Proton VPN has successfully passed its fourth annual no-logs audit, confirming that it does not collect or store user activity data or metadata on its VPN infrastructure.
The independent review was conducted by Securitum, a European security auditing firm, and involved a direct, on-site inspection of Proton’s production servers and operational practices in Zürich, Switzerland.
The assessment took place between August 18 and September 19, 2025, and was carried out by Securitum consultants Martin Matyja and Maciej Szymczak. Their goal was to validate Proton’s longstanding claim of adhering to a strict no-logs policy, a core privacy promise that asserts no internet activity or identifying metadata is collected when users connect to the VPN service.
The review involved in-depth technical interviews, guided access to randomly selected production VPN servers, and a detailed examination of server configurations, data flow architecture, logging parameters, and administrative processes. The auditors independently confirmed that Proton VPN’s servers are bare-metal systems exclusively owned and operated by Proton AG, with no reliance on third-party infrastructure.
Audit confirms no-logs promise
Securitum’s audit addressed ten critical technical questions aimed at validating the no-logs policy, including whether user activity, metadata (e.g., DNS queries, IP addresses, connection timestamps), or browsing destinations are recorded. Across all these categories, the auditors found no evidence of logging or inspection of user traffic.
The published report highlights the following points:
- No user activity is logged on production servers. Traffic is processed without any records of content or destination being retained.
- No connection metadata (including DNS queries, IP addresses, or session timestamps) is stored. Only anonymized, aggregate data, such as device type and protocol usage, is collected for operational metrics.
- No deep packet inspection (DPI) is performed, except for real-time P2P traffic blocking on free-tier servers, which is implemented without logging and is limited to protocol detection.
- No website or service connections are logged. Features like NetShield DNS filtering operate without retaining user-specific queries, using static blocklists and in-memory counters that are purged after sessions end.
- No association between users and specific VPN servers is maintained. Proton uses ephemeral pseudonyms during session authentication, with no persistent identifiers ever reaching the VPN server.
- Proton’s no-logs policy is applied uniformly across all servers, regardless of geographic location or user subscription tier.
- Automated detection tools, including a custom-built Infra Audit system, alert engineers if any unauthorized changes (like enabling logs) are detected.
A dual-control change management process ensures that no logging-related configuration changes can be deployed without approval from at least two senior engineers.
All core VPN services (e.g., OpenVPN and WireGuard) were confirmed to have no logging directives enabled, and the only logs present were standard OS-level entries unrelated to VPN activity.
While the above is good news for Proton VPN users, it is important to note that the audit confirmed compliance at a specific point in time; it did not include a source code review or unsupervised forensic analysis. It also excluded Proton’s accounting systems and CI/CD pipelines.
Still, the findings of this latest audit are consistent with those conducted in the past four years, lending credibility to Proton’s privacy claims at times when the firm expanded its service and added many new features.
Leave a Reply