ProtonVPN proudly announced that it is the first VPN provider to open source apps on all platforms — including Windows, macOS, Android, and iOS. The company also underwent an independent security audit to prove to the world — its (potential) users included — that it really stands behind all of its claims.
Speaking of which, ProtonVPN delivers what it claims is an “unparalleled level of transparency and accountability.” It is based in Switzerland, which is known for some of the world’s strongest privacy laws, the fact that enables the company to have the true zero-logs policy.
ProtonVPN’s team, which includes former CERN scientists, has a deep security background and has even opened up its technology for inspection by Mozilla. Making its apps open source is, therefore, a natural next step.
If you’re looking to inspect these claims, you can access the open-source code and audit reports from the links below:
- Android: GitHub, Audit Report
- iOS: GitHub, Audit Report
- macOS: GitHub, Audit Report
- Windows: GitHub, Audit Report
Hopefully, you can help the ProtonVPN team offer an even better service. Or at least, get extra confidence to (finally) sign-up for the service.
What’s the big deal with an open-source VPN?
When using a VPN, you as a user place an extraordinary amount of faith in that service provider. This stems from the fact that your VPN provider is the only party that actually knows your web whereabouts. Presuming it operates in a zero-logs fashion, there is nothing to worry about — but what if that’s not the case? It will then be able to see your browsing activity, IP address, and even your location. This is why choosing a trustworthy VPN service is so important.
By open-sourcing its apps, ProtonVPN gives you (all of us, really) an extra reason to trust it. The company effectively allows other third parties such as security researchers and the global security community to inspect the code. This further enables everyone to see how ProtonVPN implements encryption and how it handles user data.
In other words, open-source code provides security through transparency, meaning that because the code is heavily scrutinized, potential vulnerabilities are quickly spotted and fixed. This then reduces the risk of a security vulnerability in a VPN app.
While we applaud ProtonVPN for taking this route, we also have nothing against other top VPN providers which have been field-tested for quite some time now. Then again, part of us would like to see them following this (awesome) practice, as well.
Security audits
In addition to making its apps open source, ProtonVPN hired independent security researchers to inspect its software before it’s being released to the general public. Previously, Mozilla reviewed ProtonVPN’s implementations, organizational structure, and technology as part of their due diligence for partnership.
Since then, the company has initiated more thorough security-focused audits for all its clients. Specifically, it contracted SEC Consult, a leading security firm, to conduct the audits. Although such audits are expensive and time-consuming, ProtonVPN says they are rather important and should go together with open-sourcing the code.
Going forward, the company will continue to do audits on an ongoing basis to have continual independent checks on application security.
Engaging the community
Finally, ProtonVPN launched the bug bounty program to further make its apps better. This allows developers from around the world to submit security improvements and be rewarded for their effort.
The company has already listened to the community in the past and as a result — an updated Linux app has been released in November 2019.
ProtonVPN keeps inviting users to provide their feedback so that everyone can benefit at the end. If you’re one of their users, feel free to send them your two cents; of if you’re not — perhaps now’s the time to make the move.
Launched in 2017 to provide ProtonMail users with a trustworthy VPN service, ProtonVPN operates more than 500 servers across 40+ countries around the world. It offers a decent service, allowing users to anonymously surf the web, access Netflix and Disney+, and download files via BitTorrent.
Pros
Cons
- Easy to use apps for popular platforms
- Works with Netflix and Hulu
- Dedicated servers for Tor and torrenting
- There's a free version of the service
- No live chat support
- Doesn't work well with BBC iPlayer