You're being downvoted because people believe in propaganda being pushed by competitors, but ProtonVPN / ProtonMail are very good options. Plenty of links and reports by Mozilla in this thread will lend credence to that.
but was conveniently never denied by PIA that I could ever find. If it was a lie, it would be easy for them (PIA) to prove under libel laws in the discovery phase of a trial. I'd argue if it was a lie from ProtonVPN, it would have been in PIA's best interests to clear their name. After all, PIA and ProtonVPN are a few of the only providers who've proven in courts they don't have logs of users. We know they're legit because they said so in court under penalty of perjury. Also, the European Commission has investigated these exact claims, and would have privileged access to a lot of the business documents, and found the claims without merit.
Me? Just a happy protonvpn user who finds the oft repeated shilling for PIA dull. If you really want to hate protonvpn, use PIA, or use someone else. Better, don't trust any of them! Setup algo on a digital ocean droplet of your own: https://github.com/trailofbits/algo
However, this is meant for running over an untrusted network, not for maintaining internet anonymity. Use Tor for that.
ProtonVPN has a large history of being connected to TesoNet, a company providing among other things data mining(!). An extra cherry on top of that is the CEO of TesoNet also being the CEO of CloudVPN, which more or less controls NordVPN.
Now that doesn't mean ProtonVPN is automatically compromised but I feel with stuff like no-log VPNs one should always err on the side of caution.
This has been thoroughly debunked, most recently by Mozilla and the European Commission as part of their due diligence.
ProtonVPN is 100% owned by the company behind ProtonMail, which in turn is funded by the European Union, so this has been verified by the European Commission. Details here: https://bit.ly/35RDKzB
Over the course of the disclosure of the connection between NordVPN, Tesonet, and possibly ProtonVPN, Proton's story kept changing. They said contradicting things multiple times. They locked the Reddit thread. Why did Proton keep changing their story if they had nothing to hide? I will keep reminding this every time the issue gets raised. There is a compilation [0] of changing Proton's responses and them successively admitting more and more things not in their favor. The compilation starts at the part called "Online accusations fly".
Both Mozilla and the European Commission have looked into the accusations being made on anonymous websites, and determined that they are false. The EU in particular, has access to records which allow independent verification.
There is also an abundance of public record which demonstrates this is false. The bad faith of those spreading this information is also apparent from the hundreds of fake Twitter accounts used to spread the rumors.
There's a historical, almost accidental connection dating back to the infamous November 2015 DDoS against Proton, but zero connection today, and certainly not in the way it has been portrayed by people seeking to attack Proton.
I mean this[1] is pretty convincing and not directly from the accused company's blog. The only thing it gets wrong is framing ProtonVPN Lithuania as the main ProtonVPN company instead of as a subsidiary.
Regardless of that, there is so much mud being slung I recommend anyone to just search for 'protonvpn nordvpn tesonet', read a few articles on the topic and form your own opinion. Like I said, you can decide if you want to err on the side of caution or if it's a risk you're willing to take.
In case anyone wants VPN recommendations, I have good experiences with TorGuard and Private Internet Access and can also recommend Mullvad. Other people (that I trust) say iVPN and Tunnelbear are also solid.
On one hand, there's anonymous websites, competing VPN companies, and hundreds of Twitter bots pushing a story that is demonstratively false (just check public records).
Then, on the other hand, you have Mozilla and the EU (which has access to all European corporate records) vouching for Proton, which also operates in a highly transparent way, examples here: https://protonvpn.com/blog/is-protonvpn-trustworthy/
Proton definitely has an office and subsidiary in Vilnius, it's not a secret because it's on Instagram: https://www.instagram.com/p/BxMz62oHb6K/ The office is inside a 30 storey building, so it is not surprising the address is shared with quite a few other companies. And that doesn't mean Proton on a whole is based in Vilnius.
> On one hand, there's anonymous websites, competing VPN companies, and hundreds of Twitter bots pushing a story that is demonstratively false (just check public records).
I agree, the VPN industry is rife with shady business practices. But the story being pushed isn't 'demonstratively false'.
* TesoNet offers data mining services
* You did contract TesoNet employees
* Due to an error and unyielding policies by Google TesoNet holds your Android app signing keys in name
* There is a lot of intermingling between TesoNet and NordVPN and to a lesser extent TesoNet and ProtonVPN.
Like I already stated, it's very unlikely you are compromised. But unlike, say, a billing company that handles my energy or water provider (where I care much less if they have tenuous links to data mining) my standard is extremely high for a VPN. Internet traffic is supremely personal and for me to trust a company handling that there cannot even be the slightest sheen of misconduct.
For me to trust you you would have to completely cut out your Lithuanian subsidiary and any employees, board members, etc. that were or are related to TesoNet, as well as any reliance on their infrastructure. Obviously businesses don't operate with such 'scorched earth' policies and I don't expect you to gut your company based on a HN comment, but it is what it would take for me and many other privacy-conscious individuals to regain our trust.
Definitely appreciate your concern here, but there's still a lot which is being confused.
Proton does not today, and has never, used contracted (outsourced) employees. As is common with startups, in the past we did not always do all our HR in house (it's all in house today), but employees were always working on Proton and for Proton.
There are no board members, directors, shareholders, or employees, related to Tesonet beyond the fact that a couple employees might have been employed there previously. This in itself is not strange, we also have some employees who previously worked at Google, the ultimate data mining company, but clearly decided they preferred to work for the other side. People can and do change jobs.
Proton has also always run our own infrastructure, and for ProtonVPN, this is publicly verifiable.
So, we don't have to "gut our company" to remove any "intermingling" because there was little to none to begin with, and certainly nothing today.
Indeed trust is super important, but it seems odd to trust anonymous internet accusers or those with a clearly vested interest in harming Proton, as opposed to reputable third parties like the EU or Mozilla who don't have a vested interest here and are independent.
Proton is still to this day, the only VPN company that has an address clearly published on our website, where you can show up, and find company management and board members, and that means something.
Slightly off-topic but I am delighted by the generally non-abrasive way this thread is going. Dialogue is good!
I realized another way that would work for you guys (but is out of your hands) is fighting a court case about this. You'd be legally compelled to tell the truth and very screwed if you deny but then it comes out there is logging or mining going on. It's not ironclad but it is how most VPNs end up being considered 'solid'.
We have indeed retained lawyers to look into our options to fight the online defamation, but its hard to take anonymous accusers to court. However, as we have discussed here (https://protonvpn.com/blog/is-protonvpn-trustworthy/) there is already a lot of ironclad legal evidence.
First, were we to lie in our privacy policy, we would be subject to GDPR fines of up to 20 million Euros, since we have both European customers, and a presence in the EU.
Second, there has already been a court case. We were ordered by a Swiss court to hand over logs, and we stated truthfully (under penalty of perjury) that we did not have the logs requested. This case was previously disclosed here: https://protonvpn.com/blog/transparency-report/
'January 2019 – A data request from a foreign country was approved by the Swiss court system. However, as we do not have any customer IP information, we could not provide the requested information and this was explained to the requesting party.'
I'm not terribly well-versed in the international (or Swiss) legal system but are portions of that request public record, or would it be possible to put portions of it online, verbatim?
It would really strengthen the case to your customers because whilst claiming you had a request when you didn't isn't illegal, falsifying court documents definitely is.
No public indictment was issued because in this case the accused could not be charged since they couldn't be identified. Generally there are only documents if police decide to move forward with a prosecution, which is unlikely since we do not have logs that can identify users.
Anyone can set up an anonymous website and make spurious accusations and/or take money to post glowing reviews. The VPN segment is full of shady tactics like this. Never trust any VPN review site.
Trust serious organizations such as Mozilla and the EFF.
Mozilla trusts ProtonVPN enough to officially partner with them. That means a lot more than some random anonymous reviews.
There are pros and cons to this, we think it's positive (aligns the EU with privacy), but we provided all the details in the below link so people can draw their own conclusions: https://protonmail.com/blog/eu-funding/
