ProtonVPN goes open-source: What this means for your privacy

News
By published

Top VPN provider pulls back the curtain

Abtract representation of a VPN network.
(Image credit: TierneyMJ/Shutterstock)

One of the best VPN providers ProtonVPN is open-sourcing all its client software, parent company Proton Technologies announced earlier this month. 

Code repositories for ProtonVPN's Windows, macOS, Android and iOS client apps, as well as one of its Linux command-line tools, are now available on GitHub for you to download (you can find links below) and tinker with. 

Instead, what open-sourcing means is that software experts and independent developers can look at the software source code and examine it for security and privacy flaws. They can also suggest improvements, or make improvements themselves and release the updated versions for free. 

ProtonVPN's GitHub code repositories

What's under the hood?

This is important because the consumer-VPN industry has a transparency problem. Many of the best VPN services in the business don't like to talk about who owns them, where they're located or under which country's legal jurisdiction they fall. A VPN provider that's registered in a Caribbean tax haven may in fact be run out of Eastern Europe or China. 

You want to see inside because VPN providers can see all of your non-encrypted traffic and will know exactly what you're looking at online, even as it shields that information from other entities. If you don't know who owns or runs the VPN provider, or which country's intelligence or police services can get legal access to the servers, then you don't know who's seeing your data.

"By open sourcing 100% of its client code, ProtonVPN is allowing security experts from around the world to inspect its encryption implementations and how the company handles user data, giving users more confidence the company is adhering to its strict privacy policy," the company said in a press release.

Open-sourcing the client software doesn't resolve all those issues, but it at least makes it harder to hide violations of privacy on the client side. The same goes for the privacy audits that many VPN services, including ProtonVPN, have had performed.

Not the first open-source VPN

The Switzerland-based ProtonVPN isn't the first consumer-targeted commercial VPN service provider to open-source its client software. The U.S.-based Private Internet Access (PIA) started doing so in mid-2018. PIA's various clients are all on GitHub, including its Android and iOS apps, Windows and macOS/Linux GUI and command-line desktop clients, Firefox and Chrome/Chromium browser extensions and various tools.

In fact, neither ProtonVPN nor Private Internet Access require you to run their client software in order to access their VPN servers. Both services offer instructions on their websites showing you how to use third-party open-source clients, such as those from OpenVPN, to access their VPN servers.

TOPICS
Paul Wagenseil
Paul Wagenseil

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.