When choosing a VPN there are several factors that are important. The price, for example, and the speed of the various servers.
What perhaps even more crucial is now a VPN handles your anonymity. That’s what our yearly review focuses on. In addition, we ask whether torrenting is permitted and what the best security settings are.
This page updates yearly. We’re not here to pick the best VPN, we just want to give people as much info they need to they can make an informed choice. Here’s the 2019 overview of all VPN providers.
1. Do you keep ANY logs which would allow you to match an IP-address and a time stamp to a user of your service? If so, exactly what information do you hold and for how long?
ProtonVPN: No. Each time a user connects to ProtonVPN, we only monitor the timestamp of their last successful login attempt. This gets overwritten upon each successful login. This timestamp does not contain any identifying information, just the time and date of the login.We do not collect any information regarding a user’s IP address, and we only retain the limited timestamp information to protect user accounts from password brute force attacks.
2. What is the name under which your company is incorporated, and under which jurisdiction does your company operate?
ProtonVPN: Our registered name is Proton Technologies AG, and we operate under the jurisdiction of Switzerland.
3. What tools are used to monitor and mitigate abuse of your service, including limits of concurrent connections if these are enforced?
ProtonVPN: We use internal tools and systems to mitigate the abuse of our service and to ensure the best quality for our users.
4. Do you use any external email providers (e.g. Google Apps), analytics, or support tools ( e.g Live support, Zendesk) that hold information provided by users?
ProtonVPN: We currently use anonymized Google Analytics data to optimize our website, but we are migrating to a local installation of Matomo, an open source analytics tool. For customer support, we use ZenDesk.
The information users provide when they contact our support team is processed for analytics purposes (like aggregating the number of questions regarding Secure Streaming), but they are not combined with any personal data.
5. In the event you receive a DMCA takedown notice or a non-US equivalent, how are these handled?
ProtonVPN: A DMCA takedown notice or its non-US equivalent would be handled according to our internal processes. Such a request would never be connected to a specific user, thanks to our strict no-logs policy.
6. What steps are taken when a court orders your company to identify an active or past user of your service? How would your company respond to a court order that requires you to log activity going forward? Has any of this ever happened?
ProtonVPN: We can only disclose the limited user data we possess, but our strict no-logs policy means we don’t have any information about our users’ online activity.
The limited data we have will only be disclosed when requested by a Swiss court for the purposes of the prevention, investigation, detection or prosecution of criminal offenses or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security.
Court orders must be approved by either the Cantonal Courts of Geneva or the Swiss Federal Supreme Court. Under Swiss law, it is obligatory to notify the target of a data request, although such notification may come from the authorities and not from the Company. We have not had any requests of this kind.
7. Is BitTorrent and other file-sharing traffic allowed on all servers? If not, why?
ProtonVPN: We allow P2P torrenting on all of our paid plans. Depending on the laws of the country hosting the server, we might have to tunnel the connection through a P2P-friendly country. Currently, we do not provide port forwarding services.
8. Which payment systems/providers do you use? Do you take any measures to ensure that payment details can’t be linked to account usage or IP-assignments?
ProtonVPN: We rely on third parties to process credit card and PayPal transactions, and we never save our users’ full credit card details. Our payment processing partners collect basic billing information to process payments and refunds, but it cannot be linked to a user’s online activity. We also accept anonymous cash or Bitcoin payments.
9. What is the most secure VPN connection and encryption algorithm you would recommend to your users?
ProtonVPN: We only use VPN protocols that are known to be secure — either IKEv2/IPSec or OpenVPN. We encrypt our users’ traffic with AES-256, key exchange is done with 4096-bit RSA, and HMAC with SHA384 is used for message authentication. This is available for all users, including the ones on our Free plan. Plus and Visionary plan users can also use our Secure Core feature for an extra layer of security.
10. Do you provide tools such as “kill switches” if a connection drops and DNS leak protection?
ProtonVPN: We currently support a Kill Switch on Windows, Android, and Mac. iOS users can use Always-on feature, as a true Kill Switch is prevented by Apple’s network-level restrictions on iOS. We operate our own DNS servers to ensure DNS leak prevention. Our servers currently support IPv4.
11. Do you have physical control over your VPN servers and network or are they outsourced and hosted by a third party (if so, which ones)? Do you use your own DNS servers? (if not, which servers do you use?)
ProtonVPN: We never compromise on security; we only use physical servers from reputable third parties that have gone through our vetting process. Our Secure Core servers provide an extra layer of protection against any potential interference with our end servers, including by our partners. We do use our own DNS servers, which handle all our users’ DNS requests.
12. What countries are your servers physically located? Do you offer virtual locations?
ProtonVPN: We currently have 550+ servers in 40+ countries, and we are continuously expanding our network. We only use physical servers that are located in their stated countries. We do not use any virtual servers or offer any virtual locations.