We’re adding full-disk encryption to harden our servers against MITM attacks

Posted on April 30th, 2019 by in Service Updates.

protonvpn disk encryption

 

UPDATE: As of February 2020, we have applied full-disk encryption to all Proton VPN servers.

Attacks from nation states may not be part of your threat model, but they are part of ours. We’re happy to announce an important security upgrade that will help mitigate certain resource-intensive attacks that can come from unfriendly governments in the countries where we have exit servers, such as Russia. With full disk encryption, Proton VPN will be safer from sophisticated man-in-the-middle attacks.

Why disk encryption is important

When you connect to Proton VPN, you are establishing an encrypted tunnel between your device and one of our servers around the world. While this prevents surveillance on your local network and at the level of your Internet service provider, it theoretically gives Proton VPN the ability to see your activity. (Hence why it’s crucial to use a trustworthy VPN.) Proton VPN does not keep logs of your activity, so there is virtually no information about our users saved on our servers that could be divulged to governments in the countries where we operate.

Nonetheless, our servers are still an attractive target. One way for an attacker to compromise a VPN would be to seize the VPN server, steal the server certificate, and redirect users’ traffic to servers they control. A server certificate is the cryptographic version of an ID badge. It tells your device that the server is trustworthy and it’s safe to establish an encrypted connection. With a stolen server certificate, the attackers could trick your device into sending them your data.

This is not an easy attack to pull off, but a government could do it. As we expand our VPN service to even more countries, including high-risk countries, we are taking precautions to ensure Proton VPN users can continue to browse safely. This includes disk encryption, which secures all the configurations and software contained in each exit server (including server certificates). That way, even if a server is compromised, the attackers will not be able to access it.

What this means for you

Disk encryption won’t change anything about your Proton VPN experience. All users will benefit from this security upgrade without any action required.

During the transition to disk encryption, there will be some temporary outages as we reboot each exit server in turn. The majority of users won’t notice any down time. If you do, simply switch to a different VPN server. You can also enable kill switch (if supported on your device) so that even if your VPN connection drops, your device is blocked from sending unencrypted traffic over the network. Full disk encryption is already active on Proton VPN’s Russia servers, and we will be rolling out this upgrade across our entire fleet of servers.

If you have any questions about disk encryption in Proton VPN, feel free to join the conversation on Reddit or Twitter.

Best Regards,
The Proton VPN Team

Get a free Proton Mail encrypted email account


Ben Wolford is a writer and editor whose work has appeared in major newspapers and magazines around the world. Ben joined Proton in 2018 to help to explain technical concepts in privacy and make Proton products easy to use.

Back to Blog

Secure
your internet

Get Proton VPN
Get Proton VPN

Contact us

Support form

Tell us about the problem and we'll get back to you as soon as we can.

Open support form

Live chat

Get help from a support agent in real time. Available with a paid VPN subscription.

Chat with us

Secure email

Send us an encrypted message at contact@protonvpn.com. It may take us longer to respond.

Email us