Return to Facebook   Twitter   Reddit   Instagram   Mastodon   ProtonMail

Understanding the VPN Threat Model

Posted on June 18th, 2017 by in Security.



In this article, we analyze the VPN threat model. This covers the threats a VPN is designed to guard against, and also the threats a VPN cannot counter.

We believe that the only thing worse than no security, is a false sense of security. For this reason, whether it is ProtonMail or ProtonVPN, we are always fully transparent when it comes to defining the threat model for the services that we provide.

This article applies rather specifically to ProtonVPN, because ProtonVPN contains unique VPN security features which allow it to defend against a wider range of threats compared to other VPN services. To get a better idea of the security risks that are faced by VPNs in general, please look at this article about how to find the best VPN service.

ProtonVPN is designed to be effective in the following situations:

Securing an insecure internet connection

ProtonVPN establishes an encrypted tunnel between your computer and any one of our VPN servers around the world. This encrypted tunnel is secured with AES-256, and will successfully prevent an adversary who has control over the internet connection that you are using from being able to snoop on your traffic. This means you can safely browse even on public internet networks.

Hiding your browsing history from your ISP

The only data that is visible to your Internet Service Provider (ISP) is that you have made a connection to a ProtonVPN server. The contents of your traffic, including what websites you are visiting, or what data you are transferring, is hidden from your ISP.

Preventing data discrimination

A VPN service can help ensure net neutrality. Because all of your traffic is encrypted, your ISP will not be able to selectively throttle or slow down certain types of traffic.

Preventing Internet censorship

If your ISP is blocking traffic to certain websites (or websites are blocking access for visitors from certain countries), a VPN can help to bypass these blocks and ensure that all of the world’s information remains freely accessible.

Safe file sharing or bittorrent

Many ISPs will block bittorrent or other file sharing protocols. Even worse, file sharing can lead to severe penalties and fines in some countries. ProtonVPN allows safe file sharing and bittorrent because we route P2P traffic through safe countries. Note, as a Swiss company, our official policy is in line with Swiss law, which only permits file sharing for personal, non-commercial use.

ProtonVPN also offers some protection in the following situations:

Protection against VPN compromise

Because of ProtonVPN’s unique Secure Core architecture, we can protect your identity even if you are exiting through a server in a country that has extensive surveillance infrastructure and capabilities (US, UK, etc). This provides extra security in the event an advanced adversary is tapping our exit servers and running correlation/timing attacks. You can learn more about Secure Core here.

Protection against online tracking

ProtonVPN can defend against most IP based tracking, as connecting through one of our VPN servers will mask your true IP address. However, tracking employed by large, privacy invasive companies such as Google or Facebook is quite a bit more sophisticated. Thus, even if you mask your true IP address, companies like Google and Facebook can still track you across multiple sites across the Internet by using cookies or using canvas fingerprinting. Thus, if you really want to stay untraceable online, it’s also important to clear your cookies, use private browsing mode, and use privacy enhancing browsers (not Google Chrome for example).

ProtonVPN cannot defend you against the following situations:

Staying fully anonymous online

You will often see VPN services claim that their VPN can make you fully anonymous online. This is not true, see for example, the tracking issue discussed previously. Full anonymity with a VPN service is technically impossible because even though the sites you visit will not know your true IP address, the VPN provider will ALWAYS know your true IP. Therefore, while you can certainly sign up for ProtonVPN anonymously (using an anonymous ProtonMail email address), because you are connecting to our servers, we will know your true IP address.

Therefore, ProtonVPN’s anonymity doesn’t come from a technical guaranty, but from a weaker legal guaranty. Under Swiss law, we cannot be forced to log your IP address, and therefore even though we technically have access to your IP addresses, we cannot be legally obligated to log it and turn it over. This is rather unique to Switzerland and one of the reasons we decided to base ProtonVPN in Switzerland.

Bandwidth throttling

If your ISP decides to throttle your entire Internet connection, there is nothing that ProtonVPN can do to help you bypass that since the VPN connection to our servers is established over the connection provided by your ISP.

Sophisticated Censorship

Similarly, if your ISP is using Deep Packet Inspection (DPI), it is possible for them to identify and block or throttle traffic that goes over a VPN.They cannot decrypt the traffic, but they can slow it down or block it. While it IS possible to bypass DPI through clever means, sophisticated censorship programs can ALWAYS block VPN traffic if they want to. This is because like with the rest of the internet, VPN connections are established over TCP/IP, which means that an adversary can always block VPNs by simply blocking connections to the IPs of the VPN servers. Indeed, this is what Netflix and the Great Firewall of China is doing.

Other things to keep in mind…

On the internet, you can often find VPN services that claim that their services provide complete anonymity, foolproof security, bypass all censorship, bulletproof streaming, etc. However, the technical limitations of VPN are quite clear and well defined by the technology. Simply put, any provider that claims otherwise is either lying, or worse, does not fully understand the threats.

Last but not least – VPN Trust

It is important to keep in mind that when you are using a VPN, you are effectively transferring trust from your ISP to the VPN provider. Thus, it is important to think about what the VPN provider has done to earn that trust. This is important because there are a large number of VPN services which are malicious and are being used to spread malware. Our security team has also identified at least one VPN service which turns your computer into part of a botnet. For more information, we recommend reading this article about VPN trust.

When you use ProtonVPN, you are effectively entrusting us with your Internet traffic, and while we think we have done a lot to earn your trust, it is still our responsibility to point out that you still must trust us when using ProtonVPN. For additional security questions, we can always be reached at

Best Regards,
The Proton Technologies Team

We are the scientists, engineers, and developers who build ProtonMail, the world's largest encrypted email service. We're now building ProtonVPN also to ensure that everybody can have access to free and secure internet.

Post Comment


  1. VPN Question

    Do you monitor your network? Do you only monitor your network if you’re notified by a website being attacked? If you do, what do you actively monitor for? Do you look at what websites people visit or what ports are being used?

  2. Ben Wolford

    We have 24/7 monitoring of all our infrastructure, checking for things like abnormal CPU or memory usage, abnormal network traffic volumes, etc. We do this to detect if a server is under DDoS or some other type of attack, or to detect if a machine may have been compromised. Watching the infra is part of our 24/7 operations work and is necessary to maintain the security of our systems.

    This is done without logging user activity, although if we get a security alert, we will dig deeper to understand the cause, and ban accounts if we discover abuse.

  3. Dinrishatovafo

    I am interested in one question that has already been asked countless times: Is it possible to bypass traffic blocking in the free version if Deep Packet Inspection (DPI) is used? Thanks for your reply!

  4. ProtonVPN Admin

    Hello! While it is possible to bypass DPI through clever means, sophisticated censorship programs can always block VPN traffic if they want to by simply blocking connections to the IPs of the VPN servers. This is what the Great Firewall of China is doing, so Free plan users may not be able to bypass traffic blocking if DPI is used.

  5. VPN Inquiry

    And you cannot use a Proton email account to signup either?!? PEOPLE! Anonymity is the whole point of all of this! Why are you limiting the access to a VPN to only those willing to give up payment and email anonymity? There is no point otherwise.

  6. ProtonVPN Admin

    Hello! Please note that you can use your ProtonMail account in order to access ProtonVPN. You don’t have to create another account for ProtonVPN unless you’d like to have two different accounts. In that case, you’ll need to use a non-protonmail address in the verification process (or SMS), and the reason for this is to prevent abuse of our system.

  7. Payment Options

    I would very much like to purchase an account. But first I need to know the payment options. Several times, I have gone through the hassle of starting to sign up for a VPN, only to find out I needed to use a credit card to pay. I have even purchased gift cards for one of those OTHER VPNs, and they were not acccepted, even though the gift card supplier was on their list. There is absoltely NO POINT whatsoever in purchasing a VPN if it is linked to my CC. Please list payment methods available. And hopefully a pre-paid credit/debit card is an option.

  8. ProtonVPN Admin

    Hello! Actually, you can pay with your debit card. Other payment methods that we support are PayPal, Bitcoin, bank transfer and sending Cash letter to our offices. You can check all the available payment options here:

  9. A

    I suggest to you don’t do the ProtonDrive
    Although it is your decision but i think light services like calendar, task and such are better because there is no services for those.
    But for example for notes there is standardnotes and for Drive there is teresoit and spideroak and for chat there is signal and such.
    Thank you very much

  10. Onebiglemon

    Hi, if physically located in China, is it still possible to access censored sites such as Hulu BBC Iplayers? It’s been quite a while since the Govern ment started to block all VPNs. If yes, for how long? Thanks

  11. ProtonVPN Admin

    Hello! There are restrictions in China which we cannot influence at the moment, but most of our users from China are able to connect without issues to some of our servers. Please contact our support team so that they could further investigate and offer you some alternative ways to connect:

  12. Priv

    Are there plans for providing cloud storage, notes, calendars, etc? I really like the service but businesses need more than email to function.

  13. ProtonVPN Admin

    Yes, ProtonCalendar and ProtonDrive are under development. They are complex projects so we cannot give fixed release dates. However, be sure to follow our social media channels and newsletters for all the news and updates.

  14. securenet

    I see that there are VPN providers that offer a router VPN, that provides security for your whole network, smart TV, apple TV etc. Does Proton VPN offer this? Is there a down side to having a router VPN? Also I already have Proton Plus email, would I get a discount if I get Proton Plus VPN, if so how do I get this discount.
    Thank you,

  15. ProtonVPN Admin

    Yes, you can set up ProtonVPN on your router. In the following link, you might find helpful tips on how you can do that: If you can’t find the guide for your router, please contact our support team via email or fill in the following form:
    Please note that with the annual cycle, you will automatically get a 20% discount on the price, while with the 2-year plan you’ll get a 33% discount.
    Also, if you upgrade both of the services (ProtonMail and ProtonVPN) on the same account, you will get an additional 20% discount for the bundle plans.

  16. [insert name]

    It’s nice to see Proton’s extremely quick response time to the Voracle attack. It’s good to know that you’re aware of new threats and take immediate action.

  17. AlbusLupus

    Bitcoin is a good start, but most people already know it isn’t nearly as anonymous as other cryptocurrencies. Do you have any plans in the future to implement a way to make payments with Zcash TO a Zcash shielded address? Or at least Monero or DASH?

  18. Augustinas

    We are considering our options, but alternative payment methods may come in the future.

  19. BefuddledBill

    How does Safari stack up in terms of privacy and security (when compared to other standard browsers like Firefox & Chrome)? I know that Apple’s touted it as more secure than most but I was wondering how their claims actually stack up in comparison.

  20. packet

    Do you have component sets the obsucated traffic to hide the traffic from the von so that sensors for vpns is hidden?

  21. Augustinas

    We are working on Obfuscated servers, however, since our main applications are natively using IKEv2 protocol instead, it will take some time for this feature to be implemented.

  22. Oliv

    Hi, what is the older version of windows the software works with? I have Vista and the installation cannot complete. Thx

  23. Irina M

    Unfortunately, our newest app version is only compatible with Windows 7 and after.

  24. Samia

    I would like to ask … what is the browsers which they are safe for browsing.
    what do you suggest me please for (privacy enhancing browsers)?


  25. Irina M

    The safest you can go is TOR. However, if you want to keep your current internet interaction, you can try out Brave. It’s a privacy focused, open source browser. Check it our here:

  26. Larry

    Another privacy enhanced browser that works well for me is Cocoon Cloud Browser

  27. bobby

    Any chance of adding the anonymous payment method of gift cards, like your competitor PIA

  28. Irina M

    We will add gift cards as well.

  29. Kontra

    As for March 2018 there still is no means of anonymous payments towards someones account. Irina will you please post a likely timeframe.

  30. Augustinas

    You can purchase a subscription via BitCoin by logging in to your account on our website.

  31. Iwishtobeanonymous

    Will P2P ever be available on the free accounts?

  32. Irina M

    Unfortunately, we cannot make p2p available to free accounts. The reason we have free accounts available is to help people stay protected online. P2P would increase the load on our servers due to torrenting and this would put more pressure on us, ultimately not allowing us to subsidise the free accounts from the paid ones.

  33. jon doe

    When will you except bitcoin for payment?

  34. Irina M

    You can pay for ProtonVPN with Bitcoin. You can create a free account and afterwards you can upgrade your account by paying with Bitcoin. The instance Bitcoin payment is not supported is at sign-up.

  35. jon doe

    I would purchase your highest plan that includes email and vpn but you guys dont except btc or bch! When will you except these? and if you claim to be private then why dont you except them already? I use your free email right now but would love to support you with bitcoin and get better service in doing so but you dont take it..that i know of or can see right now..

  36. Irina M

    We accepts Bitcoin payments for ProtonMail as well as for ProtonVPN. You can create a free account and afterwards you can upgrade your account or top it with credits by paying with Bitcoin. The only instance where Bitcoin payment is not supported is at sign-up.

  37. Enigma

    Just a quick correction to my post, what I meant to say was VPN Bonding, not load balancing. There are a few methods to accomplish this and is compatible with both Wireguard and OpenVPN. You could even have the number of tunnels be random to further make it attack proof. I could even see bonding over Wireguards Mesh setup combined with Search encryption and possibly some configurable Pi Hole DNS servers on the network as a great privacy tool.

  38. Enigma

    I have some suggestions, I love All things Proton but Proton can do some things to Isolate themselves as king in this industry:

    1) Start implementing Wireguard nodes with wireguard mesh VPN it is a lot better performance than OpenVPN, more secure and well the “mesh VPN” is pretty darn cool

    2) Your secure Core technology is a great start but it is missing a key feature that actually would make it secure. Currently, when a MITM attack is done on a VPN connection the data is all intact to be consumed by the attacker. This can be done at your user’s ISP or even your VPN servers but there is a method that can leave them with nothing but scrambled packets. “VPN load balancing at the packet level”. Basically, two tunnels are established and each packet is load balanced across the two tunnels. Your Secure Core servers would then re-assemble the packets prior to making the connection to the destination and the return packets would split at the Secure Core servers and then load balanced back to the client where they are re-assembled. Even with an effective MITM attack on the tunnel, all they would see is a scrambled mess of packets.

    3) One of your largest competitors and ex Googlers “” also does encrypted search so people can continue using the search engines they love while still protecting their privacy, you should do the same, you already have them beat with the VPN now beat them on search privacy

  39. Irina M

    Thank you for your suggestions! Means a lot. We will analyse them.

  40. Unknown Entity

    That is indeed curious.

  41. GNU

    Here’s a very interesting link for all interested in cryptography:

    I have a question to the described supercomputer:

    Do I understand right that this machine, if ready and fully working, is able to decrypt on the fly, so forward secrecy is then not longer a helpful security feature?

  42. GNU

    I asked my question to early. After reading the complete article at The Intercept I know the answer to my question.
    So, dear Admin, please delete my question.
    But perhaps it might be a good idea to publish the link?

    Best regards


  43. François DEVAUX

    you are great with great and ethical goal which is very “prosurvival”.
    1)I have question about “javascript difficulty” do you have general advice about it?
    2)I have a question about payment : is paypal secure?Are all visa and mastercard with same efficiency?
    3)I have a question about countries,do you have a countries map with number of terminals like other VPN?
    4)I have a personal question: I was starting with free proton mail.For research I need absolutely VPN and I did
    a complete VPN research,your conditions in Switzerland and in the mountain are probably legally and physically the best.
    After free protonmail I pay now 30 euros/month could I starting VPN with proton mail VPN included
    with protonmail visionary or have to pay 288.00 Er/Yr to start VPN Visionary included.
    Anyway congratulations to be great with worldwide survival and ethical goals
    With Love! FLJD.

  44. ProtonVPN Admin

    Hi, ProtonVPN is included in the Proton Visionary bundle!

  45. Martin

    Any plans to add a polish server?

  46. fuckoof

    Do you have russian servers ?
    What is the technologies are you using on your servers ?


  47. ProtonVPN Admin

    our servers support OpenVPN and in the near future also IKE

  48. lateralvanguard

    Can you pay in monthly installments? i dont have enough to pay a year right now. ipvanish lets you do it. and its a good vpn, but its a US company. so i want out, but the free version and the basic are no good. i want the one beow visionary, but paid in installments. is this possible?

  49. ProtonVPN Admin

    Yes, there is monthly billing on the sign up page that you can pick.

  50. OMG do these leaks affect Protonvpn or have they been fixed

  51. James

    When will you provide secure instant messaging service?

  52. GNU

    Could you please say something to this vulnerabilities in OpenVPN:

  53. ProtonVPN Admin

    These have been patched now on our systems.

  54. GNU

    Good to know. Thanks for this fast reaction!

  55. MrMan

    In the Secure Core protocol, is the ovpn file the public key for the exit server or the first hop server? The former would be more private.

  56. ProtonVPN Admin

    The former

  57. MrMan

    If I buy protonvpn Plus, do I get access to protonmail plus? or do i buy them seperately? also, please can you let us add a custom option to have more email aliases? I’m not interested in more space or emails sent per day, i just want to also use protonmail by giving different people different email addresses but receiving it in the same place so i can increase privacy. Thank you

  58. ProtonVPN Admin

    ProtonMail Plus and ProtonVPN Plus, but if you get both, you will also get a 20% discount on both.

  59. theGNU

    Today I found this:
    I’ve seen you recommend to use OpenVPN for Linux-Users. So for me it looks like it’s not a good idea to use OpenVPN.

  60. Three years ago ProtonMail was launched. Today, it is launching ProtonVPN – Yogiraj_The_Ultron

    […] understand that when it comes to VPNs, trust is paramount. Whether it is our transparent VPN threat model, our Swiss jurisdiction, our reputation, our relationship with the community, or the fact […]

  61. Three years ago ProtonMail was launched. Today, it is launching ProtonVPN | OSINT

    […] understand that when it comes to VPNs, trust is paramount. Whether it is our transparent VPN threat model, our Swiss jurisdiction, our reputation, our relationship with the community, or the fact that you […]

  62. Three years ago ProtonMail was launched. Today, it is launching ProtonVPN – Kirk's Cloud

    […] trust. We understand that when it comes to VPNs, trust is paramount. Whether it is our transparent VPN threat model, our Swiss jurisdiction, our reputation, our relationship with the community, or the fact that you […]

  63. Three years ago ProtonMailwas launched. Today, it is launching ProtonVPN. – Security AffairsSecurity Affairs

    […] trust. We understand that when it comes to VPNs, trust is paramount. Whether it is our transparent VPN threat model, our Swiss jurisdiction, our reputation, our relationship with the community, or the fact that you […]

  64. Anna Nonymous

    What about anonymous payment options?

  65. ProtonVPN Admin

    Bitcoin is supported and will be automated soon.

  66. Apl anonym

    Hmm. Can’t see it anywhere…
    Where can you choose the Bitcoin payment option?

  67. lateralvanguard

    YESSSS. paying buy bitcoin or other crypto would be awesome

  68. John

    If you do not log any user traffic, urls etc how do you plan to enforce your ToS e.g. “Usage Policy and Prohibited Activities”? Users are going to use the services for P2P of copyrighted content and similar actions which may be illegal under Swiss law for which ProtonVPN will then at first be held liable. How will you proceed in such cases?

  69. Forever Curious

    I read the Redit link and am just curious what happens if you or one of your downstream providers (exit point) receives a request from a government, or a government’s law enforcement arm, for information not pertaining to copyright but some other action deemed illegal in some country. Do you consider that a violation of your TOS and shut the account down or go ahead and hand them over to the authorities as requested, or something else entirely? Hopefully not a situation you run into too often.

  70. Irina M

    This has not happened to us yet, but it is indeed a risk. That is why we have Secure Core VPN which is designed to guard against this:
    If we get informed of a TOS violation, we may indeed shut down the account, but this is also not something that has happened before.

  71. dun-jia

    I love it!, i used, and it showed high anonymity, also used, shields up all and most ports are stealthed and shows open port 443 only!, great so far. Will there be other added features ? i’ve used other vpn’s and i like the fact that leaving the end point is not compromised, i’ve used other vpn’s and it leaves a trail. I love secure core!

  72. Three years ago we launched ProtonMail. Today, we’re launching ProtonVPN. | Artificia Intelligence

    […] trust. We understand that when it comes to VPNs, trust is paramount. Whether it is our transparent VPN threat model, our Swiss jurisdiction, our reputation, our relationship with the community, or the fact that you […]

  73. Aniruddha Arondekar

    Any plans to add Indian or Servers in South Asia.. I know countries here doesn’t have Privacy laws.. Despite the absense of Privacy Laws, does Protonmail is considering about deploying servers? Is it possible that you can deploy server e.g. say in India and still protect user’s data?

  74. ProtonVPN Admin

    Yes, we will look into adding an India server. Our Secure Core technology allows us to provide protection even in countries without good privacy laws.

  75. Evan Brown

    Does this mean countries such as India, Russia etc. may only be possible to use behind Secure Core servers as a result of poor privacy conditions?

  76. milkman

    When will you add latin servers?

  77. ProtonVPN Admin

    It is planned for the next few months.

  78. Jeff

    Is there a possibility that ProtonVPN will be using obfuscation in the future to mitigate the possibility of DPI (because we all know that practically every ISP uses it, even if they don’t admit it)? Also, doesn’t the use of non-standard ports (port 1194, for example), combined with obfuscation, reduce the chances of the ISP throttling or blocking the person’s internet connection?

  79. ProtonVPN Admin

    Yes, we will be adding this. We are currently evaluating several technologies for this.

  80. Evan Brown

    Are you able to disclose potential candidates or such obfuscation and are there any timeframes you want to implement this by? Personally I’m hoping to do a full switch over by November since that’s when my other subscription runs out, i just don’t want to do it without obfuscation in place.

  81. SandPox

    Right, just use port 443, when ISP look at it then it just like they’re looking at an encrypted HTTP connection so it would be less suspicious than 1194 which is the default OpenVPN port.

  82. lateralvanguard

    defo. what vpn do you currently use?
    I use ipvanish, but want out of a US company, even though they are very good. Offer all the extras for security. If proton could have the same thing going on, it would be fantastic, and id be a lifetime subscriber unless made to think its not safe.

  83. victorhck

    Great explanation!!

Leave a Reply

Your email address will not be published. Required fields are marked *

Knowledge base


Secure Your Internet Today

Get ProtonVPN