Proton VPN published a spring and summer 2026 roadmap on or around April 28–29, 2026, confirming what it announced then: the new client-side WireGuard codebase is now in live beta on Android and Windows, and it is the most significant infrastructure shift the company has undertaken. This is not a version bump. This is a ground-up reconstruction designed to outpace the growing sophistication of internet censorship and surveillance. The rebuild promises faster tunnels, better anti-censorship obfuscation (Stealth protocol support is now in scope for Linux), and the architectural foundation for post-quantum encryption, the ability to resist decryption even if quantum computers arrive and break the cryptographic assumptions that protect today's traffic.

The WireGuard rewrite matters because Proton is not just iterating on a legacy codebase; it is betting that the next decade of VPN use will be defined by adversaries who actively detect and block VPN traffic, not just intercept it. The previous architecture was built for speed and privacy in a threat model where the ISP or government goal was surveillance. Today, in Iran, China, Russia, and a growing list of democratic countries with age-verification mandates and content filters, the threat model is blocking, governments want to prevent the use of VPNs entirely. Stealth obfuscation (masking VPN traffic to look like normal HTTPS) addresses that directly. The fact that it is already in beta on two platforms (not promised for "2027" or buried in a roadmap) tells the reader that Proton has moved from design to deployment.

The post-quantum encryption groundwork is the longer-term hedge. Proton is not claiming it has post-quantum tunnels live today; it is saying the new codebase is architected to support them when the standardization process finishes (NIST finalized its primary post-quantum encryption standards in August 2024, with the additional HQC standard expected to be finalized in 2027). Why does this matter? Because VPN logs, if captured today, could theoretically be decrypted retroactively by a quantum computer in 10 years. Proton's move to migrate to post-quantum-capable infrastructure now, before the threat is imminent, signals that the company understands the difference between reactive security (fixing vulnerabilities after discovery) and anticipatory security (building for threats with a known arrival window). Over 100 million people already use Proton's ecosystem (Mail, VPN, Pass, Drive). If the migration to the new WireGuard codebase succeeds, that is 100 million users de-risking themselves against a specific future threat.

The Linux redesign completing the rollout is secondary but real. Proton's team is rebuilding the Linux GUI to match the modern, consistent look of the company's other platforms, a signal that Linux is no longer treated as a second-class citizen in the product roadmap. For users in countries where accessing Proton's website itself is blocked, this means the native app experience will finally be on parity with Windows and macOS. macOS and iOS are expected to ship the new codebase in the coming months; the exact timeline is vague, but the Windows and Android beta being live removes the "when?" question for two of the three most-used platforms.

Who wins and who loses here is straightforward. Users living under active censorship (detected by the rollout of DPI filters, GFWs, or explicit VPN blocking laws) win immediately, faster tunnels plus Stealth protocol plus better Linux support means fewer connection failures and lower risk of detection. VPN providers still shipping legacy code or, worse, relying on weak obfuscation or no obfuscation at all, lose credibility as the threat model shifts. Proton also signals that the privacy infrastructure market is moving from "good enough" to "anticipatory", building for threats that do not exist yet. That raises the cost to compete, which favors larger, funded teams over startups.

Watch three specific markers to confirm whether this bet pays off. First, the rate of migration from the legacy code to the new WireGuard codebase in the wild, if adoption stalls (users opt out of beta or disable the new code), the architecture did not actually solve a real problem. Second, the launch date of post-quantum support once the standardization process completes; delay beyond Q1 2027 suggests the groundwork was not as solid as claimed. Third, feedback from heavy users in censored regions, if Stealth-on-Linux doesn't measurably reduce detection rates compared to Stealth-on-Android/Windows, the platform-specific tuning was incomplete.