|
|
|
|
@@ -33,9 +33,104 @@ Our recommended providers use encryption, support WireGuard & OpenVPN, and have
|
|
|
|
|
|
|
|
|
|
| Provider | Countries | WireGuard | Port Forwarding | IPv6 | Anonymous Payments |
|
|
|
|
|
|---|---|---|---|---|---|
|
|
|
|
|
| [Proton](#proton-vpn) | 127+ | :material-check:{ .pg-green } | :material-alert-outline:{ .pg-orange } Partial Support | :material-information-outline:{ .pg-blue } Limited Support | Cash |
|
|
|
|
|
| [IVPN](#ivpn) | 41+ | :material-check:{ .pg-green } | :material-alert-outline:{ .pg-orange } | :material-information-outline:{ .pg-blue } Outgoing Only | Monero Cash |
|
|
|
|
|
| [Mullvad](#mullvad) | 49+ | :material-check:{ .pg-green } | :material-alert-outline:{ .pg-orange } | :material-check:{ .pg-green } | Monero Cash |
|
|
|
|
|
|
|
|
|
|
### Proton VPN
|
|
|
|
|
|
|
|
|
|
<div class="admonition recommendation" markdown>
|
|
|
|
|
|
|
|
|
|
{ align=right }
|
|
|
|
|
|
|
|
|
|
**Proton VPN** is a strong contender in the VPN space, and they have been in operation since 2016. Proton AG is based in Switzerland and offers a limited free tier, as well as a more featured premium option.
|
|
|
|
|
|
|
|
|
|
[:octicons-home-16: Homepage](https://protonvpn.com){ .md-button .md-button--primary }
|
|
|
|
|
[:octicons-eye-16:](https://protonvpn.com/privacy-policy){ .card-link title="Privacy Policy" }
|
|
|
|
|
[:octicons-info-16:](https://protonvpn.com/support){ .card-link title="Documentation" }
|
|
|
|
|
[:octicons-code-16:](https://github.com/ProtonVPN){ .card-link title="Source Code" }
|
|
|
|
|
|
|
|
|
|
<details class="downloads" markdown>
|
|
|
|
|
<summary>Downloads</summary>
|
|
|
|
|
|
|
|
|
|
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android)
|
|
|
|
|
- [:simple-appstore: App Store](https://apps.apple.com/app/id1437005085)
|
|
|
|
|
- [:simple-github: GitHub](https://github.com/ProtonVPN/android-app/releases)
|
|
|
|
|
- [:fontawesome-brands-windows: Windows](https://protonvpn.com/download-windows)
|
|
|
|
|
- [:simple-apple: macOS](https://protonvpn.com/download-macos)
|
|
|
|
|
- [:simple-linux: Linux](https://protonvpn.com/support/linux-vpn-setup)
|
|
|
|
|
|
|
|
|
|
</details>
|
|
|
|
|
|
|
|
|
|
</div>
|
|
|
|
|
|
|
|
|
|
#### :material-check:{ .pg-green } 127 Countries
|
|
|
|
|
|
|
|
|
|
Proton VPN has [servers in 127 countries](https://protonvpn.com/vpn-servers)(1) or [10](https://protonvpn.com/support/how-to-create-free-vpn-account) if you use their [free plan](https://protonvpn.com/blog/product-roadmap-winter-2025-2026).(2) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination.
|
|
|
|
|
{ .annotate }
|
|
|
|
|
|
|
|
|
|
1. Of which at least 71 are virtual servers, meaning your IP will appear from the country but the server is in another. 12 more locations have both hardware and virtual servers. [Source](https://protonvpn.com/support/how-smart-routing-works)
|
|
|
|
|
2. Last checked: 2025-10-28
|
|
|
|
|
|
|
|
|
|
We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server).
|
|
|
|
|
|
|
|
|
|
#### :material-check:{ .pg-green } Independently Audited
|
|
|
|
|
|
|
|
|
|
Independent security researcher Ruben Santamarta conducted audits for Proton VPN's [browser extensions](https://drive.proton.me/urls/RWDD2SHT98#v7ZrwNcafkG8) and [apps](https://drive.proton.me/urls/RVW8TXG484#uTXX5Fc9GADo) in September 2024 and January 2025, respectively. Proton VPN's infrastrcture has undergone [annual audits](https://protonvpn.com/blog/no-logs-audit) by Securitum since 2022.
|
|
|
|
|
|
|
|
|
|
Previously, Proton VPN underwent an independent audit by SEC Consult in January 2020. SEC Consult found some medium and low risk vulnerabilities in Proton VPN's Windows, Android, and iOS applications, all of which were "properly fixed" by Proton VPN before the reports were published. None of the issues identified would have provided an attacker remote access to your device or traffic. You can view individual reports for each platform in their dedicated [blog post](https://web.archive.org/web/20250307041036/https://protonvpn.com/blog/open-source) on the audit.
|
|
|
|
|
|
|
|
|
|
#### :material-check:{ .pg-green } Open-Source Clients
|
|
|
|
|
|
|
|
|
|
Proton VPN provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/ProtonVPN).
|
|
|
|
|
|
|
|
|
|
#### :material-check:{ .pg-green } Accepts Cash
|
|
|
|
|
|
|
|
|
|
Proton VPN, in addition to accepting credit/debit cards, PayPal, and [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc), also accepts **cash/local currency** as an anonymous form of payment.
|
|
|
|
|
|
|
|
|
|
#### :material-check:{ .pg-green } WireGuard Support
|
|
|
|
|
|
|
|
|
|
Proton VPN supports the WireGuard® protocol. [WireGuard](https://wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://wireguard.com/protocol). Additionally, WireGuard aims to be simpler and more performant.
|
|
|
|
|
|
|
|
|
|
Proton VPN [recommends](https://protonvpn.com/blog/wireguard) the use of WireGuard with their service. Proton VPN also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://wireguard.com/install).
|
|
|
|
|
|
|
|
|
|
#### :material-alert-outline:{ .pg-orange } Limited IPv6 Support
|
|
|
|
|
|
|
|
|
|
Proton [now supports IPv6](https://protonvpn.com/support/prevent-ipv6-vpn-leaks) in their browser extension and Linux client, but only 80% of their servers are IPv6-compatible. On other platforms, the Proton VPN client will block all outgoing IPv6 traffic, so you don't have to worry about your IPv6 address being leaked, but you will not be able to connect to any IPv6-only sites, nor will you be able to connect to Proton VPN from an IPv6-only network.
|
|
|
|
|
|
|
|
|
|
#### :material-information-outline:{ .pg-info } Remote Port Forwarding
|
|
|
|
|
|
|
|
|
|
Proton VPN currently only supports ephemeral remote [port forwarding](https://protonvpn.com/support/port-forwarding) via NAT-PMP, with 60 second lease times. The official Windows and Linux apps provide an easy-to-access option for it, while on other operating systems you'll need to run your own [NAT-PMP client](https://protonvpn.com/support/port-forwarding-manual-setup). Torrent applications often support NAT-PMP natively.
|
|
|
|
|
|
|
|
|
|
#### :material-information-outline:{ .pg-blue } Anti-Censorship
|
|
|
|
|
|
|
|
|
|
Proton VPN has their [Stealth](https://protonvpn.com/blog/stealth-vpn-protocol) protocol which *may* help in situations where VPN protocols like OpenVPN or WireGuard are blocked with various rudimentary techniques. Stealth encapsulates the VPN tunnel in TLS session in order to look like more generic internet traffic.
|
|
|
|
|
|
|
|
|
|
Unfortunately, it does not work very well in countries where sophisticated filters that analyze all outgoing traffic in an attempt to discover encrypted tunnels are deployed. Stealth is available on Android, iOS, Windows, and macOS, but it's not yet available on Linux.
|
|
|
|
|
|
|
|
|
|
#### :material-check:{ .pg-green } Mobile Clients
|
|
|
|
|
|
|
|
|
|
Proton VPN has published [App Store](https://apps.apple.com/app/id1437005085) and [Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android) clients, both supporting an easy-to-use interface as opposed to requiring you to manually configure your WireGuard connection. The Android client is also available on [GitHub](https://github.com/ProtonVPN/android-app/releases).
|
|
|
|
|
|
|
|
|
|
<div class="admonition warning" markdown>
|
|
|
|
|
<p class="admonition-title">How to opt out of sharing telemetry</p>
|
|
|
|
|
|
|
|
|
|
On Android, Proton hides telemetry settings under the misleadingly labeled "**Help us fight censorship**" menu in the settings panel. On other platforms these settings can be found under the "**Usage statistics**" menu.
|
|
|
|
|
|
|
|
|
|
We are noting this because while we don't necessarily recommend against sharing anonymous usage statistics with developers, it is important that these settings are easily found and clearly labeled.
|
|
|
|
|
|
|
|
|
|
</div>
|
|
|
|
|
|
|
|
|
|
#### :material-alert-outline:{ .pg-orange } Additional Notes
|
|
|
|
|
|
|
|
|
|
Proton VPN clients support two-factor authentication on all platforms. Proton VPN has their own servers and datacenters in Switzerland, Iceland and Sweden. They offer content blocking and known-malware blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](tor.md#tor-browser) for this purpose.
|
|
|
|
|
|
|
|
|
|
##### Kill switch feature provides poor protections on macOS
|
|
|
|
|
|
|
|
|
|
Proton VPN's kill switch on macOS does not block any traffic when you intentionally disconnect from the VPN, *including when you disconnect by switching servers.* You should not make any sensitive connections while the VPN is turned off, nor when switching servers. It is only designed to prevent traffic leaks in the case of an unexpected VPN disconnection, which is still a useful feature to have, but it does not provide the same level of protection as a kill switch that blocks all traffic when the VPN is turned off.
|
|
|
|
|
|
|
|
|
|
Additionally, system crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch) on Intel-based Macs when using the VPN kill switch. If you require this feature, and you are using a Mac with Intel chipset, you should consider using another VPN service.
|
|
|
|
|
|
|
|
|
|
### IVPN
|
|
|
|
|
|
|
|
|
|
<div class="admonition recommendation" markdown>
|
|
|
|
|
@@ -205,19 +300,20 @@ It is important to note that using a VPN provider will not make you anonymous, b
|
|
|
|
|
|
|
|
|
|
### Technology
|
|
|
|
|
|
|
|
|
|
We require all our recommended VPN providers to provide standard configuration files which can be used in a generic, open-source client. **If** a VPN provides their own custom client, we require a kill switch to block network data leaks when disconnected.
|
|
|
|
|
We require our recommended providers to support modern technologies currently available to VPNs.
|
|
|
|
|
|
|
|
|
|
**Minimum to Qualify:**
|
|
|
|
|
|
|
|
|
|
- Must provide standard configuration files which can be used in a generic, open-source client such as the WireGuard apps.
|
|
|
|
|
- Support for strong protocols such as WireGuard.
|
|
|
|
|
- Kill switch built in to clients.
|
|
|
|
|
- Functional kill switch built in to service-provided clients on our recommended [desktop](desktop.md) and [mobile](android/distributions.md) platforms. This kill switch should be able to block all internet traffic when the VPN connection drops unexpectedly.
|
|
|
|
|
- Multi-hop support. Multi-hopping is important to keep data private in case of a single node compromise.
|
|
|
|
|
- If VPN clients are provided, they should be [open source](https://en.wikipedia.org/wiki/Open_source), like the VPN software they generally have built into them. We believe that [source code](https://en.wikipedia.org/wiki/Source_code) availability provides greater transparency about what the program is actually doing.
|
|
|
|
|
- Censorship resistance features designed to bypass firewalls without DPI.
|
|
|
|
|
|
|
|
|
|
**Best Case:**
|
|
|
|
|
|
|
|
|
|
- Kill switch with highly configurable options (enable/disable on certain networks, on boot, etc.)
|
|
|
|
|
- Kill switch on all major platforms with highly configurable options (enable/disable on certain networks, on boot, etc.)
|
|
|
|
|
- Easy-to-use VPN clients
|
|
|
|
|
- [IPv6](https://en.wikipedia.org/wiki/IPv6) support. We expect that servers will allow incoming connections via IPv6 and allow you to access services hosted on IPv6 addresses.
|
|
|
|
|
- Capability of [remote port forwarding](https://en.wikipedia.org/wiki/Port_forwarding#Remote_port_forwarding) assists in creating connections when using P2P ([Peer-to-Peer](https://en.wikipedia.org/wiki/Peer-to-peer)) file sharing software or hosting a server (e.g., Mumble).
|
|
|
|
|
|
