Update: Our Hong Kong campaign is now underway. Learn more about how you can support freedom in Hong Kong.
On July 6, Chinese authorities forced through Article 43, a collection of new regulations that gave Hong Kong law enforcement sweeping online surveillance and censorship powers. These rules are an extension of China’s National Security Law, which cracks down on “separatism, subversion, terrorism and foreign interference.”
These laws give Hong Kong police the ability to put people in prison for sharing content online that the government considers “offensive” and foreshadow increased surveillance. There is little doubt the Chinese government will use these exceptional powers to crush Hong Kong’s pro-democracy movement and strictly curtail the freedom of expression.
In light of these developments, we have carefully considered whether Proton VPN will continue to maintain servers in Hong Kong. After much deliberation, we have decided to keep our servers in Hong Kong, not only because we believe we can keep them secure, but also because we believe in fighting for Hong Kong.
Why Proton VPN is staying in Hong Kong (for now)
We are outraged at the new measures enacted by Chinese authorities, but they are not a surprise. We have always had concerns about such an outcome and have long designated Hong Kong as a high-risk country when it comes to VPN security. As a result, our policies for high-risk countries have long been in effect in Hong Kong, allowing us to mitigate certain risks, which we discuss in more detail below.
In light of the significant challenges facing freedom of speech in Hong Kong today, the easiest (and by far cheapest) thing to do would be to shut down our server network there. However, at Proton, we have never focused on doing what is easy, but on doing what is right. Our longstanding policy is to leave countries rather than compromise our values. However, it is not our policy to leave without putting up a fight.
If any measures are enacted to pressure Proton VPN into compromising the privacy or security of the users of our Hong Kong servers, we intend to challenge those measures in a court or another appropriate venue first. If it subsequently becomes impossible to ensure an appropriate level of privacy or security, we would indeed shut down our servers in Hong Kong. However, we think that preemptively abandoning Hong Kong to its fate without even a symbolic resistance sends the wrong message to authoritarian governments around the world that would seek to deny people their fundamental rights.
How we are securing Proton VPN servers in Hong Kong
We should first state the obvious: Under current regulations, Hong Kong is a high-risk location, and we would not generally recommend using servers there if you are handling sensitive content or communications. Proton VPN has one of the most geographically diverse VPN server networks available, and we maintain servers nearby in Taiwan, where we have an office. We also have servers in Singapore, Japan, South Korea, and Malaysia, all of which are also in the region and support low latency connections with Hong Kong.
However, if you would like to use the servers in Hong Kong, we have implemented a number of safety measures to keep them secure. First, we offer Secure Core VPN, which routes your traffic through special, hardened servers in countries with strong data protection laws (in this case, Sweden) before connecting you to a server in Hong Kong. This makes it extremely difficult to track Proton VPN users.
Learn more about Secure Core VPN.
Second, we have experience maintaining servers in high-risk countries, and in fact, we specifically designed Proton VPN to help people protect their privacy in the face of pervasive surveillance. We have a strict no-logs policy, and there is no personally identifiable information stored on any of our VPN servers. This means that even if the Hong Kong servers were to be seized or compromised by the authorities, they would not contain any information that could compromise Proton VPN users. We have also taken several additional precautions to ensure our servers remain secure even in a high-risk location.
Our security measures for high-risk countries
We have put several technical protections in place to keep our servers secure.
- We only use bare metal (physical) servers, which lets us control the server down to the hardware level. Once we procure a physical server, we provision it ourselves from scratch to minimize the risk of using tainted software. We lock the server down to tightly control who has access and extensively monitor the machines to detect any potential tampering.
- We also implement full-disk, block-level encryption on all our servers. Even though our VPN servers do not store any personally identifiable information, we protect them with full-disk encryption. This encryption makes it even more difficult to tamper with Proton VPN servers, even if the attacker has physical access to the machine.
Learn more about the full-disk encryption of our servers.
- We have zero staff or physical presence in Hong Kong or China, which makes us less susceptible to pressure from Chinese authorities. And as a Swiss company, any request for assistance from the Hong Kong or Chinese government under Article 43 would have to be deemed legal under Swiss law and approved by a Swiss court, which is unlikely. Moreover, we have and will vigorously defend our users’ rights in any jurisdiction they are challenged.
Find out more about how we secure servers in high-risk countries.
We are committed to defending Hong Kong
We created Proton VPN to help people maintain their privacy, protect their freedom of speech, and access censored information. Proton has an office in Taiwan, so we feel great solidarity with our users in Hong Kong and a duty to uphold our shared values. As part of this commitment, we are leading a campaign to directly support organizations fighting for freedom in Hong Kong.
Today, we are not just fighting for the future of freedom and democracy in Hong Kong, but for freedom around the world. Now, more than ever, the people of the world must stand together, and today, we stand with Hong Kong.
Just be be clear, neither Hong Kong nor Taiwan is a country!
Both belong to China, it was for thousands of years like this and neither Protonmail or the fascist United States of America will change this fact.
I watching very closely how Protonmail expending its server locations in NATO countries and its allies. Why don’t have Protonmail servers in China, Cuba, Venezuela, Iran, Lebanon, Pakistan, Syria? Let me guess, Islamophobia and Sinophobia.
Just need to read the statements made by Protonmail and the list of servers. Why Protonmail not supporting those people in Afghanistan who occupied and terrorized by the United States for decades? It is that hard to have servers in Palestine?
Protonmail is too much aligned to U.S. and NATO’s foreign policies!
When you don’t have any personal present in Hong Kong monitoring your servers, how likely you are going to assure customers that the physical servers were not modified at BIOS/firmware level even before provision of OS??
Hi, thanks for the question. We can assure this because we put our own BIOS/firmware on the devices and update them ourselves.
Hello Good Day ProtonVPN, Thank you very much for standing with Hong Kong in fighting for the freedom against the evil power. I would like to ask when will the new plan/ program for Hong Kong people/ companies be released? I am very much interested to join the plan and is now waiting for your release. If I join your existing 2 year plan now, could I receive the same content of the new plan or do I need to pay again? Thank you very much!
Thank you, Christine! The program is now underway. If you sign up for a new ProtonVPN two-year plan, 50% of your payment will go toward two organizations supporting freedom in Hong Kong. More details here: https://protonvpn.com/blog/hongkong/
Incredible stuff Dr. Yen. Thank you for standing with Hong Kong – your dedication to offering continued privacy and security in the face of oppression is admirable.
Well done ProtonVPN! Thanks for continuing support HK at this sensitive and urgent time!
Nice I fully support this, and wish Proton best of luck in the future.
Is access to secure core functionality going to be made free of charge for HK IP addresses? You’re acknowledging that secure core will be necessary for the security of these servers. I would really like to know.
Hi Gabe, Hong Kong servers are only available to users with Basic, Plus, and Visionary plans. Users with Free plans can connect to servers in the US, the Netherlands, and Japan. We recommend Basic plan users to connect to servers outside of Hong Kong.
How do you have zero physical presence in Hong Kong but also have physical, bare metal servers there?
Hi Brian, thanks for your question. We cover this in detail in this article: https://protonvpn.com/blog/vpn-servers-high-risk-countries/. In short, we work with trusted partners and implement technical measures, including full-disk encryption. In this way, we use physical servers but do not directly own them, reducing our exposure to jurisdictions that are not friendly to privacy.
I as a Protonmail customer who pays for years for your service demand to immediately cease and desist all promotion of the agendas of fascist United States of America in Hong Kong. Hong Kong was always part of China and always will be! If you have any concerns regarding my comment your can reach me at humanrightsactivist@pm.me I urge Protonmail to restrain from “regime change” operations on Chinese territory or I as a Swiss resident will sue Protonmail for terrorism in Canton of Geneva!
We have carefully selected organizations which are not political and not advocating for regime change. To be clear, what we are advocating for is increased online freedom in Hong Kong.
Thank you so much for the support! I just started using ProtonMail a year ago and subscribed for the service a while ago. It is happy to know that ProtonMail and ProtonVPN is supportive for the democratic movement going on in Hong Kong!
Unrelated question:
Is the Proton team still working on implementing the Wireguard protocol for future servers? And will that protocol offer secure core with it?
Thanks
Hi Kevin! Yes, this is still planned. We are excited to eventually implement Wireguard, and we fully support that project. But we would not be able to share a timeline or further details about this just yet.
I don’t understand. What’s the point in ProtonVPN setting servers in just every country? Why would anyone connect via servers in their own country?
1st use case: if you live in the USA and want to evade US surveillance, connect to Swiss servers; if you live in HK, connect to servers in Taiwan or SK.
2nd use case: if you want to stream Netflix, HBO, or CBS All Access, connect to servers in USA.
Any other use case? I just don’t get it. Who cares about having an egress IP in France, Belgium, or HK? If HK want to suppress VPN like they do in Mainland China, they will remove your local servers regardless.
Can you explain the service model, or the threat model, that would have people connect to servers in their own country? Latency issues only require to connect via geographical region (like Switzerland is OK for Europe, and so on). Thanks
Hi Stephan, thanks for your question. There are many reasons a person might want to connect to a server in their own country, including, as you mentioned, to access geo-restricted content. In this case, the reason to stay in Hong Kong is that we believe we have a right to offer services there. And as Andy mentioned, “If any measures are enacted to pressure ProtonVPN into compromising the privacy or security of the users of our Hong Kong servers, we intend to challenge those measures in a court or another appropriate venue first.”
I am VERY impressed with ProtonVPN’s desire to make a “Real” protest about human rights abuses!
Andy,
Your blog definitely makes me feel that my choice for a VPN and Email provider is worth the money. Thanks for fight for the end user.
You guys are awesome!
This is heart warming!
I don’t live in HK and i’m really appalled by the lack of media coverage here in Europe.
Europe already spiritually and politically abandoned HK and recent covid-19 policies showed the EU’s true intentions towards totalitarianism.
I feel proud and privilged being part of the Proton family.
Thank you for sticking by the people of HK and to live to fight an other day for freedom!
I will not forget!
Thank you for what you’re doing to protect users and help them exercise their freedom of expression.
Are you aware that protonvpn.com is blocked in Saudi Arabia, but protonmail.com is not? I’m wondering if you can ease the retriction by emailing users a link they can use to download the software.
I personally don’t think that this is helpful. It’s sending a message to Hong Kong users that using HK servers is still a viable and/or safe option,… it is not at all. CCP has been playing this game for longer than ProtonVPN has been around. But sure, let’s say that ProtonVPN really is one of the few companies in HK that can’t be touched by CCP… Then guess who’s going to be having a target on their backs? Your users in Hong Kong that are connecting to your servers. Maybe their data can’t be logged, but the fact that they are connecting to your servers can’t be hidden (unless you’re using secure core, which I think should be required instead of an option). That connection in itself can put people in danger. I really think you should reconsider this. I’m a huge fan of Proton, and a paid user, but this is not a smart move in my opinion.
Hi Tom, this is a legitimate concern, and we considered this. But we decided it was important to make a stand for the right to freedom and online privacy. Living in Hong Kong today requires an understanding of the privacy and security risks of using the Internet, full stop. We’re doing as much as we can to educate our users about these risks, and we take precautions as described above.
Thank you for your thoughtful approach, and thank you for standing with Hong Kong.
Thanks for ProtonVPN continued commitment to Hong Kong, that being said, I urge ProtonVPN to immediately reconsider if HK implement internet wide firewall, just like the great firewall of china.
As a current user of your service in HK, I genuinely hope ProtonVPN can maintain its presence in the city for as long as possible, but security had to be first and foremost, and I wouldn’t hope anyone else’s security being compromised as the result of the commitment.
Hello IH, thank you for your comment. We’ve taken this decision very seriously, and we believe it’s important to remain in Hong Kong and stand up for civil liberties in Hong Kong. That said, we are taking precautions and keeping a close eye on the situation.
Does ProtonMail have servers in China (other than the ones in Hong Kong)? If not, then why would Proton consider having servers in Hong Kong when the city was handed over to China in 1997.
That “junk” (ship) has sailed.
We do not have servers in China, and our servers in Hong Kong are controlled by us but not directly owned by us.