Practical privacy and simple cybersecurity.
TheNewOil.org

2022 Review: ProtonVPN

Disclosure: I have an affiliate link with ProtonVPN that gives me a small financial incentive if you sign up for a paid plan using it. You do not have to use this link, I provide a non-affiliate link at the end, and I tried my best to be unbiased in this review.

What is Proton VPN?

A VPN is a service that creates an encrypted tunnel between the device and the provider's server, protecting all your traffic from prying eyes along the way like your Internet Service Provider (ISP) or whoever owns the router (think public Wi-Fi, for example). After reaching the provider's server, your traffic continues on to your desired destination like normal. Proton is one such service, very popular in the privacy community because they offer a number of features as well as an entire ecosystem (which will, of course, be touched on here).

Why Do You Need a VPN?

You may not, to be honest. I recommend you check out IVPN's site “Do I Need a VPN?” here. A lot of people really hype VPNs as one of those absolutely, must-have, life-changing things that will solve all your problems. Some mainstream providers even make ridiculous, outright false claims like “it'll make you anonymous” or “it'll protect you from viruses.” In all honesty, while I do believe that VPNs are an essential piece of your privacy strategy, there are many other free or low-cost strategies that will give you significantly more protection. A VPN these days pretty much only has two purposes: changing your IP address and protecting your traffic from local snoops. Changing your IP address is a valuable part of avoiding tracking, but it’s just one way and a VPN won’t protect you against those other methods like browser fingerprinting, tracking pixels, cookies, and more. Likewise, while it can be great to protect your traffic from your ISP or a local cybercriminal, from a security perspective you’re already pretty well covered so long as you enable your browser’s HTTPS-Only mode and make sure you’re using the correct sites instead of spoofed/phishing sites. Having said all that, I do still consider a VPN to be a useful and recommended part of your privacy and security posture if you can afford one. It can bypass censorship, stop your ISP from selling your browsing data, help obscure your IP address from tracking and logging, and protect your traffic from certain attacks.

Image

Why Not Tor?

Some people prefer Tor over VPNs. Tor is a great service, but it also has some issues that make it the wrong tool for certain situations. For example, many essential services – like banks – block known Tor IP addresses to prevent fraud and abuse, making those services nearly impossible with Tor. Second, Tor loses almost – if not – all of its anonymity once you login to something. If you login to your email and then your Reddit account in the same session, they’re now tied to together and you’ve lost your anonymity benefit. For this reason, I recommend reputable VPNs for any services that are tied to your real identity or sensitive and Tor for random searches or accounts that are not tied to your real identity.

The Good

There's a reason Proton is a titan in the privacy community. Lots of them, actually. ProtonVPN is based in Switzerland – a country renowned for having strong privacy laws. They offer over 1,700 servers in 64 countries – including India, which they recently announced a workaround for so they could still serve Indian users without violating privacy or Indian law. Their apps are available on all operating systems and feature a very clean, modern look. They even offer a free tier to let you try out the service and see if you like it. All their apps are open source and they regularly do third-party audits.

ProtonVPN offers NetShield, a DNS-based ad/malware/tracker blocker. They offer tons of documentation for things like putting a VPN on your router or making use of various features. They offer unlimited bandwidth and even offer a “VPN Accelerator” tool that claims to ensure you're always getting the best speed possible. Proton offers tools like P2P servers, Tor-over-VPN, kill switches, I mean honestly, if you want it out of a VPN, Proton likely offers it. In fact, Proton is the only VPN we recommend at The New Oil who proudly guarantees that you can still stream services like Netflix and Hulu. (I can attest that this works very well.) They also allow you to use the IKEv2 protocol on their iOS app, meaning you can use ProtonVPN alongside a content blocker such as Lockdown or Blokada.

Proton goes a step further by offering a total ecosystem. Your Proton account doesn't just get you a VPN, it gets you email, calendar, and a cloud storage system. As I've mentioned in previous blog posts, sometimes the presence of apps on various operating systems can be inconsistent – for example, at the time of writing Drive is available as an Android app but not desktop or iOS – but still. The whole ecosystem is available and growing, and in the privacy community that's no small thing. Proton is increasingly becoming the all-in-one privacy alternative to services like Google and Apple that the average person wants – simple, elegant, and user friendly.

Image

The Bad

Don't get me wrong though, Proton is not a perfect service. Nothing is. For starters, right out the gate, their Linux app sucked. When I tried to download their VPN app, it simply didn't work. At first I thought this was my fault (I use Qubes as my Linux distribution of choice, so I'm used to running into extra challenges that most people don't), but when I tweeted them for help other users quickly confirmed this is not new or unique. Bummer. I appreciate Proton making privacy more accessible, but they seem to be only operating on a small window of skill. Once you advance past their target audience, time to move on.

I'm also incredibly disappointed that they don't support hardware tokens for two-factor authentication They do support TOTP, which is fantastic, but I'd like to see them offer more advanced security for those who need (or want) it. On the note of offering their users maximum privacy/security, their signup could be better. They don't accept Monero (but they do accept Bitcoin and cash) and new accounts require verification, either via a phone number, recovery email, or payment. That makes creating a truly anonymous account difficult – impossible, in practice, for the average user they seem to be targeting.

Finally, there are drawbacks to being the big guy. As I type this, I tried to do a Brave Search but was met with one of those “drag the slider to confirm you're not a robot” captchas. I gave up after ten and went to SearXNG. This unfortunately happens frequently, especially on mobile, but I never notice any such captchas with other VPN providers like Mullvad and IVPN. I can only assume that because they are the big guys with free servers they get abused a lot more, necessitating such measures.

Conclusion

Proton is a common VPN choice in the privacy community, with good reason. Between open source apps, great jurisdiction, and a mountain of features I really have few bad things to say about them (other than what I already noted above). They're a great choice if you're still looking for a VPN provider – especially if you're a big streamer – and the included ecosystem really cements why they're one of the top dogs in the privacy community. If you're in the market for a good VPN, you'd be remiss not to at least give Proton a glance. They're one of the more expensive options we recommend, but they're worth every penny in my opinion.

You can learn more and sign up for ProtonVPN here. If you want to support us when signing up, we have an affiliate link available here.

Tech changes fast, so be sure to check TheNewOil.org for the latest recommendations on tools, services, settings, and more. You can find our other content across the web here or support our work in a variety of ways here. You can also leave a comment on this post here: Discuss...