Understanding the VPN Threat Model

In this article, we analyze the VPN threat model. This covers the threats a VPN is designed to guard against, and also the threats a VPN cannot counter.

We believe that the only thing worse than no security, is a false sense of security. For this reason, whether it is Proton Mail or Proton VPN, we are always fully transparent when it comes to defining the threat model for the services that we provide.

This article applies rather specifically to Proton VPN, because Proton VPN contains unique VPN security features(new window) which allow it to defend against a wider range of threats compared to other VPN services. To get a better idea of the security risks that are faced by VPNs in general, please look at this article about how to find the best VPN service(new window).

Proton VPN is designed to be effective in the following situations:

Securing an insecure internet connection

Proton VPN establishes an encrypted tunnel between your computer and any one of our VPN servers around the world. This encrypted tunnel is secured with AES-256, and will successfully prevent an adversary who has control over the internet connection that you are using from being able to snoop on your traffic. This means you can safely browse even on public internet networks.

Hiding your browsing history from your ISP

The only data that is visible to your Internet Service Provider (ISP) is that you have made a connection to a Proton VPN server. The contents of your traffic, including what websites you are visiting, or what data you are transferring, is hidden from your ISP.

Preventing data discrimination

A VPN service can help ensure net neutrality. Because all of your traffic is encrypted, your ISP will not be able to selectively throttle or slow down certain types of traffic.

Preventing Internet censorship

If your ISP is blocking traffic to certain websites (or websites are blocking access for visitors from certain countries), a VPN can help to bypass these blocks and ensure that all the world’s information remains freely accessible.

Safe file sharing or BitTorrent

Many ISPs will block BitTorrent or other file sharing protocols. File sharing can also lead to severe penalties and fines in some countries if performed in breach of the law, notably copyright law. Proton VPN allows safe file sharing because we route P2P traffic through safe countries.

Proton VPN also offers some protection in the following situations:

Protection against VPN compromise

Because of Proton VPN’s unique Secure Core architecture, we can protect your identity even if you are exiting through a server in a country that has extensive surveillance infrastructure and capabilities (US, UK, etc). This provides extra security in the event an advanced adversary is tapping our exit servers and running correlation/timing attacks. You can learn more about Secure Core here(new window).

Protection against online tracking

Proton VPN can defend against most IP based tracking, as connecting through one of our VPN servers will mask your true IP address. However, tracking employed by large, privacy invasive companies such as Google or Facebook is quite a bit more sophisticated. Thus, even if you mask your true IP address, companies like Google and Facebook can still track you across multiple sites across the Internet by using cookies or using canvas fingerprinting. Thus, if you really want to stay untraceable online, it’s also important to clear your cookies, use private browsing mode, and use privacy enhancing browsers (not Google Chrome for example).

Proton VPN cannot defend you against the following situations:

Staying fully anonymous online

You will often see VPN services claim that their VPN can make you fully anonymous online. This is not true, see for example, the tracking issue discussed previously. Full anonymity with a VPN service is technically impossible because even though the sites you visit will not know your true IP address, the VPN provider will ALWAYS know your true IP. Therefore, while you can certainly sign up for Proton VPN anonymously (using an anonymous Proton Mail email address(new window)), because you are connecting to our servers, we will know your true IP address.

Therefore, Proton VPN’s anonymity doesn’t come from a technical guaranty, but from a weaker legal guaranty. Under Swiss law, we cannot be forced to log your IP address, and therefore even though we technically have access to your IP addresses, we cannot be legally obligated to log it and turn it over. This is rather unique to Switzerland and one of the reasons we decided to base Proton VPN in Switzerland.

Bandwidth throttling

If your ISP decides to throttle your entire Internet connection, there is nothing that Proton VPN can do to help you bypass that since the VPN connection to our servers is established over the connection provided by your ISP.

Sophisticated Censorship

Similarly, if your ISP is using Deep Packet Inspection (DPI), it is possible for them to identify and block or throttle traffic that goes over a VPN.They cannot decrypt the traffic, but they can slow it down or block it. While it IS possible to bypass DPI through clever means, sophisticated censorship programs can ALWAYS block VPN traffic if they want to. This is because like with the rest of the internet, VPN connections are established over TCP/IP, which means that an adversary can always block VPNs by simply blocking connections to the IPs of the VPN servers. Indeed, this is what Netflix and the Great Firewall of China is doing.

Other things to keep in mind…

On the internet, you can often find VPN services that claim that their services provide complete anonymity, foolproof security, bypass all censorship, bulletproof streaming, etc. However, the technical limitations of VPN are quite clear and well defined by the technology. Simply put, any provider that claims otherwise is either lying, or worse, does not fully understand the threats.

Last but not least – VPN Trust

It is important to keep in mind that when you are using a VPN, you are effectively transferring trust from your ISP to the VPN provider. Thus, it is important to think about what the VPN provider has done to earn that trust. This is important because there are a large number of VPN services which are malicious and are being used to spread malware. Our security team has also identified at least one VPN service which turns your computer into part of a botnet. For more information, we recommend reading this article about VPN trust(new window).

When you use Proton VPN, you are effectively entrusting us with your Internet traffic, and while we think we have done a lot to earn your trust(new window), it is still our responsibility to point out that you still must trust us when using Proton VPN. For additional security questions, we can always be reached using our support form(new window).

Best Regards,
The Proton Team

Related articles

Apps like discord
  • Privacy deep dives
Here's why you might want to consider a Discord alternative — and the pros and cons of seven other apps like Discord that you may want to switch to instead.
Computer screen showing the World Series 2024 logo
Find out where to watch the World Series, when it starts, and how to securely stream it online with Proton VPN.
Computer screen with a shield that has a lock on it, demonstrating secure network access via a dedicated IP address
Learn what network access control is and how a business VPN can help keep your business data safe against hackers.
Telegram security
  • Privacy deep dives
Is Telegram safe to use? As we’ll discuss in this article, that very much depends on how you use it.
A vote going into a US ballot box for the 2024 US presidential election
Find out how to watch the 2024 US election results live from abroad and which broadcasters are streaming news coverage online.
Anyone can use Proton VPN’s Chrome and Firefox browser extensions for free, making it easy to protect your privacy and bypass censorship.