Understanding the VPN Threat Model

Posted on June 18th, 2017 by in Privacy deep dives.

 

In this article, we analyze the VPN threat model. This covers the threats a VPN is designed to guard against, and also the threats a VPN cannot counter.

We believe that the only thing worse than no security, is a false sense of security. For this reason, whether it is Proton Mail or Proton VPN, we are always fully transparent when it comes to defining the threat model for the services that we provide.

This article applies rather specifically to Proton VPN, because Proton VPN contains unique VPN security features which allow it to defend against a wider range of threats compared to other VPN services. To get a better idea of the security risks that are faced by VPNs in general, please look at this article about how to find the best VPN service.

Proton VPN is designed to be effective in the following situations:

Securing an insecure internet connection

Proton VPN establishes an encrypted tunnel between your computer and any one of our VPN servers around the world. This encrypted tunnel is secured with AES-256, and will successfully prevent an adversary who has control over the internet connection that you are using from being able to snoop on your traffic. This means you can safely browse even on public internet networks.

Hiding your browsing history from your ISP

The only data that is visible to your Internet Service Provider (ISP) is that you have made a connection to a Proton VPN server. The contents of your traffic, including what websites you are visiting, or what data you are transferring, is hidden from your ISP.

Preventing data discrimination

A VPN service can help ensure net neutrality. Because all of your traffic is encrypted, your ISP will not be able to selectively throttle or slow down certain types of traffic.

Preventing Internet censorship

If your ISP is blocking traffic to certain websites (or websites are blocking access for visitors from certain countries), a VPN can help to bypass these blocks and ensure that all the world’s information remains freely accessible.

Safe file sharing or BitTorrent

Many ISPs will block BitTorrent or other file sharing protocols. File sharing can also lead to severe penalties and fines in some countries if performed in breach of the law, notably copyright law. Proton VPN allows safe file sharing because we route P2P traffic through safe countries.

Proton VPN also offers some protection in the following situations:

Protection against VPN compromise

Because of Proton VPN’s unique Secure Core architecture, we can protect your identity even if you are exiting through a server in a country that has extensive surveillance infrastructure and capabilities (US, UK, etc). This provides extra security in the event an advanced adversary is tapping our exit servers and running correlation/timing attacks. You can learn more about Secure Core here.

Protection against online tracking

Proton VPN can defend against most IP based tracking, as connecting through one of our VPN servers will mask your true IP address. However, tracking employed by large, privacy invasive companies such as Google or Facebook is quite a bit more sophisticated. Thus, even if you mask your true IP address, companies like Google and Facebook can still track you across multiple sites across the Internet by using cookies or using canvas fingerprinting. Thus, if you really want to stay untraceable online, it’s also important to clear your cookies, use private browsing mode, and use privacy enhancing browsers (not Google Chrome for example).

Proton VPN cannot defend you against the following situations:

Staying fully anonymous online

You will often see VPN services claim that their VPN can make you fully anonymous online. This is not true, see for example, the tracking issue discussed previously. Full anonymity with a VPN service is technically impossible because even though the sites you visit will not know your true IP address, the VPN provider will ALWAYS know your true IP. Therefore, while you can certainly sign up for Proton VPN anonymously (using an anonymous Proton Mail email address), because you are connecting to our servers, we will know your true IP address.

Therefore, Proton VPN’s anonymity doesn’t come from a technical guaranty, but from a weaker legal guaranty. Under Swiss law, we cannot be forced to log your IP address, and therefore even though we technically have access to your IP addresses, we cannot be legally obligated to log it and turn it over. This is rather unique to Switzerland and one of the reasons we decided to base Proton VPN in Switzerland.

Bandwidth throttling

If your ISP decides to throttle your entire Internet connection, there is nothing that Proton VPN can do to help you bypass that since the VPN connection to our servers is established over the connection provided by your ISP.

Sophisticated Censorship

Similarly, if your ISP is using Deep Packet Inspection (DPI), it is possible for them to identify and block or throttle traffic that goes over a VPN.They cannot decrypt the traffic, but they can slow it down or block it. While it IS possible to bypass DPI through clever means, sophisticated censorship programs can ALWAYS block VPN traffic if they want to. This is because like with the rest of the internet, VPN connections are established over TCP/IP, which means that an adversary can always block VPNs by simply blocking connections to the IPs of the VPN servers. Indeed, this is what Netflix and the Great Firewall of China is doing.

Other things to keep in mind…

On the internet, you can often find VPN services that claim that their services provide complete anonymity, foolproof security, bypass all censorship, bulletproof streaming, etc. However, the technical limitations of VPN are quite clear and well defined by the technology. Simply put, any provider that claims otherwise is either lying, or worse, does not fully understand the threats.

Last but not least – VPN Trust

It is important to keep in mind that when you are using a VPN, you are effectively transferring trust from your ISP to the VPN provider. Thus, it is important to think about what the VPN provider has done to earn that trust. This is important because there are a large number of VPN services which are malicious and are being used to spread malware. Our security team has also identified at least one VPN service which turns your computer into part of a botnet. For more information, we recommend reading this article about VPN trust.

When you use Proton VPN, you are effectively entrusting us with your Internet traffic, and while we think we have done a lot to earn your trust, it is still our responsibility to point out that you still must trust us when using Proton VPN. For additional security questions, we can always be reached using our support form.

Best Regards,
The Proton Team

Proton was founded by scientists who met at CERN and had the idea that an internet where privacy is the default is essential to preserving freedom. Our team of developers, engineers, and designers from all over the world is working to provide you with secure ways to be in control of your online data.

Back to Blog

Secure
your internet

Get Proton VPN
Get Proton VPN

Contact us

Support form

Tell us about the problem and we'll get back to you as soon as we can.

Open support form

Live chat

Get help from a support agent in real time. Available with a paid VPN subscription.

Chat with us

Secure email

Send us an encrypted message at contact@protonvpn.com. It may take us longer to respond.

Email us