If this issue had been resolved a month ago, then another option might have worked, but now the only thing to do is remove Proton from the VPN section. When they fix their product, their marketing, and their attitude, someone can start a new thread about adding it back.
And you will not change the criteria, and the only ones that will remain now are Mullvad and IVPN.
edit. And yes, I do have a recently renewed two-year Unlimited subscription, but I don’t use their VPN.
It’s weird though.
When I was in North America, Proton worked great (the kill switch issue notwithstanding, that’s always been iffy with them). But I’m now in the GCC and only Mullvad and IVPN seem to work here. And no WireGuard is not actually being blocked, just Proton IPs it seems. It can still work if you use WireGuard directly and whatnot but the app on iOS for example refuses to work/connect.
That is the other problem with evaluating VPNs. Not all of them work the same best way everywhere. How to account for this? I don’t know.
Because if someone else learns of Proton from this part of world, they’re SOL because it won’t work through the app or at-least as well as Mullvad or IVPN.
Like I said, it’s weird and difficult to figure out what exactly needs to be done such that all info from PG applies to all people in all corners of the world.
I know for a while in Iran they were blocking all public DNS servers and then also blocking the api.vpnprovider.example.com endpoints. Windscribe got quite creative with those domains a while ago 
- no user would see these unless doing packet inspection.
I’m not in Iran. I would not be online if I were. But I’m close and thankfully internet blackouts are not an issue here. Also, VPNs while officially “prohibited” can and do still work. It’s widely tolerated. The region has bigger problems than VPN crackdowns.
But what I said was just my experience.
Let’s keep on-topic please.
For anyone else reading, this was about a year ago, when they weren’t either.
Agreed.
Don’t get me wrong. I love that Proton has a great suite of apps and how much they contribute to the privacy community, but their marketing strategy is at least disconcerting for me.
It is well known on the marketing world that to target a competitor ant point its flaws while presenting your own product is a common strategy. However, that’s all they do.
I personally like to follow their blog for product updates, but Proton has been quite stale on that matter, refusing to address most of what their
community requests and post mostly these marketing headlines.
Also, they have a bit of a deceiving strategy when presenting their apps, like announcing one as open source weeks before the source code was indeed revealed and saying their apps have feature parity across OSes when that’s not true.
My point with this thread is not by any means to diss Proton as a whole, since their products and posture have been great for our community.
What are your opinions on this?
Proton’s marketing by this point has long been problematic. All that talk with their blog posts only to always recommend their products. Geez.. we get it. You make good privacy respecting services. Only if they educated in good faith to further the privacy education.
That’s kinda another subject. SEO practices, etc. This thread is more about misleading elements in their marketing, not mere self-recommendation in their blog.
To actually answer the question on how to respond:
Also, while not necessarily and inherently a problem, most of their blog posts feel AI generated, due to being very low quality.
If they have the same overhyping marketing fluff as most other VPNs then they should be treated as such.
The issue is that I’m unsure a line of documentation being incorrect is in fact the same thing. When the criteria was originally written, it was more about things like
And FUD like this when this “problem” is solved by design rather than by policy in Tor:
If it’s incorrect for a week or month and they fix it, then it’s a mistake.
If it’s incorrect for years and they never fix it, then it’s intentional to make the product look good.
While I support people reaching out to get an official reply, I do not think a precedent needs to be set where we need an official response everytime a tool runs afoul of the marketing criteria.
I think that line has had enough of an impact to warrant being considered more then just an innocuous mistake in their documentation. I think its fair to assume there are countless macOS users who think or previously thought they had a working kill switch and paid for a subscription partially due to that assurance.
I think its a slippery slope if we start splitting hairs between false statements and incorrect documentation. To me, If there is factually incorrect user facing verbage and, that would cause a typical user to think the product is capable of something its not then, PG should treat that as being deceptive.
Indeed I would say it is more of their responsibility to be aware of community feedback than it is our responsibility to make them aware.
I think everyone is in agreement that this should happen. The question is whether this “treatment” is delisting them, or if it is warning people about this error. Typically in the past I believe we would add warnings if it is only a single, addressable problem like this one.
I’ll give you two examples, which is Brave where we tell people how to avoid a tracking issue with their downloads, or our Data and Metadata Redaction page where we tell people to avoid using one specific tool to redact text in images, and encourage them to use an alternative.
In update: Warning about Proton kill switch on macOS by jonaharagon · Pull Request #3205 · privacyguides/privacyguides.org · GitHub we add this warning and change the icon for the information in the right-hand sidebar from a 
to a 
to also reflect this change at a glance.
I think I am bit of a hard liner in this respect. I think, without extenuating circumstances (such as the kill switch issue which I think has some more reasonable nuance), if a tool does not meet the criteria, it should be removed. With that said, to me its clear Proton should be removed over this.
This is not an anti-proton sentiment. I’ve said it before, I feel this way about all suggestions in all catagories. Part of this is that I am able to compartmentalize what I am willing to use (my threat model) and what I think the standard at PG should be. Even though I would continue to use Proton if it got delisted, I still feel it should be delisted.
I think its a disservice to have all these warnings and caveats to make tools we like fit in the criteria.
Just an update, currently at minimum I think nobody disagrees that update: Warning about Proton kill switch on macOS by jonaharagon · Pull Request #3205 · privacyguides/privacyguides.org · GitHub should definitely be done, so I’m merging that PR in the interest of updating our site quickly.
However, I won’t mark this as completed since of course we’re still discussing additional changes on top of that, including potentially update!: Remove ProtonVPN by jonaharagon · Pull Request #3203 · privacyguides/privacyguides.org · GitHub
Here is all of the information I could find on ProtonVPN’s claims regarding their macOS kill switch. I could not find any other official correspondence from ProtonVPN on the matter.
Blog post: What is a kill switch?
A kill switch is available to all Proton VPN users on Windows, macOS, Linux, iOS and iPadOS. Newer versions of Android now have built-in kill switch feature, as explained below.
Please note that our regular kill switch feature can’t protect you if you intentionally disconnect from a VPN server. However, the feature does protect you while switching servers with Proton VPN.
In that same post, they even re-assure macOS users about one of the software limitations that affects all VPN providers, whilst completely omitting their own deficiency that is objectively far worse.
Important note: As we have reported, Apple’s macOS and iOS operating systems don’t close all existing connections when you connect to a VPN, specifically certain DNS queries from Apple services, even with the kill switch turned on. However, the kill switch will block all non-Apple connections. We’re aware of this issue, and are working towards a possible fix.
Blog post: What is a VPN kill switch and when should you use one?
Page context
ProtonVPN’s claim:
Proton VPN offers a full system-level kill switch on all platforms that we support — Windows, macOS, iOS/iPadOS, Linux, Linux CLI (and, of course, Android).
Blog post: Introducing Kill Switch for macOS VPN
The new, firewall-based Kill Switch prevents your IP address and DNS queries from being exposed in the event you are disconnected from a VPN server for any reason. When you enable Kill Switch, if you lose connection to the VPN service, the Kill Switch will block all external network traffic until it automatically re-establishes a connection to a VPN server.
Reply to reddit post complaining about server switching exposing their IP address on macOS:
when I try to swap from a US VPN server to a Netherlands VPN server while running an IP refresh every second, for a brief period my original IP appears in-between US and Netherlands IPs.Hi! Note that during the transition from one server to another, the kill switch should indeed be activated and you shouldn’t have internet access during this brief period of time that it takes the app to switch servers.
ProtonVPN deletes reddit post for using the terminology “IP leak” to describe the issue:
To clarify, our Support team removed this post because the title was spreading misinformation.
Proton VPN isn’t leaking your IP, you’re expecting the regular Kill Switch to do something which is not designed to do – namely, prevent you from connecting to the internet even if you manually disconnect from the VPN.
This doesn’t just seem like a line of documentation being incorrect. But I will let you judge for yourself.
Proton would probably argue that they are technically correct here. This is the challenging thing, that Apple seemingly requires VPN apps to disconnect and then reconnect when switching servers.
This is an interesting comment, although it is quite old. It does make me want to do something like…
…to just have some definitive proof out there that this is really happening beyond a handful of sporadic Reddit posts.
It’s not a bad idea, in fact, IMO, this is a must, but I am personally not convinced that it will be enough. In the past, I have asked Proton to clarify their ToS, and they said they didn’t think it was necessary, even though they were deliberately using weasel words that were open to interpretation.
I think the chances increase if more people complain, or if prominent voices complain, but at the same time, I find it frustrating, that it should take significant collective efforts to address something that is objectively an issue after a few people have already reported it.
