In this article, we analyze the VPN threat model. This covers the threats a VPN is designed to guard against, and also the threats a VPN cannot counter.

We believe that the only thing worse than no security, is a false sense of security. For this reason, whether it is Proton Mail or Proton VPN, we are always fully transparent when it comes to defining the threat model for the services that we provide.

This article applies rather specifically to Proton VPN, because Proton VPN contains unique VPN security features(new window) which allow it to defend against a wider range of threats compared to other VPN services. To get a better idea of the security risks that are faced by VPNs in general, please look at this article about how to find the best VPN service(new window).

Proton VPN is designed to be effective in the following situations:

Securing an insecure internet connection

Proton VPN establishes an encrypted tunnel between your computer and any one of our VPN servers around the world. This encrypted tunnel is secured with AES-256, and will successfully prevent an adversary who has control over the internet connection that you are using from being able to snoop on your traffic. This means you can safely browse even on public internet networks.

Hiding your browsing history from your ISP

The only data that is visible to your Internet Service Provider (ISP) is that you have made a connection to a Proton VPN server. The contents of your traffic, including what websites you are visiting, or what data you are transferring, is hidden from your ISP.

Preventing data discrimination

A VPN service can help ensure net neutrality. Because all of your traffic is encrypted, your ISP will not be able to selectively throttle or slow down certain types of traffic.

Preventing Internet censorship

If your ISP is blocking traffic to certain websites (or websites are blocking access for visitors from certain countries), a VPN can help to bypass these blocks and ensure that all the world’s information remains freely accessible.

Safe file sharing or BitTorrent

Many ISPs will block BitTorrent or other file sharing protocols. File sharing can also lead to severe penalties and fines in some countries if performed in breach of the law, notably copyright law. Proton VPN allows safe file sharing because we route P2P traffic through safe countries.

Proton VPN also offers some protection in the following situations:

Protection against VPN compromise

Because of Proton VPN’s unique Secure Core architecture, we can protect your identity even if you are exiting through a server in a country that has extensive surveillance infrastructure and capabilities (US, UK, etc). This provides extra security in the event an advanced adversary is tapping our exit servers and running correlation/timing attacks. You can learn more about Secure Core here(new window).

Protection against online tracking

Proton VPN can defend against most IP based tracking, as connecting through one of our VPN servers will mask your true IP address. However, tracking employed by large, privacy invasive companies such as Google or Facebook is quite a bit more sophisticated. Thus, even if you mask your true IP address, companies like Google and Facebook can still track you across multiple sites across the Internet by using cookies or using canvas fingerprinting. Thus, if you really want to stay untraceable online, it’s also important to clear your cookies, use private browsing mode, and use privacy enhancing browsers (not Google Chrome for example).

Proton VPN cannot defend you against the following situations:

Staying fully anonymous online

You will often see VPN services claim that their VPN can make you fully anonymous online. This is not true, see for example, the tracking issue discussed previously. Full anonymity with a VPN service is technically impossible because even though the sites you visit will not know your true IP address, the VPN provider will ALWAYS know your true IP. Therefore, while you can certainly sign up for Proton VPN anonymously (using an anonymous Proton Mail email address(new window)), because you are connecting to our servers, we will know your true IP address.

Therefore, Proton VPN’s anonymity doesn’t come from a technical guaranty, but from a weaker legal guaranty. Under Swiss law, we cannot be forced to log your IP address, and therefore even though we technically have access to your IP addresses, we cannot be legally obligated to log it and turn it over. This is rather unique to Switzerland and one of the reasons we decided to base Proton VPN in Switzerland.

Bandwidth throttling

If your ISP decides to throttle your entire Internet connection, there is nothing that Proton VPN can do to help you bypass that since the VPN connection to our servers is established over the connection provided by your ISP.

Sophisticated Censorship

Similarly, if your ISP is using Deep Packet Inspection (DPI), it is possible for them to identify and block or throttle traffic that goes over a VPN.They cannot decrypt the traffic, but they can slow it down or block it. While it IS possible to bypass DPI through clever means, sophisticated censorship programs can ALWAYS block VPN traffic if they want to. This is because like with the rest of the internet, VPN connections are established over TCP/IP, which means that an adversary can always block VPNs by simply blocking connections to the IPs of the VPN servers. Indeed, this is what Netflix and the Great Firewall of China is doing.

Other things to keep in mind…

On the internet, you can often find VPN services that claim that their services provide complete anonymity, foolproof security, bypass all censorship, bulletproof streaming, etc. However, the technical limitations of VPN are quite clear and well defined by the technology. Simply put, any provider that claims otherwise is either lying, or worse, does not fully understand the threats.

Last but not least – VPN Trust

It is important to keep in mind that when you are using a VPN, you are effectively transferring trust from your ISP to the VPN provider. Thus, it is important to think about what the VPN provider has done to earn that trust. This is important because there are a large number of VPN services which are malicious and are being used to spread malware. Our security team has also identified at least one VPN service which turns your computer into part of a botnet. For more information, we recommend reading this article about VPN trust(new window).

When you use Proton VPN, you are effectively entrusting us with your Internet traffic, and while we think we have done a lot to earn your trust(new window), it is still our responsibility to point out that you still must trust us when using Proton VPN. For additional security questions, we can always be reached using our support form(new window).

Best Regards,
The Proton Team

Proteja sua privacidade e segurança online
Obtenha o Proton VPN grátis

Artigos relacionados

VPN on mobile device
  • Princípios básicos de privacidade
Growing public awareness about the threat posed to our fundamental right to privacy by online trackers has fueled a surge in VPN adoption, a trend that has been boosted thanks to people spending more time online due to the Covid-19 pandemic. Althoug
Tor over VPN
  • Aprofundamentos sobre privacidade
Tor is a powerful privacy tool, but you may not want to use Tor all by itself. Learn why you may want to connect to Tor over a VPN. When you connect to the Internet, especially if you’re using public WiFi, there’s a good chance people are watching y
Smart TV privacy
Smart TVs are essentially televisions that can watch you. Their surge in popularity, along with smart speakers, means corporations (and anyone that can hack these devices) have another window through which they can view your private activity. The dat
Expats should use a VPN
  • Princípios básicos de privacidade
Living abroad can be an adventure, but it also presents unique online privacy obstacles. A VPN can help expats stay in touch with their family and avoid Internet censorship. In the age of the “digital nomad” more and more people are moving abroad. L
  • Princípios básicos de privacidade
The internet is full of information, but some of it is inappropriate, especially for kids and sensitive adults. SafeSearch can help filter out this content to make browsing safer and improve your children’s privacy online. This article explains how
IP whitelisting best practices
IP whitelisting is a security mechanism that restricts access to networks, systems, or applications based on approved IP addresses. Only IP addresses on the whitelist are permitted to connect, while all others are denied access. This method is typica