50% off

Black Friday starts early this year!

Black Friday

View deals
Proton Mail
Proton Calendar
Proton Drive
  • Deutsch
  • Español (España)
  • Latinoamérica
  • فارسی
  • Français
  • Italiano
  • Nederlands
  • Polski
  • Português (Brasil)
  • Português (Portugal)
  • Русский
  • Türkçe
  • Hrvatski
  • Bahasa (Indonesia)
  • Українська
  • Ελληνικά
  • Magyar
  • Help Translate(new window)

Perfect forward secrecy with Proton VPN

Future-proof your security with perfect forward secrecy (PFS). Proton VPN keeps your browsing history secure even if an encryption key is compromised in the future.

  • Secure each VPN session with unique encryption keys
  • Protect all VPN sessions with PFS by default
  • Add an extra layer of security to your VPN encryption
  • What is perfect forward secrecy?

    Perfect forward secrecy refers to how an encryption algorithm generates encryption keys and ensures that a unique set of keys are used for each VPN session. These keys are used to encrypt your VPN connection so that no one can monitor your activity. We only use VPN protocols and encryption that support perfect forward secrecy.

    How does PFS work?

    We exclusively use encryption and VPN protocols that support perfect forward secrecy. Each time you connect to Proton VPN, we generate a new encryption key, to provide you with a more secure VPN connection.

    Protect past activity

    By never re-using old encryption keys, we ensure that your traffic cannot be captured and decrypted later if an encryption key from a future VPN session is somehow compromised.

    Improved security

    Perfect forward secrecy gives you improved security. In contrast, if all browsing data is encrypted with a single private key, that key can be stolen and used to access all your past activity. With PFS, all your activities stay private, even if there is a leak.

    Advanced privacy from Proton VPN

    Secure Core VPN

    Our Secure Core network is made up of physical servers that we own, located in countries with very strong privacy laws. We route your connection through a second VPN server for extra security. You can connect to our Secure Core network with a Proton VPN Plus plan.

    DNS leak protection

    We prevent DNS leaks that can expose your browsing history by encrypting your DNS requests in our VPN tunnel and resolving them using our own DNS servers. When you are connected to Proton VPN, nobody can access your DNS requests.

    Private sign up

    When you sign up for a Proton VPN account, you don’t need to provide us with any identifying information before connecting, just an email address. Once you sign in you can start browsing securely with just one click.

    How Proton VPN protects you online

    Based in Switzerland

    Based in Switzerland

    We’re based in Switzerland, which has very strict privacy laws and is free from EU and US mass surveillance practices.

    Trusted

    Trusted

    Proton is supported by the European Commission and recommended by the UN as a way to bypass censorship.

    VPN Accelerator

    VPN Accelerator

    Free and available to everyone who uses Proton VPN, our unique VPN Accelerator technology can improve speeds by over 400%.

    Open source

    Open source

    We’ve made all our apps open source, so anyone can inspect their code. We have also published the audit reports from independent security experts on our website.

    Kill switch

    Kill switch

    If you unexpectedly lose connection to your Proton VPN server, our kill switch will ensure your unique IP address is kept private.

    No-logs VPN

    No-logs VPN

    We operate a strict no-logs policy, so we cannot be forced to share any information about your online activity with anyone.

    Secure VPN protocols

    Secure VPN protocols

    The VPN protocols we use are known to be secure — IKEv2, OpenVPN, and WireGuard. We don’t use less secure protocols, even if they are less costly to operate.

    Full-disk encryption

    Full-disk encryption

    All our servers are protected by full-disk encryption, meaning that even if our servers were physically seized, it would not be possible to intercept user traffic.

    swipe right or left to explore all values

    Download a fast and secure VPN

    • High-speed servers
    • Unique VPN Accelerator technology
    • Strict no-logs policy
    • Secure Core VPN
    • NetShield Ad-blocker

    Frequently Asked Questions

    What is perfect forward secrecy?

    Perfect forward secrecy is achieved by creating a unique set of encryption keys for each Proton VPN session. This is done by generating new keys each time you connect to one of our VPN servers using secret numbers and robust mathematical procedures. This means that if your private key for one session is compromised, it cannot be used to decrypt any past (or future) browsing sessions.

    Why should I use perfect forward secrecy?

    If a hacker managed to get hold of one of the keys for a single session that used perfect forward secrecy, they could only use it to access data from that specific session, while the data in the rest of your sessions would remain safe (since different unique keys were used to encrypt and protect them). It also means that your session key will remain secure even if your VPN’s private key was exposed.

    All Proton VPN connections are protected by perfect forward secrecy.

    How does Proton VPN use perfect forward secrecy?

    By using any of the Proton VPN apps, you will automatically be protected by perfect forward secrecy, as we only use encryption that supports it. Get Proton VPN to start browsing with perfect forward secrecy, you don’t need to take any additional steps.

    What VPN protocols does Proton VPN use?

    We use the OpenVPN, IKEv2, and WireGuard VPN protocols, which are known to be secure. We don’t support any VPN connections using PPTP or L2TP/IPSec (even though they are often cheaper and easier to run), as they do not meet our security standards. This is true for both free and paid Proton VPN plans.