The team of scientists and engineers that came out last year with the wildly successful end-to-end encrypted email service, ProtonMail, has now officially made public their new highly secure (and very fast!) virtual private network (VPN) called ProtonVPN.
As a ProtonMail user I’ve been incredibly pleased with the service and its security and this morning I signed up for their newest offering, ProtonVPN. I did so mainly because of the features, but also because it’s from a company I trust and, as a beta user, found it to be fast, robust, secure, and rock-solid.
I’m also stunned by how quickly they’ve nailed the key features needed in both email and VPN to keep us private and secure. A big plus also is that the company, Proton Technologies AG, is based in Switzerland, a country whose laws favor privacy, security and non-disclosure which is the perfect place to headquarter the firm:
“ProtonMail was founded in 2013 by scientists who met at CERN and were drawn together by a shared vision of a more secure and private Internet. Since then, ProtonMail has evolved into a global effort to protect civil liberties and build a more secure Internet, with team members also hailing from Caltech, Harvard, ETH Zurich and many other research institutions.
Today, we help our community of millions of users secure their private data online. More than 10,000 supporters have assisted us in this mission by donating to make this project possible. Thanks to your support, we are continuing to develop state of the art email privacy and security technology from our home base of Geneva, Switzerland.”
ProtonVPN has several key features that are a bit geeky, but have turned my head as someone who is deep in to cyber security:
- Secure Core: This architecture gives their secure VPN service the unique ability to defend against network based attacks. Secure Core protects your connection by routing your traffic through multiple servers before leaving our network. This means an advanced adversary who can monitor the network traffic at the exit server will not be able to discover the true IP address of ProtonVPN users, nor match browsing activity to that IP.
- Strong Encryption: All your network traffic is encrypted with AES-256, key exchange is done with 2048-bit RSA, and HMAC with SHA256 is used for message authentication which means it is VERY secure.
- Forward Secrecy: The encryption cipher suites they use only include ones that have Perfect Forward Secrecy. This means that your encrypted traffic cannot be captured and decrypted later if the encryption key from a subsequent session gets compromised. With each connection, ProtonVPN generates a new encryption key, so a key is never used for more than one session.
- Strong Protocols: They exclusively use VPN protocols which are known to be secure (OpenVPN and IKEv2). Though I’m not a cryptographer, every one that is whom I follow online swears by both of those protocols which have been examined and certified secure by top cryptographers all over the world.
- Physical Security: The company has gone to extreme lengths to protect ProtonVPN’s Secure Core servers to ensure their security. Critical infrastructure in Switzerland is located in a former Swiss army fallout shelter 1000 meters below the surface. Similarly, our Iceland infrastructure resides in a secure former military base. Our servers in Sweden are also located in an underground datacenter. By shipping our own equipment to these locations, we ensure that our servers are also secure at the hardware level.
Other Key Features Include:
- Open Source: Goes without saying that their transparency level is very high and having their software reliant on open source software examination and certification is a big selling point for any of us.
- No Logs Kept: Under Swiss law they don’t have to keep them so they do not.
- DNS Leak Protection: They ensure that your browsing activity cannot be exposed by leaks from domain name service (DNS) queries.
- Kill Switch: Their desktop and mobile applications come with a built-in Kill Switch feature which will block all network connections in the event that the connection with the VPN server is lost.
- Tor VPN: ProtonVPN comes with Tor support built-in. Through their selected Tor servers, you can route all your traffic through the Tor anonymity network and also access dark web sites. This provides a convenient way to access Onion sites with just a single click.
Take a look at their pricing page. They have a free offering (which is currently shutdown due to the overwhelming response and signups this week) and I signed up for the “PLUS” level today since, as a current ProtonMail user, I got a bit of a larger discount on both ProtonMail and ProtonVPN as a bundle.
I need to end with this: I’ve analyzed more than a dozen of the top VPN providers and previously chose Private Internet Access (which I still have active since I’m paid through April of 2018) and, especially for the non-geeks out there, it’s still the easiest to use, they keep no logs, have the most data centers, and still has my strong recommendation.
But if you’re extra-serious about your VPN — or have specific needs to be highly secure when online — I’d absolutely recommend you immediately go and signup for ProtonVPN.