from the team:

Hey everyone,

We are now able to share that Proton VPN has successfully passed its 4th consecutive independent audit of our strict no-logs policy, conducted by Securitum, a leading European security auditing company.

Key takeaways from the audit:

  • No activity or metadata logs are kept anywhere on our servers.
  • No inspection of user traffic occurs.
  • Robust administrative and technical controls are in place, including automated configuration management and a dual-control change process.
  • The no-logs policy is enforced uniformly across all servers, regions, and subscription tiers.

Don’t trust, verify is not just something we preach, but something we practice, so our no-logs policy has now been verified by independent experts; you don’t have to take our word for it.

📖 Read the full audit report here

Stay safe,

Proton Team

  • unexposedhazard@discuss.tchncs.deEnglish
    1623·
    2 days ago

    Sorry to be a downer, but audits of software that isnt selfhosted are kinda useless. Unless they allow spontaneous unannounced inspection of their infrastructure, they can just do whatever they want after the audit.

    • artyom@piefed.socialEnglish
      2·
      23 hours ago

      The code is open source so feel free to audit it anytime you wish. But the audits are there for a third-party evaluation by actual experts.

    • Impronoucabl@lemmy.worldEnglish
      202·
      2 days ago

      Well, would you trust the company that’s actually gone through the audits, or the one that skips them to save money & be cheaper?

          • Magnum, P.I.@lemmy.dbzer0.comEnglish
            51·
            2 days ago

            You can, I do. The point is to gain encrypted access to my network no matter where you are.

            Never the less is your actual point correct.

            • __Lost__@lemmy.dbzer0.comEnglish
              6·
              2 days ago

              Well, yes, you can self host a VPN to access your home network, I do that as well. That is not the context for proton et al though, and you can’t self host a privacy VPN.

            • onslaught545@lemmy.zipBannedEnglish
              12·
              8 hours ago

              To expand, you don’t want your service provider to open source all of their configs. Audits like the one Proton went through require admin access to systems that you absolutely don’t want the public to have.

              This is just like Lemmy. The actual code is open sourced. But instance configs aren’t (for good reason)

              Proton isn’t a developer when it comes to their VPN service. They most likely are utilizing open source solutions to run it, but they’re not operating a code base for it.

              Their clients are open source, though.

              And I’m saying this as a cyber security expert who uses Proton for personal use.

            • onslaught545@lemmy.zipBannedEnglish
              11·
              2 days ago

              That doesn’t mean that instance owners can’t do shady shit. Open source is meaningless when you’re talking about a service provider.

    • Broken@lemmy.mlEnglish
      14·
      2 days ago

      So would you equate a company that doesn’t do any audits as the same caliber?