← VPNs
D

Proton VPN

Serious concerns
Proton AG · 🇨🇭 Switzerland
PolicyApp PermissionsNetwork TrafficFirmwareRegulatory
Technical details
App: ch.protonvpn.android
Manufacturer: Proton AG

⚠️ The bottom line

Switzerland is considering a surveillance law Proton's CEO says is worse than Russia's. Proton is spending 100M euros to move servers out of the country they built their brand around. Proton's VPN keeps no logs. But if you signed up with an email and credit card, police get those from Proton Mail -- three activists arrested this way.

Legal jurisdiction
🇨🇭 Switzerland (headquarters)
nDSG (FADP) read more →
Strong privacy law but cooperates with US requests. Banking secrecy eroded since 2014 US pressure
🇩🇪 Germany (data storage)
GDPR (BfDI + 16 state DPAs) read more →
You can demand deletion, access, and portability. Germany has 17 enforcement bodies — strictest consent rules in EU
Spying
3/4 HIGH
Is someone spying on me?
Data Sharing
2/4 MODERATE
Who gets my data?
Security
3/4 HIGH
Is it actually secure?
Honesty
2/4 MODERATE
Can I trust what they say?
CONFIGURE High-risk areas that can be partially mitigated with settings changes.
7Contradictions
1Critical
2High
4Medium
4Sources
Findings by concern
Spying 3/4 HIGH 3 findings
⚠️ criticalregulatory findings vs firmware analysis
Switzerland is considering a surveillance law Proton's CEO says is worse than Russia's. Proton is spending 100M euros to move servers out of the country they built their brand around.

What they claim: Swiss jurisdiction provides unique privacy protection.

What we found: Proposed VUPF: IP logging 6 months, identity verification, decrypt own encryption. CEO: 'worse than Russia.' Proton spending 100M+ EUR moving to EU. If passed, core selling point becomes liability.

⚫ mediumapp permissions vs policy claims
Proton's app has one crash tracker and asks for camera access. Far better than most VPNs but not as clean as Mullvad's zero.

What they claim: Proton VPN app respects privacy with minimal collection.

What we found: Exodus: 1 tracker (Sentry). 14 permissions including CAMERA and QUERY_ALL_PACKAGES. Better than most but Mullvad has 0 trackers, 9 permissions.

⚫ mediumfirmware analysis vs policy claims
Proton's NetShield ad blocker works by routing every URL you visit through Proton's DNS servers, which check it against a blocklist. They don't log which URLs you visit — today. But the infrastructure exists to do so, and a Swiss court order could compel them. Proton has already been forced to log a French climate activist's IP address by Swiss authorities cooperating with French police via Europol. The system that protects you today could surveil you tomorrow.

What they claim: NetShield DNS blocking protects privacy.

What we found: Routes ALL DNS queries through Proton servers. Claims no logging, audits support this. But architectural capability exists -- if VUPF compels logging, DNS queries are extremely revealing.

Data Sharing 2/4 MODERATE 2 findings
⚡ highpolicy claims vs regulatory findings
Proton's VPN keeps no logs. But if you signed up with an email and credit card, police get those from Proton Mail -- three activists arrested this way.

What they claim: Proton VPN protects user identity through no-logs architecture.

What we found: VPN: 0% compliance (410 orders denied). But 3 activists arrested via Proton ACCOUNT metadata: French (IP via Mail logging), Catalan (recovery email), Atlanta (payment card via MLAT). VPN doesn't log but account ecosystem does.

⚫ mediumfirmware analysis vs policy claims
Proton says its apps are open source — but only the mobile apps and browser extensions. The server infrastructure, where the actual privacy decisions happen (what gets logged, how keys are managed, how law enforcement requests are processed), is a black box. Open-sourcing the client is transparency theatre if the servers where your data actually lives remain closed and unauditable.

What they claim: All Proton apps are open source.

What we found: Client apps: 33 GitHub repos. Server code: entirely closed. 'All our apps are open source' carefully excludes servers. Standard for VPNs but contradicts full-transparency impression.

Security 3/4 HIGH 1 finding
⚫ mediumfirmware analysis vs policy claims
Every major VPN competitor (NordVPN, ExpressVPN, Mullvad, Surfshark) has moved to RAM-only servers — meaning data is wiped on every reboot. Proton VPN kept hard drives and claims their full-disk encryption is equivalent protection. Most security researchers disagree: a RAM-only server cannot be forensically imaged if seized; a hard drive with encryption can potentially be compelled to decrypt via court order under Swiss law.

What they claim: Full-disk encryption equals RAM-only servers.

What we found: Proton chose FDE over RAM-only. Counter: RAM-only clears on reboot, making seizures useless. ExpressVPN, Surfshark, Mullvad all use RAM-only. Industry trend disagrees with Proton.

Honesty 2/4 MODERATE 1 finding
⚡ highpolicy claims vs regulatory findings
Proton markets as the privacy champion but complies with 94% of email requests. They only clarify 'privacy vs anonymity' after someone gets caught.

What they claim: Proton provides privacy to users.

What we found: After each arrest: 'We provide privacy, not anonymity.' Marketing implies anonymity. Proton Mail: 94% compliance in 2024. Contest rate: 21% to 6%. Swiss authorities approved 195 foreign requests in 2020 (15x from 2017).

What happened to real people
Documented incidents involving Proton AG products and user data.
Swiss authorities requested data 6,378 times in 2024 (up from 13 in 2017). Proton complied with 93% but E2EE architecture means only metadata (IP, account info) is available — email content, passwords, and files are encrypted with user keys Proton cannot access. [source]
What your data is worth to governments
Proton complied with 6,378 government data requests in 2024. That's From 13 requests (2017) to 6,378 (2024). Jurisdiction: CH (Swiss Federal Act on Data Protection (FADP). Not subject to EU/US data sharing agreements.).
Documented: Swiss authorities requested data 6,378 times in 2024 (up from 13 in 2017). Proton complied with 93% but E2EE architecture means only metadata (IP, account info) is available — email content, passwords, and files are encrypted with user keys Proton cannot access.
Transparency report
Sources