In this article, we analyze the VPN threat model. This covers the threats a VPN is designed to guard against, and also the threats a VPN cannot counter.
We believe that the only thing worse than no security, is a false sense of security. For this reason, whether it is ProtonMail or ProtonVPN, we are always fully transparent when it comes to defining the threat model for the services that we provide.
This article applies rather specifically to ProtonVPN, because ProtonVPN contains unique VPN security features which allow it to defend against a wider range of threats compared to other VPN services. To get a better idea of the security risks that are faced by VPNs in general, please look at this article about how to find the best VPN service.
ProtonVPN is designed to be effective in the following situations:
Securing an insecure internet connection
ProtonVPN establishes an encrypted tunnel between your computer and any one of our VPN servers around the world. This encrypted tunnel is secured with AES-256, and will successfully prevent an adversary who has control over the internet connection that you are using from being able to snoop on your traffic. This means you can safely browse even on public internet networks.
Hiding your browsing history from your ISP
The only data that is visible to your Internet Service Provider (ISP) is that you have made a connection to a ProtonVPN server. The contents of your traffic, including what websites you are visiting, or what data you are transferring, is hidden from your ISP.
Preventing data discrimination
A VPN service can help ensure net neutrality. Because all of your traffic is encrypted, your ISP will not be able to selectively throttle or slow down certain types of traffic.
Preventing Internet censorship
If your ISP is blocking traffic to certain websites (or websites are blocking access for visitors from certain countries), a VPN can help to bypass these blocks and ensure that all of the world’s information remains freely accessible.
Safe file sharing or bittorrent
Many ISPs will block bittorrent or other file sharing protocols. Even worse, file sharing can lead to severe penalties and fines in some countries. ProtonVPN allows safe file sharing and bittorrent because we route P2P traffic through safe countries. Note, as a Swiss company, our official policy is in line with Swiss law, which only permits file sharing for personal, non-commercial use.
ProtonVPN also offers some protection in the following situations:
Protection against VPN compromise
Because of ProtonVPN’s unique Secure Core architecture, we can protect your identity even if you are exiting through a server in a country that has extensive surveillance infrastructure and capabilities (US, UK, etc). This provides extra security in the event an advanced adversary is tapping our exit servers and running correlation/timing attacks. You can learn more about Secure Core here.
Protection against online tracking
ProtonVPN can defend against most IP based tracking, as connecting through one of our VPN servers will mask your true IP address. However, tracking employed by large, privacy invasive companies such as Google or Facebook is quite a bit more sophisticated. Thus, even if you mask your true IP address, companies like Google and Facebook can still track you across multiple sites across the Internet by using cookies or using canvas fingerprinting. Thus, if you really want to stay untraceable online, it’s also important to clear your cookies, use private browsing mode, and use privacy enhancing browsers (not Google Chrome for example).
ProtonVPN cannot defend you against the following situations:
Staying fully anonymous online
You will often see VPN services claim that their VPN can make you fully anonymous online. This is not true, see for example, the tracking issue discussed previously. Full anonymity with a VPN service is technically impossible because even though the sites you visit will not know your true IP address, the VPN provider will ALWAYS know your true IP. Therefore, while you can certainly sign up for ProtonVPN anonymously (using an anonymous ProtonMail email address), because you are connecting to our servers, we will know your true IP address.
Therefore, ProtonVPN’s anonymity doesn’t come from a technical guaranty, but from a weaker legal guaranty. Under Swiss law, we cannot be forced to log your IP address, and therefore even though we technically have access to your IP addresses, we cannot be legally obligated to log it and turn it over. This is rather unique to Switzerland and one of the reasons we decided to base ProtonVPN in Switzerland.
If your ISP decides to throttle your entire Internet connection, there is nothing that ProtonVPN can do to help you bypass that since the VPN connection to our servers is established over the connection provided by your ISP.
Similarly, if your ISP is using Deep Packet Inspection (DPI), it is possible for them to identify and block or throttle traffic that goes over a VPN.They cannot decrypt the traffic, but they can slow it down or block it. While it IS possible to bypass DPI through clever means, sophisticated censorship programs can ALWAYS block VPN traffic if they want to. This is because like with the rest of the internet, VPN connections are established over TCP/IP, which means that an adversary can always block VPNs by simply blocking connections to the IPs of the VPN servers. Indeed, this is what Netflix and the Great Firewall of China is doing.
Other things to keep in mind…
On the internet, you can often find VPN services that claim that their services provide complete anonymity, foolproof security, bypass all censorship, bulletproof streaming, etc. However, the technical limitations of VPN are quite clear and well defined by the technology. Simply put, any provider that claims otherwise is either lying, or worse, does not fully understand the threats.
Last but not least – VPN Trust
It is important to keep in mind that when you are using a VPN, you are effectively transferring trust from your ISP to the VPN provider. Thus, it is important to think about what the VPN provider has done to earn that trust. This is important because there are a large number of VPN services which are malicious and are being used to spread malware. Our security team has also identified at least one VPN service which is working on behalf of a state surveillance agency. For more information, we recommend reading this article about VPN trust.
When you use ProtonVPN, you are effectively entrusting us with your Internet traffic, and while we think we have done a lot to earn your trust, it is still our responsibility to point out that you still must trust us when using ProtonVPN. For additional security questions, we can always be reached at firstname.lastname@example.org.
The Proton Technologies Team