ProtonMail(new window)
  • Deutsch
  • Ελληνικά
  • English
  • Español (España)
  • Español (México)
  • فارسی
  • Hrvatski
  • Magyar
  • Bahasa (Indonesia)
  • Italiano
  • Nederlands
  • Polski
  • Português (Brasil)
  • Português (Portugal)
  • Русский
  • Türkçe
  • Help Translate(new window)

Perfect forward secrecy with ProtonVPN

Future-proof your security with perfect forward secrecy (PFS). ProtonVPN keeps your browsing history secure even if an encryption key is compromised in the future.

  • Secure each VPN session with unique encryption keys
  • Protect all VPN sessions with PFS by default
  • Add an extra layer of security to your VPN encryption
  • What is perfect forward secrecy?

    Perfect forward secrecy refers to how an encryption algorithm generates encryption keys and ensures that a unique set of keys are used for each VPN session. These keys are used to encrypt your VPN connection so that no one can monitor your activity. We only use VPN protocols and encryption that support perfect forward secrecy.

    How does PFS work?

    We exclusively use encryption and VPN protocols that support perfect forward secrecy. Each time you connect to ProtonVPN, we generate a new encryption key, to provide you with a more secure VPN connection.

    Protect past activity

    By never re-using old encryption keys, we ensure that your traffic cannot be captured and decrypted later if an encryption key from a future VPN session is somehow compromised.

    Improved security

    Perfect forward secrecy gives you improved security. In contrast, if all browsing data is encrypted with a single private key, that key can be stolen and used to access all your past activity. With PFS, all your activities stay private, even if there is a leak.

    Advanced privacy from ProtonVPN

    Secure Core VPN

    Our Secure Core network is made up of physical servers that we own, located in countries with very strong privacy laws. We route your connection through a second VPN server for extra security. You can connect to our Secure Core network with a ProtonVPN Plus plan.

    DNS leak protection

    We prevent DNS leaks that can expose your browsing history by encrypting your DNS requests in our VPN tunnel and resolving them using our own DNS servers. When you are connected to ProtonVPN, nobody can access your DNS requests.

    Private sign up

    When you sign up for a ProtonVPN account, you don’t need to provide us with any identifying information before connecting, just an email address. Once you sign in(new window) you can start browsing securely with just one click.

    How ProtonVPN protects you online

    Based in Switzerland

    Based in Switzerland

    We’re based in Switzerland, which has very strict privacy laws and is free from EU and US mass surveillance practices.

    Trusted

    Trusted

    Proton is supported by the European Commission and recommended by the UN as a way to bypass censorship.

    VPN Accelerator

    VPN Accelerator

    Free and available to everyone who uses ProtonVPN, our unique VPN Accelerator(new window) technology can improve speeds by over 400%.

    Open source

    Open source

    We’ve made all our apps open source, so anyone can inspect their code. We have also published the audit reports from independent security experts on our website(new window).

    Kill switch

    Kill switch

    If you unexpectedly lose connection to your ProtonVPN server, our kill switch will ensure your unique IP address is kept private.

    No-logs VPN

    No-logs VPN

    We operate a strict no-logs policy, so we cannot be forced to share any information about your online activity with anyone.

    Secure VPN protocols

    Secure VPN protocols

    The VPN protocols we use are known to be secure — IKEv2, OpenVPN, and WireGuard. We don’t use less secure protocols, even if they are less costly to operate.

    Full-disk encryption

    Full-disk encryption

    All our servers are protected by full-disk encryption, meaning that even if our servers were physically seized, it would not be possible to intercept user traffic.

    swipe right or left to explore all values

    Download a fast and secure VPN

    • High-speed servers
    • Unique VPN Accelerator technology
    • Strict no-logs policy
    • Secure Core VPN
    • NetShield Ad-blocker

    Frequently Asked Questions

    What is perfect forward secrecy?

    Perfect forward secrecy is achieved by creating a unique set of encryption keys for each ProtonVPN session. This is done by generating new keys each time you connect to one of our VPN servers using secret numbers and robust mathematical procedures. This means that if your private key for one session is compromised, it cannot be used to decrypt any past (or future) browsing sessions.

    Why should I use perfect forward secrecy?

    If a hacker managed to get hold of one of the keys for a single session that used perfect forward secrecy, they could only use it to access data from that specific session, while the data in the rest of your sessions would remain safe (since different unique keys were used to encrypt and protect them). It also means that your session key will remain secure even if your VPN’s private key was exposed.

    All ProtonVPN connections are protected by perfect forward secrecy.

    How does ProtonVPN use perfect forward secrecy?

    By using any of the ProtonVPN apps, you will automatically be protected by perfect forward secrecy, as we only use encryption that supports it. Get ProtonVPN to start browsing with perfect forward secrecy, you don’t need to take any additional steps.

    What VPN protocols does ProtonVPN use?

    We use the OpenVPN, IKEv2, and WireGuard VPN protocols, which are known to be secure. We don’t support any VPN connections using PPTP or L2TP/IPSec (even though they are often cheaper and easier to run), as they do not meet our security standards. This is true for both free and paid ProtonVPN plans.