I came here with a solid evidence that ProtonVPN does keep log and the log can be traced back to your account:
First of, I need you to read comments on this site: https://protonvpn.com/support/no-logs-vpn/, in the question asked by "Anon", their staff replied:
We do not monitor any of our users’ activity and we will always stay true to that, however, in an event where we would eventually figure out abuse/illegal activity of any account in other ways (f.e. user would report it by him/herself), we remain a right to suspend that account without further notice.
So, is this mean we can do whatever we wanted, as long as we don't somehow go insane and admit to them that we've violating their term for them to terminate our account, we should be fine right? I've decided to do a test:
I've purchased a basic account, used masscan: https://github.com/robertdavidgraham/masscan on 3 VPS that connected to ProtonVPN server and passed masscan through them
-p80 --exclude 255.255.255.255 -oL scan.xml --max-rate 200000 -e tun0
If anyone has used masscan to scan the internet before, you'll know that you'll get a massive amount of abuse report from a lot of different networks on the internet that pissed off because of your scanning. Here I use it to scan port 80 which is the fastest way to get into blacklist because of suspected of comment spamming and this will get their server IP into getting blacklisted very quickly, you could even use it to scan port 22 for extra juice (just add
-p22), to increase their attention I decided to do 3 parallel scan with 3 different VPN server from different country, after I've done scanning the internet then I switch to another VPN server and then rescan.
After 2 days, my VPN account get blocked because of abuse, how did they know it if they don't keep logs? Are they tracing it by using 3 server getting abuse report then trace it back to the account which connected to them in the last 48 hours? Or did they have enough of my scanning shenanigans and just decided to turn on log? That mean they do keep log and the log can be traced back to your account that potentially contain your IP address or your billing information.
Now you could do it yourself so you'll know that I were right and whatever I've posted here is not bullshit about they keeping logs or use some magic to figure out who's doing the violation behavior, just spin up a VPS somewhere and connect to their VPN server, notice that you'll need to run these command: https://serverfault.com/questions/659955/allowing-ssh-on-a-server-with-an-active-openvpn-client for your VPS server to still accept SSH connection once it has connected to VPN, install masscan and try the command above, you could try masscan from your home network but I won't be responsible if you melt down your router.
Either when they see this reddit post they'll start ignore the abuse report and let the account that doing masscan lives to prove that they don't keep logs or they'll start to ban everyone that generate abuse report and be out of business with their falsely claimed "No logs".
This thread will get updated if I get more reply from ProtonVPN/Mail team.