protonvpn

joined 1 month ago
sorted by: new top controversial old
8
'Guest' users of Proton VPN - what data is stored? (lemmy.world)
submitted 2 weeks ago* (last edited 2 weeks ago) by protonvpn@lemmy.world to c/protonprivacy@lemmy.world
1 comments fedilink
 

The Google Play Store version of Proton VPN (not the F-Droid or GitHub versions (unless they have been updated the last few weeks)) allows people to use Proton VPN as a 'Guest', i.e. without logging into a Proton account. The average user might think, because they have not provided an email address or any other details whatsoever, that using Proton VPN as a Guest gives them an additional layer of anonymity.

Would they be correct?

Or am I right in thinking that when a person downloads the VPN app from the Play Store, their Gmail address (logged into the Google Play Store) is shared with Proton, and because Proton receives this identifiable information from Google it is why Proton allows 'Guest' usage on the Play Store version and not on the FOSS versions of the app?

If yes, does Proton store these Gmail addresses and are therefore able to provide them to Swiss authorities if demanded?

Proton VPN says they are a "no-logs VPN service", but their definition of what that is leaves me with a few questions. They say "we keep no session usage logs" of which websites people visit, or their actual IP address, but does this mean the data they have is only cleared once the session ends? Do they not need an identifier to know where to send data whilst the VPN is in use? What if the user does not switch off their VPN - can Proton what websites a specific Google 'Guest' user is visiting whilst they are in a session?

Although a user logged in with a Proton account would have peace of mind that some or all their other data (emails, files, etc) is E2EE and therefore safe, if the the user is a 'Guest' and Proton stores their Gmail address, the user is much more likely to be identified and their Google data accessed by authorities.

If on a single device the user is logged into their Proton account in their browser or other Proton apps but use the VPN as a Guest because they think it would make them less identifiable, could Proton, or Swiss or foreign authorities connect the Proton account with the VPN usage (specifically, the Gmail account if nothing else)?

All that is to ask, are 'Guests' any more or less 'anonymous' than Proton VPN users who log in with their Proton account?

Google Play's version of VPN allows private 'Guest' use, so why does FOSS version on F-Droid demand email address?! in c/protonprivacy@lemmy.world
[–] protonvpn@lemmy.world 1 points 1 month ago* (last edited 1 month ago)

You are right. Guess I expected more from a privacy advocate. Can't even create an account with a Tuta email address, to silo my VPN activity from my Proton ID and usage.

Google Play's version of VPN allows private 'Guest' use, so why does FOSS version on F-Droid demand email address?! in c/protonprivacy@lemmy.world
[–] protonvpn@lemmy.world 1 points 1 month ago (2 children)

I see. So they stole my device's Android email address? Very disappointing. Thank you for the help.

23
Google Play's version of VPN allows private 'Guest' use, so why does FOSS version on F-Droid demand email address?! (lemmy.world)
submitted 1 month ago* (last edited 1 month ago) by protonvpn@lemmy.world to c/protonprivacy@lemmy.world
5 comments fedilink
 

I downloaded ProtonVPN (5.5.68.0) a few months ago via the Google Play Store and have been happily using it ‘anonymously’ as a Guest with no problem. I recently purchased a new Android device and this time I chose to download the same VPN (5.5.68.0) via F-Droid to maintain some privacy. However, there appears to be no option in the FOSS version of the app to use Proton VPN as a guest - I am told I have to sign-up with an actual email address.

For a company claiming they are "Empowering you to choose a better internet where privacy is the default. Protect yourself online with... Proton VPN" (look to the right of this page), this decision astounds me. Assuming the error is not on my part, why is the purported FOSS version on F-Droid forcing users to give identifiable information (even if it’s only an email address and password), but the Google Android version does not?