Some VPN services use RAM-only VPN servers, which they promote as being more secure than traditional servers that use hard drives. At Proton VPN, we do not doubt that RAM-only servers can offer VPN services some legitimate operational advantages, but we disagree with how they’re often portrayed (especially by third-party VPN review and comparison sites) as providing additional security over using full disk encryption on hard drives.
In this article, we’ll explain why.
- What is a RAM-only VPN server?
- Why Proton doesn’t use RAM-only servers
- So why use RAM servers?
- What really protects your privacy
What is a RAM-only VPN server?
Computers (including VPN servers, but also your laptop and smartphone) usually use two types of storage:
RAM
Random access memory (RAM) is temporary storage. It acts as the computer’s short-term memory, enabling quick access to data and applications actively being used or processed by the central processing unit (CPU). The more RAM a computer has, the quicker it can multitask and perform complex operations. RAM is often referred to simply as “memory”.
RAM is volatile, meaning it loses all stored information when the power is turned off. Unlike storage devices such as hard drives, which retain data even when the computer is powered down, RAM requires a continuous power supply to maintain its data.
Hard drives
Hard drives come in two main types — hard disk drives (HDDs) and solid-state drives (SSDs), and provide persistent storage. In other words, data stored on hard drives doesn’t disappear when you turn off the power. Hard drives are therefore essential for storing your operating system, applications, files, and other data between computer sessions.
Hard drive storage is much cheaper than RAM but also slower (especially “spinning rust” HDDs), so when a computer needs to perform a task, it looks up the information stored on the hard drive and loads it to temporary RAM for speedy processing.
RAM-only servers
As the name suggests, RAM-only servers dispense with hard drives, relying on RAM only. This means that no data is stored on the computer when the power is turned off. When a server is powered down and up again, it’s booted from a read-only image (such as one stored on a write-protected DVD disk).
Advocates of RAM-only VPN servers argue this makes them more secure. If the VPN servers are seized, the argument goes, the adversary won’t have access to hard disks containing user data. However, at Proton VPN, we believe this notion doesn’t stand up to rigorous scrutiny.
Why Proton doesn’t use RAM-only servers
1. RAM can be just as easily accessed as hard disks if the computer is on
The first thing to note is that the claimed security benefits of RAM-only servers only apply if the server is turned off. If an adversary gains access to a running machine — whether by physically seizing it or by some covert means — they can gain full access to all data stored on the server, regardless of the nature of the storage medium it used.
For the record, this also applies to hard disks that use full-disk encryption (see below). The disks are decrypted when the server is turned on, so anyone with administrative access to the system when it’s operational can access all data stored on it. This means hard disks using full-disk encryption are neither more nor less secure than RAM-only servers in this situation.
2. Full-disk encryption achieves the same end
Any competent VPN company will use full-disk encryption(nouvelle fenêtre) on its hard drives, which encrypts all the data on a drive, including the operating system, applications, system files, and temporary files that might contain sensitive information. This ensures that no data on the disk can be accessed without proper authorization.
Learn more about how Proton VPN protects all our servers with full-disk encryption(nouvelle fenêtre)
The data is decrypted during the boot-up process, and when the system is powered off, all data on the disk remains encrypted, making it inaccessible without the encryption key.
Proton VPN secures all our server disks with the Linux Unified Key Setup(nouvelle fenêtre) (LUKS) encryption specification, using an AES-256 cipher and encryption keys that are long enough to resist any practical brute force attack. And crucially, encryption keys are stored off-site (not on the server) so that incidents such as this(nouvelle fenêtre) can’t happen with Proton VPN’s servers.
Learn more about AES encryption(nouvelle fenêtre)
The result is that seizing our servers when powered off will yield no more information than seizing RAM-only servers.
3. A good VPN service has no logs worth seizing anyway
A reputable VPN service should never log anything that might compromise its customers’ privacy. That way, even if authorities seized its servers or an adversary accessed its storage, they would find nothing useful, anyway.
At Proton VPN, we commission annual third-party audits to verify our strict no-logs policy. And unlike many other VPN companies, we publish these audits in full, so you can have confidence that when we say we keep no logs, we mean it.
Learn more about our third-party no-logs audits(nouvelle fenêtre)
4. Location, location, location
Another important factor in ensuring that data doesn’t fall into the wrong hands is their legal jurisdiction. Servers in restrictive and authoritarian countries are more vulnerable to seizure than in countries with respect for their citizens’ privacy and the rule of law.
To address this issue, Proton VPN uses Smart Routing to offer servers in countries we might not otherwise be able to due to possible censorship and interference. Instead of running servers physically inside those countries, we use servers that are, in reality, located in safe countries.
These Smart Routing servers behave just like the other servers on the Proton VPN network do. They are also run on our own bare metal servers, so they are equally secure.
Learn more about Smart Routing(nouvelle fenêtre)
For those with very high privacy requirements, we offer Secure Core. This double-VPN solution routes connections through two VPN servers, the first of which is always located in a country with strong privacy laws: Iceland, Switzerland, or Sweden.
And, of course, Proton VPN itself is headquartered in Switzerland, a neutral country with some of the strongest data privacy laws in the world. The Swiss legal code also protects us from any obligation to start logging our community’s VPN connections.
Learn more about Swiss legal protections(nouvelle fenêtre)
So why use RAM servers?
There are reputable VPN services that offer RAM-only VPN servers, and we have confidence they have good operational reasons for doing so. For example, this setup allows you to boot all servers from a single image, allowing for a high degree of consistency between server instances.
At Proton VPN, we’ve opted to emphasize different operational advantages by using hard disks with full-disk encryption. For example, hard disks allow us to:
- Securely store system logs (which contain no personal information) locally. These help us quickly and efficiently investigate issues with our servers or network.
- Easily release new features, as we can simply update our servers rather than needing to reboot them all with a new image.
- More conveniently and accurately run diagnostic and performance tests on our servers, as RAM is not shared between system files and other data.
So, there are operational tradeoffs no matter what option a VPN service chooses. However, we strongly believe that RAM-only VPN servers offer no privacy or security advantages over robust full-disk encryption.
Final thoughts — what really protects your privacy
Much more effective real-world measures for maintaining your privacy are:
- Having a robust and regularly independently audited no-logs policy
- Performing routine internal and external software audits(nouvelle fenêtre)
- Locating sensitive servers in privacy-friendly locations
- Using proven VPN protocols such as WireGuard(nouvelle fenêtre) and OpenVPN(nouvelle fenêtre) and their highest encryption settings
Needless to say, at Proton VPN we implement all these measures in the fullest possible ways, so you can be confident that what you get up to online is your business — and yours alone.