All Proton VPN applications are now open source and vetted

Posted by Andy Yen on Jan 21, 2020 in Articles and News.

We are proud to announce that we are the first VPN provider to release our apps as open source on all platforms, including Windows, macOS, Android, and iOS. Our commitment to transparency, ethics, and security is the driving force behind Proton VPN, and we believe that these values are essential to building a better internet.

 

In 2017, we launched Proton VPN to provide a reliable and trustworthy VPN service to our Proton Mail users, who were increasingly facing internet censorship. We recognized that the VPN industry was in dire need of improvement, with studies revealing that many VPNs contained malware, suffered from security lapses, and sold user data to third parties. There was also a lack of transparency and accountability in the industry, with many VPN providers operating in the shadows.

 

Proton VPN was founded on the principles of transparency and accountability. We have a strict no-logs policy, are based in Switzerland, and are regulated by some of the world’s strongest privacy laws. We have a deep security background and have even opened our technology for inspection by Mozilla. We undergo regular independent security audits, and the results confirm our no-logs policy.

 

As former CERN scientists, we believe in the importance of publication and peer review. Making all of our applications open source is a natural next step for us. We are also publishing the results of independent security audits covering all of our software, further demonstrating our commitment to transparency and accountability.

 

You can find the open source code and audit reports here:

Android

GitHub

Audit Report

iOS

GitHub

Audit Report

macOS

GitHub

Audit Report

Windows

GitHub

Audit Report

On our community page, you can access the most recent security audit reports for all Proton services. We emphasize the use of open-source code and our community page provides an explanation for this priority.

The significance of utilizing an open-source VPN:

Opting for a virtual private network entails putting a significant level of trust in the service provider. The reason being:

 

If you are not using a VPN, your internet traffic that is not protected by TLS may be intercepted by various parties such as your WiFi provider, your ISP, hackers on the local network, or government authorities in your area. This can expose your device’s identity and geographic location, including to websites you visit, which can track your online activity. Even encrypted traffic can be monitored, revealing the websites you visit and your IP address.

 

Connecting to a VPN encrypts your Internet traffic from your device to the VPN server, shielding it from local network monitoring. Even your DNS lookups, which reveal the web domains you visit, are safeguarded. Additionally, your IP address is concealed to safeguard your identity and location. Nevertheless, once you are connected to a VPN, the VPN provider can access the same data that your ISP could without a VPN, including your browsing history and IP address. This is why selecting a reliable VPN service is crucial.

 

A VPN app has extensive access to your device and online behavior. By using open-source code, security experts and the global security community can examine how we encrypt and manage your data, providing assurance that we comply with our stringent privacy policy. Transparency through open-source code enhances security by enabling thorough scrutiny, leading to prompt identification and resolution of potential vulnerabilities. This minimizes the possibility of a VPN app’s security flaw exposing you to risks.

 

On the other hand, proprietary code banks on the concept of “security through obscurity,” which implies that vulnerabilities are less prone to be detected. To make matters worse, these vulnerabilities might only be known by malicious individuals who clandestinely exploit them without the knowledge of users.

 

Regarding online privacy and security software, we hold the belief that free and open-source software is the superior option for ensuring safety and promoting accountability within our user community. At Proton, open source has always been a fundamental aspect, with our open-source software encompassing the Proton Mail web app, iOS app, Android app, and desktop Bridge app.

 

All Proton applications that are not in beta are open source. Moreover, we are responsible for maintaining open-source encryption libraries like OpenPGPjs. These libraries are used by a considerable number of encrypted applications on the internet and cater to millions of users.

Third Party Security Audit

Proton VPN is dedicated to ensuring the highest level of security for our users. To achieve this, we have implemented a unique practice of having independent security researchers review our software prior to its public release. Our commitment to security has been recognized by Mozilla, who conducted a thorough review of our organizational structure, technology, and implementations as part of their due diligence for a partnership with us.

 

To further enhance our security measures, we have engaged the services of SEC Consult, a leading security firm, to conduct more comprehensive security audits for all our clients. Despite the cost and time involved, we believe that these audits are essential to complement our open source code. We will continue to conduct ongoing audits to ensure that our application security is continually checked by independent experts.

Collaborating with the Proton community

Open sourcing our software not only benefits us, but also aligns with our mission to create a more secure, private, and free Internet through community collaboration. With the help of developers worldwide, our bug bounty program can now receive security improvements, and even feature enhancements from the community may be integrated into our official Proton VPN apps, much like we did with the Linux client.

 

As a community-driven organization, we strive for transparency, accountability, and accessibility. By going open source, we can better serve you and fulfill our responsibility to the community.

 

Your feedback and suggestions are invaluable to us, and we will continue to work towards meeting your expectations in 2020 and beyond. We plan to launch new servers globally, enhance security, and introduce new features that will keep you safe and enable you to bypass censorship. We owe our success thus far to our community, and we thank you for your continued support!

 

Best Regards,
The Proton VPN Team

Follow us on social media for the latest Proton VPN news at:

Twitter | Facebook | Reddit | Instagram

To get a free Proton Mail encrypted email account, please visit: proton.me/mail

Andy Yen

Proton, the company responsible for Proton VPN and Proton Mail, was founded by Andy. He has a strong commitment to protecting privacy rights and has shared his expertise on online privacy issues at notable events such as TED, SXSW, and the Asian Investigative Journalism Conference. Prior to his work at Proton, Andy conducted research as a scientist at CERN and holds a PhD in Particle Physics from Harvard University. To gain further insight into our mission, we invite you to view his TED talk.

Protect your online security

Obtain Proton VPN
  • Strict no logbook policy
  • All applications are open source and vetted
  • H-speed server (up to 10 Gbps)
  • Headquarters in Switzerland
  • Our guarantee ensures a full refund within 30 days.