
All ProtonVPN apps are now open source and audited - BafS
https://protonvpn.com/blog/open-source/
======
GlitchMr
> We’re happy to be the first VPN provider to open source apps on all
> platforms (Windows, macOS, Android, and iOS) and undergo an independent
> security audit.

I believe Mullvad did that first. Both security audit and providing an open
source application for Windows, Linux, macOS, Android and iOS.

Of course, it's nice and all, a step in right direction, but they shouldn't
claim they were first when they weren't.

~~~
lame-robot-hoax
I think they may be claiming this, because technically Mullvad doesn’t have an
iOS app, and their Android app is still in beta and recently released, and
doesn’t have an audit done.

Mullvad has had their Windows and Linux apps audited (which were all they
offered at that time).

~~~
vinniejames
Depends on the definition of "all platforms" By strict definition, none have
ALL platforms covered

~~~
lame-robot-hoax
All major* platforms.

------
tmikaeld
Client apps are open sourced, doesn't mention the server code.

Great step in the right direction in any case.

~~~
zenlot
Server side is owned by Tesonet and used for marketing. This open source move
is just a smoke. All they're doing is selling your data via Tesonet.

~~~
LeoPanthera
> All they're doing is selling your info via Tesonet.

[Citation needed]

~~~
protonmail
It's a false claim and pretty easy to verify. All our IPs are public info and
can be checked. ProtonVPN was also audited by both Mozilla and the European
Commission (and also partially financed by the EU).

Not to mention it would be a huge GDPR violation and as a Swiss company that
does business in the EU, we're obliged to adhere to GDPR. We also can't dodge
our GDPR responsibility since our management team are well-known public
figures (former CERN scientists with extensive peer-reviewed publication
histories).

More info here: [https://protonvpn.com/blog/is-protonvpn-
trustworthy/](https://protonvpn.com/blog/is-protonvpn-trustworthy/)

~~~
jacekm
Actually I was always curious how their CERN work was related to cryptography
and security. Would you mind posting a list of their publications please?

------
mikece
I think they were planning to do this but accelerated efforts when PIA was
acquired. I'll keep using PIA until my subscription runs out but will more
than likely switch to ProtonVPN at that point.

~~~
flatiron
Same here. I just use PIA tot torrent. Nobody cares about me. And I like their
port forwarding api. Most other providers I need to log in every week or two
and reset it up.

------
PopeDotNinja
I'm a light VPN user, and I've been pretty happy with ProtonVPN's cheapest
non-free plan. I will probably renew when my annual subscription is set to
expire.

------
trackofalljades
This is a very good move on their part, and they have a great no-logs policy,
but they do still restrict p2p in some countries which is a bummer for some
potential users.

~~~
freeAgent
I believe that move is more of a CYA to prevent clashes with the legal system
in those countries which could result in fines, being unable to operate
servers there at all, etc.

------
LegitShady
Proton unfortunately has poor speeds where I live or I would consider them. It
comes with proton email too...

~~~
citilife
With ProtonVPN I've been able to hit 500-1000Mb/s easily on a regular basis.

Perhaps your internet provider are blocking / throttling you?

~~~
Youden
The internet is a complicated beast. When ISPs connect to each other (e.g.
Proton VPN to Comcast), they can't always directly reach each other so they
have to go through intermediate networks to make it work. Sometimes there's
congestion in those networks or a faulty switch or any number of things.

ISPs that allow VPN providers tend to be some of the worst ISPs around (i.e.
they're able to reach very little of the internet themselves), so when you see
bad performance it's quite possible for it to be the VPN's ISP that's the
problem, rather than your ISP.

For example I have FTTH from a great ISP. Not only do they have one of the
most extensive networks available in my country but they've also been happy to
add direct peering to providers that I've asked for in the past. I'm easily
able to saturate my gigabit connection to most of the world, even across the
Atlantic. When I tried to connect to a VPN server in a city ~5km away resulted
in a path traversing 3 different countries and about 5 different networks,
resulting in pretty abysmal bandwidth and latency.

------
Zaskoda
Ah shucks, seems we're all so excited we've crushed them. (web servers timing
out)

------
say_it_as_it_is
when are they releasing the perl cgi server?

------
prophesi
This isn't revolutionary, or did we forget that OpenVPN (and when it's easier
to use: Wireguard) is a thing?

Well-audited, open-source, cross-platform, and most VPN providers offer an
.ovpn config.

~~~
OJFord
From the features page:

> We use only VPN protocols which are known to be secure - IKEv2/IPSec and
> OpenVPN.

If you want to use Wireguard, consider Mullvad.

~~~
craftyguy
OpenVPN and IPSec clients exist, why is ProtonVPN reinventing the wheel? This
ProtonVPN advertisement wouldn't have been 'necessary' if they had used and
supported an existing client for these protocols.. but then again, they
wouldn't have had this ad on 'hacker' 'news' if they had..

~~~
himinlomax
I haven't looked at the app, but my guess is things like exit point selection,
account management, troubleshooting and performance indicators.

~~~
prophesi
Not sure what exit point selection is, but I don't see why any of those
features can't be added upstream to a FOSS OpenVPN client/server.

~~~
himinlomax
It's simply selecting where packets exiting the VPN are routed.

> but I don't see why any of those features can't be added upstream to a FOSS
> OpenVPN client/server

Could be simply because none allows this in the first place. And then the
selection may be very service-dependent.

In any case, their app is now open source, so why is this an issue anyway?

~~~
prophesi
> In any case, their app is now open source, so why is this an issue anyway?

My issue is that countless VPN companies are re-inventing the wheel, when they
could just be contributing to open-source in the first place. It's obviously
in their best interests from a security & trust standpoint to start from an
already open & well-audited platform. Everyone wins when bugs are squashed and
new features are added; and the licensing lets them keep their branding/ui for
the app they deploy.

