ProtonVPN has cleared its most recent third-party audit. In its April report, Swiss auditing firm Securitum found that the VPN showed no indication of logging users' web activity, nor any resulting metadata.
A VPN's publication of the results of an independent, no-logs audit is a critical act of transparency in a generally opaque industry -- and is one of the only ways for consumers to judge a VPN's claims.
While Securitum's on-site audit, conducted from Feb. 21 through March 24, excluded the source code of the VPN software, Securitum previously probed ProtonVPN's apps in November 2021. The apps are also fully open-source and complemented by the company's bug bounty. Securitum's most recent audit included a random selection of the the VPN's servers, a high-level review of the company's no-logs policy and server deployment process, and a low-level inspection of the VPN's configuration files.
"The purpose of this report is not to describe technical mechanism and software configuration to achieve No-Logs policy, but to confirm that it (ProtonVPN's technology stack) was manually audited, searching for all possible No-Logs policy critical points," Securitum said in its report.
The audit is the most recent addition to ProtonVPN's routine string of transparency efforts, including third-party audits of its ProtonMail, Calendar beta and Proton Drive products.
"At Proton, we believe that all claims should be investigated and verified, including our own. Going forward, we will continue to perform periodic security audits and publish the results so you can read an independent security professional's report before you entrust us with your data," the company said in its blog.