Proton after external audit: paid VPN service does not keep logs
Proton has had an audit performed on its ProtonVPN service. An independent security company concludes that the service does indeed keep no logs of user traffic. With the free service, a network inspection is done to prevent bittorrent traffic.
proton left the audit performed by security company Securitum. According to the company the results are good, although only the conclusions are public and not the entire report. Securitum examined all of Proton’s applications, including ProtonMail and ProtonVPN. An important conclusion from the report is that the company’s VPN service does not keep logs of where a user surfs. Neither substantive data is collected nor metadata such as DNS traffic.
Nearly all serious VPN services claim to have a no-logging policy, but few prove it through third-party audits. ProtonVPN was previously asked to hand over logs in a lawsuit, but then did not disclose any information due to the alleged policy.
Securitum does conclude that the company’s free VPN service does network inspection. ProtonVPN offers that free service in addition to the paid service. With that free service, the parent company does inspect the network traffic. “This inspection is in place to block bittorrent traffic that could affect the operation of the free servers,” the audit company writes. Proton uses nDPI for this, but keeps no logs. “In Securitum’s opinion, this inspection does not affect user privacy because it does not keep logs of which users are using bittorrent traffic.”