Proton proves its no-logs policy for the third time with independent audit
Three on the bounce
Proton VPN is one of the biggest names in the VPN game, and with that comes a certain amount of responsibility. You have to prove that you can be trusted to handle the privacy of millions of customers – often in regions where getting around government censorship could get you in trouble.
Backing up its spot as one of the best VPNs, on July 12, 2024, Proton again underwent an independent audit of its no-logs policy – and for the third time in a row, it passed.
What is a "no-logs" policy
One of the first things you should look for in a VPN before you trust it is an independently audited "no-logs" policy.
This is confirmation that the VPN provider isn't keeping track of your personal data, browser history, or anything that ties you to your online activity. Even though you might be using a VPN provider's servers, they do not keep any record of the websites you visited or any other online activity.
A lot of VPNs claim to have a "no-logs" policy but far fewer actually do. Having regular audits by an independent party is a great way to back up privacy credentials.
Proton passes
This most recent audit pass was Proton's third in a row and was conducted by Securitum with Proton's no-logs policy proving up to scratch.
Proton describes that the process was extensive: "Securitum security experts spent several days on-site reviewing our VPN configuration files and server configurations, assessing our operating procedures, and interviewing our staff."
In particular, this most recent audit answered the following questions, with Proton each time producing the right answer.
- Does Proton VPN track your activity on VPN servers (servers that are passing the traffic)?
- Does Proton VPN log metadata about the activity on VPN servers, such as DNS traffic?
- Does Proton VPN inspect or log the network traffic on VPN servers?
- Does Proton VPN monitor or log information about which services (websites, servers, etc.) you connect to?
- Does Proton VPN monitor which services (websites, servers, etc.) have been used by a specific VPN server?
- Does Proton VPN apply the same privacy policy to all servers, regions, and subscription tiers?
- Does Proton VPN have a specific process to ensure that any unauthorized configuration change (such as “log=false” to “log=true”) will be detected? Will it trigger an automatic alarm?
- Does Proton VPN have a proper change management process in place to ensure that any authorized changes applied to the logs-related configuration files are reviewed and approved by another employee (dual control)?
- Do VPN configuration files have any logging enabled?
- Does Proton VPN log information about which VPN server you are connected to at a given time (or which users are connected to a specific VPN server at a given time)?
With these assurances, users should feel comfortable using both the premium VPN and the free version, which we rate as one of the best free VPNs.
A few other things in Proton's favor include its Swiss location (with some of the tightest data protection laws in the world), and the fact that all of its apps are open source. Users can investigate the product's underlying code for peace of mind themselves.
Of course, a great VPN should be secure too, and Proton offers industry-standard encryption with either AES-256 protection when using OpenVPN, or the equally secure ChaCha20 encryption when using WireGuard (which is the most recent and fastest option).
Andy is Tom's Guide Staff Writer for VPNs and privacy. Based in the UK, he originally cut his teeth at Tom's Guide as a Trainee Writer (go and click on his articles!) before moving to cover all things Tech and streaming at T3. He's now back at Tom's Guide to keep you safe online, and bring you the latest news in VPN and cybersecurity.