Update: Our Hong Kong campaign is now underway. Learn more about how you can support freedom in Hong Kong.
On July 6, Chinese authorities forced through Article 43, a collection of new regulations that gave Hong Kong law enforcement sweeping online surveillance and censorship powers. These rules are an extension of China’s National Security Law, which cracks down on “separatism, subversion, terrorism and foreign interference.”
These laws give Hong Kong police the ability to put people in prison for sharing content online that the government considers “offensive” and foreshadow increased surveillance. There is little doubt the Chinese government will use these exceptional powers to crush Hong Kong’s pro-democracy movement and strictly curtail the freedom of expression.
In light of these developments, we have carefully considered whether Proton VPN will continue to maintain servers in Hong Kong. After much deliberation, we have decided to keep our servers in Hong Kong, not only because we believe we can keep them secure, but also because we believe in fighting for Hong Kong.
Why Proton VPN is staying in Hong Kong (for now)
We are outraged at the new measures enacted by Chinese authorities, but they are not a surprise. We have always had concerns about such an outcome and have long designated Hong Kong as a high-risk country when it comes to VPN security. As a result, our policies for high-risk countries have long been in effect in Hong Kong, allowing us to mitigate certain risks, which we discuss in more detail below.
In light of the significant challenges facing freedom of speech in Hong Kong today, the easiest (and by far cheapest) thing to do would be to shut down our server network there. However, at Proton, we have never focused on doing what is easy, but on doing what is right. Our longstanding policy is to leave countries rather than compromise our values. However, it is not our policy to leave without putting up a fight.
If any measures are enacted to pressure Proton VPN into compromising the privacy or security of the users of our Hong Kong servers, we intend to challenge those measures in a court or another appropriate venue first. If it subsequently becomes impossible to ensure an appropriate level of privacy or security, we would indeed shut down our servers in Hong Kong. However, we think that preemptively abandoning Hong Kong to its fate without even a symbolic resistance sends the wrong message to authoritarian governments around the world that would seek to deny people their fundamental rights.
How we are securing Proton VPN servers in Hong Kong
We should first state the obvious: Under current regulations, Hong Kong is a high-risk location, and we would not generally recommend using servers there if you are handling sensitive content or communications. Proton VPN has one of the most geographically diverse VPN server networks available, and we maintain servers nearby in Taiwan, where we have an office. We also have servers in Singapore, Japan, South Korea, and Malaysia, all of which are also in the region and support low latency connections with Hong Kong.
However, if you would like to use the servers in Hong Kong, we have implemented a number of safety measures to keep them secure. First, we offer Secure Core VPN, which routes your traffic through special, hardened servers in countries with strong data protection laws (in this case, Sweden) before connecting you to a server in Hong Kong. This makes it extremely difficult to track Proton VPN users.
Learn more about Secure Core VPN.
Second, we have experience maintaining servers in high-risk countries, and in fact, we specifically designed Proton VPN to help people protect their privacy in the face of pervasive surveillance. We have a strict no-logs policy, and there is no personally identifiable information stored on any of our VPN servers. This means that even if the Hong Kong servers were to be seized or compromised by the authorities, they would not contain any information that could compromise Proton VPN users. We have also taken several additional precautions to ensure our servers remain secure even in a high-risk location.
Our security measures for high-risk countries
We have put several technical protections in place to keep our servers secure.
- We only use bare metal (physical) servers, which lets us control the server down to the hardware level. Once we procure a physical server, we provision it ourselves from scratch to minimize the risk of using tainted software. We lock the server down to tightly control who has access and extensively monitor the machines to detect any potential tampering.
- We also implement full-disk, block-level encryption on all our servers. Even though our VPN servers do not store any personally identifiable information, we protect them with full-disk encryption. This encryption makes it even more difficult to tamper with Proton VPN servers, even if the attacker has physical access to the machine.
Learn more about the full-disk encryption of our servers.
- We have zero staff or physical presence in Hong Kong or China, which makes us less susceptible to pressure from Chinese authorities. And as a Swiss company, any request for assistance from the Hong Kong or Chinese government under Article 43 would have to be deemed legal under Swiss law and approved by a Swiss court, which is unlikely. Moreover, we have and will vigorously defend our users’ rights in any jurisdiction they are challenged.
Find out more about how we secure servers in high-risk countries.
We are committed to defending Hong Kong
We created Proton VPN to help people maintain their privacy, protect their freedom of speech, and access censored information. Proton has an office in Taiwan, so we feel great solidarity with our users in Hong Kong and a duty to uphold our shared values. As part of this commitment, we are leading a campaign to directly support organizations fighting for freedom in Hong Kong.
Today, we are not just fighting for the future of freedom and democracy in Hong Kong, but for freedom around the world. Now, more than ever, the people of the world must stand together, and today, we stand with Hong Kong.
