What lists do Proton VPN's Netshield use?

It’s pretty easy to find what IVPN and Mullvad use, but I can’t find what Proton uses.

Nobody knows because Proton doesn’t tell anyone.

1 Like

I don’t know if I posted it here, but please don’t rely solely on these lists.

Quoting myself:

  • Google Safe Browsing goals are blocking threats that are gone within 10 minutes
  • Quad9 claims “up-to-the-minute list of threats”
  • DNS0 claims “detection-to-protection window to just a few seconds”
  • ControlD claims “are rebuilt and deployed every 30 minutes or less”
  • Mullvad updates once a week with a tiny list: History for output - mullvad/dns-blocklists · GitHub

Please use Quad9 or DNS0, layer a browser with uBlock Origin, and Safe Browsing too.


Which is one of the reasons I switched to iVPN

Isn’t it not recommended to use a custom DNS with a VPN?

Is it known why they don’t tell anyone? :thinking:


Also Proton VPNs mac app is horrible

Constantly disconnects and dosent have a permanent kill switch


Yes because you are trusting your data with two parties instead of one.

But its a pretty low hit to your privacy as long as you trust your DNS provider.

Not knowing what lists they use and what is or isn’t being blocked with Protons Netshield is why I use NextDNS along side the VPN. Not a big risk IMO seeing as NextDNS is rather trustworthy.

yeah that’s why I use the WireGuard native app for all my device’s.

I was always under the impression the advice is to always use the native dns blocking with your vpn provider to preserve privacy

1 Like

Yes, that’s normally the rule. I’ve understood that you shouldn’t use a DNS tier with a VPN because DNS can cause conflicts and lose efficiency.

Would not say so…

Have been using it for last 5 month all-the-time, not even once have I been disconnected. So you dont know what you say.
As of KillSwitch, its setting is saved in UserPrefs.clist file, so its permanent.

1 Like

By permanent, I mean it blocks all network traffic even if the VPN isn’t running. Currently, Proton only has the option available on Windows and Android. They have no ETA on it being introduced on Mac’s.


Strange because Mullvad and IVPN both have the option on Mac.


That’s what Graphene recommends.

TL:DR - “If you’re using a VPN, you should consider using the standard DNS service provided by the VPN service to avoid standing out from other users.”


Yeah thats the advice i saw

I’m just curious about this: Proton is highly recommended for multiple reasons, including being open source. However we can not see which lists are using for blocking… That doesn’t feel very transparant? I’m not knowledgeable about this subject but theoretically they could do something harmful right?

1 Like

Ya, I find it incredibly odd they don’t open source their netshield blocking list. I’ve used it in the past and it seems like a very relaxed list. But I’ve also had sites break in the past when using it and I don’t know if it’s from netshield, my adblocker or something else. If they just revealed their list it would be very easy to look up a possible domain that might be blocked and report it to them as a false positive.

I’ve switched to IVPN since then and they allow you to select from many different community maintained, open source list like Hagezi and 1Hosts with varying degrees of blocking. Much better than Protons approach.

1 Like

According to Proton (a year ago) they plan on letting users use custom block lists and a couple comments under that they said they’ll consider making their list public. When we all this happen? Not any time soon I’m guessing.

@dngray Sorry to tag you in this, but since I saw you worked on the VPN page: do you have any thoughts on this? It’s a bit weird that they are completely open source, but have a hard time sharing these lists (which leave a lot to be improved apparently)?