ProtonVPN Review

Disclaimer: The below review is my opinion, which I will try to provide as many examples for and as much evidence as possible to support.  Readers can learn more about how I conduct my reviews, my methodology, etc – here.  More information on review badges here.

This review’s roll was #3 (at the time of the roll, ProtonVPN)

 

Written November 16, 2017

Signing up for the service: There were a number of things I noticed about the account creation portal for ProtonVPN.  The first is that plans were broken up in a somewhat unusual way.  The cheapest plans (Free and Basic) provide slower servers than paid.  This isn’t a bad thing necessarily, just unusual.  I’m used to seeing a trial for a limited time, or limited, but full-featured bandwidth.  The Free plan has P2P ports blocked as well.  The “recommended” plan (Plus) was fairly expensive for one month of service – $10/month, or $8/month with a discount when signing up for a year of service.

There’s always a balance to strike for bulk purchase discounts, and it’s kind of a double edged sword.  If a service’s base price is already fairly high, a deep discount for a long term commitment is usually an indicator of that service trying to discourage short timers or people preferring a month-to-month payment schedule.  If the service is already fairly expensive, a small discount doesn’t provide enough incentive to commit to a long term plan over a similar, or better company.  I felt that ProtonVPN’s base price was fairly high when compared to their competition.  I suspect the reason for the more expensive model, is that the “Proton” trademark has been around with “ProtonMail”, and a brand has been built up that they feel can fetch a higher price.

ProtonVPN also has a “Visionary” plan, for a whopping $30/month (with the same 20% discount for a year’s worth of service).  The added benefits being the use of more simultaneous devices on the network (Plus already includes 5 which will usually handle all of one user’s devices), and a ProtonMail Visionary email account (you may be familiar with ProtonMail having been the company’s email service).  The ProtonMail Visionary Service is $24/month on its own, so if you want that (quite expensive) plan, it will be up to you if the benefits are worth the cost.

It couldn’t be a more minor nitpick, but I got a chuckle at the back button on this page – “Go back to the ProtonVPN.com” (emphasis mine).

When signing up for service, you are required to provide an email address, which is the most anyone who is concerned with their privacy should want to provide.  Paying with Bitcoin is possible, but not a listed option in the default payment methods at sign-up.  In order to pay with Bitcoin, you are required to create a free account first, which I feel could be better explained during the sign-up process.  A side note: free accounts still have to be verified (by email, SMS, or with the cheeky option of donating additional money to prove you’re human.  After entering a verification code, and clicking the “Get ProtonVPN” button to complete registration, the site sat there, doing apparently nothing, until I clicked it again and got a “Username already taken” message.  I don’t know why I wasn’t just redirected, but it was mostly just annoying, and I was able to log into my account manually afterwards.  It’s possible that this was just a hiccup, however.

 

Configuring the service: The ProtonVPN user portal was very intuitive and user friendly.  Settings, downloads, etc were all very clearly labeled and accessible on the left side of the screen.  Menus were simple to navigate and elegantly designed.  It was very easy to find exactly what I needed.  Their user portal downloads page had a config file generator of sorts, but with only a few options.  Still a nice feature, and I was glad to see it here.  Some of the ProtonVPN servers had a symbol of two arrows pointing either direction.  This symbol didn’t have a corresponding legend or tooltip, and I was only able to find out for certain what it meant by using my browser’s inspector tool (I probably could have guessed it, but it means P2P support).  Not all of ProtonVPN’s servers apparently support P2P, which is unfortunate.  A little polish on this part of the site would be needed to make it one of the best user portals I’ve seen.

When choosing your platform on the download portal, I especially appreciated the site directly taking you to the instructions page.  The instructions would be very easy to follow for an inexperienced user.  This was great to see.

 

Speed & Stability tests: Speeds on servers that I tested were stable, but poor – the US server tested was just barely above the minimum to be called broadband, while international servers tested were all fairly slow.  Note that because ProtonVPN has free servers and paid servers (the different being speed and capacity), all tests were performed on paid servers.  Also, all tests run using AES-256 encryption over UDP.

 

Speed Tests – ProtonVPN
    Latency Download Upload
No VPN Trial 1 30 ms 98.20 mbps 31.06 mbps
Trial 2 30 ms 98.16 mbps 31.36 mbps
Trial 3 31 ms 98.89 mbps 30.50 mbps
Average 30 ms 98.42 mbps 30.97 mbps
               
USA Trial 1 106 ms 20.57 mbps 1.29 mbps
Trial 2 108 ms 20.70 mbps 1.16 mbps
Trial 3 104 ms 20.65 mbps 1.22 mbps
Average 106 ms 20.64 mbps 1.22 mbps
Comp to Bench +76 ms 20.97% 3.95%
               
UK Trial 1 283 ms 5.09 mbps 6.76 mbps
Trial 2 294 ms 7.76 mbps 4.71 mbps
Trial 3 284 ms 7.69 mbps 6.59 mbps
Average 287 ms 6.85 mbps 6.02 mbps
Comp to Bench +257 ms 6.96% 19.44%
               
Hong Kong Trial 1 332 ms 3.42 mbps 3.99 mbps
Trial 2 342 ms 6.61 mbps 3.83 mbps
Trial 3 342 ms 6.53 mbps 3.93 mbps
Average 339 ms 5.52 mbps 3.92 mbps
Comp to Bench +308 ms 5.61% 12.65%
               
Australia Trial 1 469 ms 4.63 mbps 1.64 mbps
Trial 2 453 ms 4.61 mbps 1.73 mbps
Trial 3 454 ms 4.66 mbps 1.76 mbps
Average 459 ms 4.63 mbps 1.71 mbps
Comp to Bench +428 ms 4.71% 5.52%

 

Getting support: I reached out to support with some general questions and received a reply in 24 hours – which was both simple and helpful.  The message I received didn’t feel canned, and there was no bloated signature or shoehorned marketing.  Support definitely felt like one of the best aspects of the service, but appeared to be based in a European timezone (as you might expect), which meant responses to questions or concerns would usually arrive while you’re sleeping.

 

Getting a refund: I sent a request for a refund and received a reply in less than 24 hours.  It wasn’t that big a deal, but in order to cancel, you have to manually change your plan in the user portal back to “free” before they can issue a refund.  It seemed strange that they didn’t have the control from their end to issue it without that step.  I did this and notified them.  The next day I received a refund.  Fairly painless.

 

Concerns in Terms & Conditions / Privacy Policy: Policies and Terms were neither obtuse or elegant, but fell somewhere in between.  While they were long, they weren’t overly offensive.

 

What we don’t do when you use ProtonVPN:

  • Log user’s traffic or the content of any communications
  • Discriminate against devices, protocols, or applications.
  • Throttle your Internet connection.

This is perhaps a little misleading, or at least worthy of some clarification.  The Free tier has no P2P support (you could argue that this is a protocol that is “discriminated against”), but it could arguably come down to semantics.

 

We employ a local installation of Piwik

Piwik is a privacy-conscious analytics plugin, which is good to see being used here (as opposed to say, Google Analytics).

 

Bug reports sometimes rely on third parties such as Zendesk.

Zendesk on the other hand, is not the most privacy friendly service.

 

Anonymous cash or bitcoin payments and donations are also accepted.

I wish there was a bit more documentation on the site where these payment options are concerned.  Many interested in privacy would prefer to use these methods, but I feel like they are not laid out as clearly as they could be.

 

Only employees of the Company have physical or other access to the servers. Data is usually stored in encrypted format on our servers. Offline backups may be stored periodically, but these are also secured.

I’m glad that they talk about this here.  I think it’s important for companies to be transparent about aspects of their operation that many people might not consider, but are equally as important to think about when considering your own privacy and security.

 

All plans renew automatically at the completion of the billing term.

I don’t like opt-out subscriptions.  Auto-renewal is annoying, and i think a one time payment should be an option at signup.

 

The Company does not make any warranty about the reliability of the service and does not guarantee the security of user data despite best efforts. The service is provided “as is” and you agree to not hold the Company responsible nor to seek indemnification for any damages that may arise as a result of the loss of use, data, or profits connected to the performance of the service or failure in such performance.

Why do these statements (legal boilerplate though they may be), bother me so much?  I just hate it when a company will tell you how great their service is, then you read these statements and it makes me do a double take.

 

We may impose usage or service limits, suspend service, or block certain kinds of usage at our sole discretion.

I would love more information on what circumstances I might be limited, suspended, or blocked.  This is too vague in my opinion.

 

Within the limits of applicable law, the company reserves the right to review and change this agreement at any time. You are responsible for regularly reviewing these Terms and Conditions. Continued use of the Service after such changes shall constitute your consent to such changes.

A very small percentage of the people using a given VPN service will ever read the terms.  While it is good practice to read the terms of a service before you buy it, it is my opinion that a company giving itself a blanket pass to change terms without notice and placing the burden on the customer to regularly review terms of service is silly.  You collect an email address, is it too much to have a policy of sending out a notification to let people know what and when things might change?

 

Final thoughts: ProtonVPN got a lukewarm reaction from me.  Certain aspects of their website felt incomplete or ill-thought out (the sign up process).  Some others felt more thorough (the user dashboard and download portal).  While the process to sign up for service was a bit rocky, things smoothed out a bit once this step was completed.  The service and configs were easy to set up and connect with quickly, but the speeds I experienced were not great.  Support was one of the better aspects of the service, as they were quick and helpful.  ProtonVPN’s Terms of Service were also down the middle: some eyebrow-raisers, but no deal-breakers.  In the end, (especially given its high asking price), I believe there are better services available on the market.

 

FROM THE VPN COMPARISON CHART
CATEGORY VPN SERVICE ProtonVPN
JURISDICTION Based In (Country) Switzerland
Fourteen Eyes? Cooperative
Enemy of the Internet No
LOGGING Logs Traffic No
Logs DNS Requests
Logs Timestamps Yes
Logs Bandwidth
Logs IP Address
ACTIVISM Anonymous Payment Method Email
Accepts Bitcoin Yes
PGP Key Available No
Gives back to Privacy Causes Yes
Meets PrivacyTools IO Criteria Yes
LEAK PROTECTION 1st Party DNS Servers Yes
IPv6 Supported / Blocked No
  Offers OpenVPN Yes
OBFUSCATION Supports Multihop Yes
Supports TCP Port 443
Supports Obfsproxy
Supports SOCKS
Supports SSL Tunnel
Supports SSH Tunnel
Other Proprietary Protocols
PORT BLOCKING Auth SMTP
P2P Some
SPEEDS US Server Average % 20.97
Int’l Server Average % 5.76
SERVERS Dedicated or Virtual
SECURITY Default Data Encryption AES-256
Strongest Data Encryption AES-256
Weakest Handshake Encryption
Strongest Handshake Encryption
AVAILABILITY # of Connections 5
# of Countries 14
# of Servers 112
Linux Support (Manual) Yes
WEBSITE # of Persistent Cookies 0
# of External Trackers 0
# of Proprietary APIs 1
Server SSL Rating A+
SSL Cert issued to Self
PRICING $ / Month (Annual Pricing) $8.00
$ / Connection / Month $1.60
Free Trial Yes
Refund Period (Days) 60
ETHICS Contradictory Logging Policies Yes
Falsely Claims 100% Effective
Incentivizes Social Media Spam
POLICIES Forbids Spam
Requires Ethical Copy
Requires Full Disclosure
AFFILIATES Practice Ethical Copy
Give Full Disclosure

 

If you like the project and find my work useful, please consider donating – your generous contributions help pay for the hosting, tools, and time I need to do my research and keep the data fresh.