has been updated to feature the latest audit of our no-logs policy by Securitum, which was concluded on July 12, 2024. Links to all our no-logs policy audits are included. We’re pleased to announce that Proton VPN
VPN on mobile device
en
Growing public awareness about the threat posed to our fundamental right to privacy by online trackers has fueled a surge in VPN adoption, a trend that has been boosted thanks to people spending more time online due to the Covid-19 pandemic. Althoug
Tor over VPN
en
  • Approfondimenti sulla privacy
Tor is a powerful privacy tool, but you may not want to use Tor all by itself. Learn why you may want to connect to Tor over a VPN. When you connect to the Internet, especially if you’re using public WiFi, there’s a good chance people are watching y
Smart TV privacy
en
Smart TVs are essentially televisions that can watch you. Their surge in popularity, along with smart speakers, means corporations (and anyone that can hack these devices) have another window through which they can view your private activity. The dat
Expats should use a VPN
en
  • Le basi della privacy
Living abroad can be an adventure, but it also presents unique online privacy obstacles. A VPN can help expats stay in touch with their family and avoid Internet censorship. In the age of the “digital nomad” more and more people are moving abroad. L
en
The internet is full of information, but some of it is inappropriate, especially for kids and sensitive adults. SafeSearch can help filter out this content to make browsing safer and improve your children’s privacy online. This article explains how