ProtonVPN Passes Its Latest No-Logs Audit

An auditing firm's independent evaluation found no evidence that the virtual private network logs its users' activity.

Rae Hodge Former senior editor
Rae Hodge was a senior editor at CNET. She led CNET's coverage of privacy and cybersecurity tools from July 2019 to January 2023. As a data-driven investigative journalist on the software and services team, she reviewed VPNs, password managers, antivirus software, anti-surveillance methods and ethics in tech. Prior to joining CNET in 2019, Rae spent nearly a decade covering politics and protests for the AP, NPR, the BBC and other local and international outlets.
Rae Hodge
2 min read
Sarah Tew/CNET

Virtual private network ProtonVPN has cleared its most recent third-party audit. In its April report, Swiss auditing firm Securitum found that the VPN showed no indication of logging users' web activity, nor any resulting metadata. 
A VPN's publication of the results of an independent, no-logs audit is a critical act of transparency in a generally opaque industry -- and is one of the only ways for consumers to judge a VPN's claims. 

While Securitum's on-site audit, conducted from Feb. 21 through March 24, excluded the source code of the VPN software, Securitum previously probed ProtonVPN's apps in November 2021. The apps are also fully open-source and complemented by the company's bug bounty. Securitum's most recent audit included a random selection of the the VPN's servers, a high-level review of the company's no-logs policy and server deployment process, and a low-level inspection of the VPN's configuration files.
"The purpose of this report is not to describe technical mechanism and software configuration to achieve No-Logs policy, but to confirm that it (ProtonVPN's technology stack) was manually audited, searching for all possible No-Logs policy critical points," Securitum said in its report. 

The audit is the most recent addition to ProtonVPN's routine string of transparency efforts, including third-party audits of its ProtonMail, Calendar beta and Proton Drive products. 

"At Proton, we believe that all claims should be investigated and verified, including our own. Going forward, we will continue to perform periodic security audits and publish the results so you can read an independent security professional's report before you entrust us with your data," the company said in its blog. 

Read more: ProtonVPN review: A Secure Service With a Solid Reputation That Costs a Pretty Penny