Security, privacy, and entertainment are the primary reasons to subscribe to any VPN. In addition, it helps in online shopping to avail location-based discounts. So, the idea is to stay online without the fear of being tailed around. Conclusively, a VPN can be your first step towards internet freedom. But first, do you know…
What is a VPN?
Put simply, a VPN–a virtual private network–helps you to access banned sites from autocratic regimes and stay safe while transacting on public networks. In addition, it unlocks land-locked streaming content. All this happens primarily with an anonymous IP address and encrypted network traffic. So, a VPN server hides your IP address from the outside world and shows its own instead. Okay, that makes sense, but…
Why ProtonVPN?
Proton VPN is a mainstream VPN provider with a slick user interface and many advanced features. Moreover, this is based in Switzerland, avoiding surveillance networks like 5, 9, or 14-eyes alliances. And to seal it in their favor, you must know that ProtonVPN comes from the makers of ProtonMail, an open-source, end-to-end encrypted email service. So, these guys are some of the best for user privacy. And you hardly leave unconvinced when you try their VPN. Some of the features include:
A Free Forever PlanStrict No-Logs PolicyModified WireGuardOpen-Source Audited AppsAdvanced Kill SwitchVPN Speed AcceleratorAES-256 Bit EncryptionTor over VPNSplit TunnelingMultiple Server Routing (Secure Core)Ad, Malware, & Tracker Blocker (NetShield)P2P & Streaming Optimized ServersDNS & IPv6 Leak protection
Overall, the features have everything for a basic to advanced user. These were the annual plans. They become economical or expensive upon choosing two-year plans or monthly retainers, respectively. The visionary subscription bundles premium features of both–ProtonVPN & ProtonMail–in a single plan. Notably, this review is based on ProtonVPN’s Windows application with a Plus subscription.
Getting Started
After selecting the plan, you get to create an account and pay accordingly on the subsequent screen. You can pay with a credit/debit card or Paypal. Afterward, you can download the preferred application and log in to start using it. This is the dashboard: The UI looks excellent in the dark mode. You can also wrap the right-side portion to shrink it to a single-panel view. However beautiful was the interface; I couldn’t find any toggle for switching to light mode. They might fix this in the future updates, but at present, you’re kind of stuck with the dark mode. But practically, you won’t spend hours inside. So, this shouldn’t be a deal-breaker for anyone.
NetShield
NetShield is ProtonVPN’s attempt to protect you against malware, adverts, and trackers. I turned it on and captured the browser fingerprint to test its efficacy. Just so you know, browser fingerprinting is a technique that assigns a unique ID to your browser based on the operating system, timezone, CPU, RAM, video card, browser type/version, etc. This is primarily used for targeted advertisement. You can check your’s at CoverYourTracks. This was the initial capture with the Chrome browser, without the NetShield turned on: And it changed to this after I selected its Block malware, ads & trackers: Though the protection wasn’t complete (and neither is expected from a VPN), it has substantial blocking mechanisms in place. Conclusively, NetShield does its job and will improve the browsing experience.
Kill Switch
Nothing works perfectly every single time, not even a VPN. Kill switch is precisely for those dodgy moments in which a VPN encryption faces downtime irrespective of the reason. There are two modes:
Kill Switch: This protects you from server-side issues but remains inactive if you intentionally disconnect.Permanent Kill Switch: This will block internet access whenever there isn’t a VPN connection, deliberate or otherwise.
However, both block network access when you switch servers. Most VPNs give either but thumbs up to ProtonVPN for this extra flexibility.
Split Tunneling
Split Tunneling is selective use of VPN connection. This comes in handy to browse without safety in general while reserving the VPN connection (and the speed reduction that comes attached) for the privacy-sensitive tasks. Again, ProtonVPN proved a step ahead by giving versatile options to use this feature. This is excellent since you can select a few apps (say Netflix or banking utilities) to use a VPN connection. Alternatively, one can direct this to spare a few applications/IP addresses from the encrypted tunnel while everything else goes through it.
Secure Core
Secure Core becomes vital in the event a VPN server gets compromised. This generally happens with the approval of law enforcement authorities in not-so-privacy-friendly countries like the USA or the UK. In addition, a VPN server can also be taken over in authoritarian regimes like China or Turkey. So, what happens is your network traffic goes through the secure core servers (Iceland, Switzerland, and Sweden) before going to a potentially insecure VPN location. Due to the extra routing, you may also experience speed throttling over what comes already with VPN encryption.
Profiles
Profiles are the fastest way to access particular VPN settings right from the dashboard. It lets you select specific settings and save them for faster reconnects. The benefit is that you don’t have to tinker with the settings every time. For instance, you can make a profile named Torrenting for your P2P connections. This helps you connect to a P2P server with the preset options with just a click.
Auto/Quick Connect
Auto Connect sets up an encrypted connection to the preferred profile upon starting the ProtonVPN application. Similarly, you can use Quick Connect (sitting below Auto Connect) to connect with a preset profile from the dashboard.
Protocols
VPN Protocols are connection parameters used by VPN applications to secure an encrypted connection. ProtonVPN is slightly short on the choices here with just the WireGuard and OpenVPN. But anyway, these two are the current best in terms of security and speed. In addition, ProtonVPN booked itself a top-notch VPN provider tag by using a modified version of WireGuard. Because, in its native form, WireGuard needs a static IP address, which can be used to trace the user’s identity. ProtonVPN uses a technique called double network address translation (NAT) to change the first static IP to a randomly assigned IP address. And the second NAT again assigns a random VPN IP before connecting to your desired website. Conclusively, their WireGuard implementation is safe, unlike PureVPN, which was using it in its native form.
Tor Over VPN
Have you heard about onion sites (or Dark Web)? Here are some onion sites you can try opening in your normal web browser:
The fact is you can’t use these onion sites with your day-to-day web browser like Chrome. Instead, you can use Tor Browser or connect to a Tor over VPN server with ProtonVPN to surf onion sites: The purpose of onion sites is to provide access to Tor users who want additional privacy. While the Tor browser is usually considered safe to visit onion sites, it does have some issues. First, the multiple routing brings the speed down to a snail’s pace. And second, a snooper might know your real IP address via correlation attacks. Conclusively, Tor over VPN masks your real IP and yet allows you to use onion sites. So, that covers the major features. Let’s move to the testing.
IP & WebRTC Leak
The first thing to test is the change in IP address. There are two types of IP addresses: IPv4 & IPv6. While IPv4 addresses are straightforward to mask because there are plenty, IPv6 is a recent adoption and are few in numbers. So, some VPNs leak the IPv6 address of a user if they have one. These are my network parameters, checked with BrowserLeaks, without a ProtonVPN connection: The IPv4 address was visible twice, at the IP address section and over at the WebRTC leak. In addition, you can obviously spot the censored IPv6 address. Afterward, I connected to ProtonVPN’s Taiwan server to see if there was any IP or WebRTC leak: It didn’t leak my real IPv4 and IPv6 addresses. Besides, ProtonVPN protected the IPv4 from getting exposed through the WebRTC. Though ProtonVPN has handled all those vulnerabilities, the WebRTC leak is a browser-related problem that you should fix even if your perfectly working VPN isn’t doing so.
Speed Test
One of the few things which don’t work out with a sub-par VPN is network speed. Although speed throttling is unavoidable with encryption, the more, the merrier holds true with data transfer speeds. ProtonVPN took the least toll on speed in the list of VPNs I’ve tested till now, including Namecheap VPN, PureVPN, and HideMyAss VPN. While some, like PureVPN, were okay with the download speed, the upload speed proved to be the Achilles heel. But, ProtonVPN had a nice balance in managing both. However, a standard warning goes with speed testing any VPN: results fluctuate a lot. So, these were only valid for a particular user (me, in this case), at that specific instant, and for those instantaneous server conditions that we can’t comprehend completely. Finally, ProtonVPN speeds were good, and it never let me feel that I was using a VPN at all.
Encryption Test
ProtonVPN uses AES-256 bit (OpenVPN) or ChaCha20 (WireGuard) encryption based on the protocol you connect it with. While both are military-grade secure, ChaCha20 is faster. With military-grade security, I mean, it would take billions of years for the fastest computers on planet earth to break the encryption by brute force attacks. This is the same (and highest) level of encryption used in most VPNs, banking applications, password managers, etc. Notably, the primary objective of network encryption is to protect your data traveling as small packets of information. And your adversary only needs to analyze a few to compromise your network. Therefore, I’ve used Wireshark, a free and open-source network protocol analyzer, to capture the information with and without a ProtonVPN connection. This was normal data capture. Even a normal person can easily point out details like the browser name, operating system, host, etc. And that was only from a single packet from the thousands traveling per minute. But with the ProtonVPN on, all that was scrambled to this: Everything was going through WireGuard protocol that you can visualize yourself. The junk on the left of the preceding image is encrypted traffic. However, you can’t tell which encryption is this. Because if you could, it’ll be like breaking the first line of defense of a bad encryption cipher. In addition, ProtonVPN generates fresh encryption keys every session. They call this Perfect Forward Secrecy. This means if the FBI somehow tried and succeeded in getting through an encryption key, your other VPN sessions will remain unaffected. So, one has to put the same amount of superhuman effort into taking apart each encryption key attached to a specific VPN session.
DNS Leak Test
Generally, your ISP acts as your DNS server and handles DNS requests. Put simply, a DNS server tells your computer (a DNS client) the IP address of the websites you visit. They are also able to see through your network traffic. But there is a risk of your ISP still handling all that data even after a VPN connection. In that case, although you see an anonymized IP address, your VPN (the bad ones) leak DNS requests to your ISP. So, your ISP can log your network traffic, and your real IP address can also get exposed. This kills the very purpose of using a VPN in the first place. So, I connected to ProtonVPN Belgium’s server to check about a possible DNS leak. And there wasn’t any leak; all requests were going through the intended VPN server.
Geo-Unblocking Test
Streaming platforms like Netflix, BBC iPlayer, Hulu protect their regional content with powerful firewalls. They try to block VPN connections, and an average VPN seldom succeeds in helping their users through these geo-blocks. So unrestricted access to international content sits atop many VPN users’ wishlists. And it was easy for ProtonVPN to get by those geo-restrictions. For instance, this is a screenshot of BBC iPlayer unlock with its UK#21 server: Similarly, the USA-only 30Rock was accessible with the US-AZ#6 server: However, this is again a luck-by-chance situation for every VPN user because streaming platforms continuously try to block new VPN servers. And VPN companies counteract by constantly adding new IP addresses. But in general, if you’re facing difficulties in unblocking any of the streaming platforms, try switching VPN servers, cleaning the cache, and seal-up WebRTC leaks. Finally, you can contact the respective VPN support or switch to a different VPN if all that fails.
Conclusion
Of all the features, the VPN accelerator and speeds of Tor servers were something that could be improved upon. In addition, its OpenVPN connections need some stability. Still, ProtonVPN felt like a premium VPN provider, one of the best I’ve used to date. The user interface, the connections, and almost all the features were working as expected. Personally, I would recommend ProtonVPN without any second thoughts. However, you should first take a look at some features before subscribing to any VPN.