Return to protonvpn.com Facebook   Twitter   Reddit   ProtonMail

VPN Threat Model

Posted on June 18th, 2017 by in Security.

vpn-threat-model

 

In this article, we analyze the VPN threat model. This covers the threats a VPN is designed to guard against, and also the threats a VPN cannot counter.

We believe that the only thing worse than no security, is a false sense of security. For this reason, whether it is ProtonMail or ProtonVPN, we are always fully transparent when it comes to defining the threat model for the services that we provide.

This article applies rather specifically to ProtonVPN, because ProtonVPN contains unique VPN security features which allow it to defend against a wider range of threats compared to other VPN services. To get a better idea of the security risks that are faced by VPNs in general, please look at this article about how to find the best VPN service.

ProtonVPN is designed to be effective in the following situations:

Securing an insecure internet connection

ProtonVPN establishes an encrypted tunnel between your computer and any one of our VPN servers around the world. This encrypted tunnel is secured with AES-256, and will successfully prevent an adversary who has control over the internet connection that you are using from being able to snoop on your traffic. This means you can safely browse even on public internet networks.

Hiding your browsing history from your ISP

The only data that is visible to your Internet Service Provider (ISP) is that you have made a connection to a ProtonVPN server. The contents of your traffic, including what websites you are visiting, or what data you are transferring, is hidden from your ISP.

Preventing data discrimination

A VPN service can help ensure net neutrality. Because all of your traffic is encrypted, your ISP will not be able to selectively throttle or slow down certain types of traffic.

Preventing Internet censorship

If your ISP is blocking traffic to certain websites (or websites are blocking access for visitors from certain countries), a VPN can help to bypass these blocks and ensure that all of the world’s information remains freely accessible.

Safe file sharing or bittorrent

Many ISPs will block bittorrent or other file sharing protocols. Even worse, file sharing can lead to severe penalties and fines in some countries. ProtonVPN allows safe file sharing and bittorrent because we route P2P traffic through safe countries. Note, as a Swiss company, our official policy is in line with Swiss law, which only permits file sharing for personal, non-commercial use.

ProtonVPN also offers some protection in the following situations:

Protection against VPN compromise

Because of ProtonVPN’s unique Secure Core architecture, we can protect your identity even if you are exiting through a server in a country that has extensive surveillance infrastructure and capabilities (US, UK, etc). This provides extra security in the event an advanced adversary is tapping our exit servers and running correlation/timing attacks. You can learn more about Secure Core here.

Protection against online tracking

ProtonVPN can defend against most IP based tracking, as connecting through one of our VPN servers will mask your true IP address. However, tracking employed by large, privacy invasive companies such as Google or Facebook is quite a bit more sophisticated. Thus, even if you mask your true IP address, companies like Google and Facebook can still track you across multiple sites across the Internet by using cookies or using canvas fingerprinting. Thus, if you really want to stay untraceable online, it’s also important to clear your cookies, use private browsing mode, and use privacy enhancing browsers (not Google Chrome for example).

ProtonVPN cannot defend you against the following situations:

Staying fully anonymous online

You will often see VPN services claim that their VPN can make you fully anonymous online. This is not true, see for example, the tracking issue discussed previously. Full anonymity with a VPN service is technically impossible because even though the sites you visit will not know your true IP address, the VPN provider will ALWAYS know your true IP. Therefore, while you can certainly sign up for ProtonVPN anonymously (using an anonymous ProtonMail email address), because you are connecting to our servers, we will know your true IP address.

Therefore, ProtonVPN’s anonymity doesn’t come from a technical guaranty, but from a weaker legal guaranty. Under Swiss law, we cannot be forced to log your IP address, and therefore even though we technically have access to your IP addresses, we cannot be legally obligated to log it and turn it over. This is rather unique to Switzerland and one of the reasons we decided to base ProtonVPN in Switzerland.

Bandwidth throttling

If your ISP decides to throttle your entire Internet connection, there is nothing that ProtonVPN can do to help you bypass that since the VPN connection to our servers is established over the connection provided by your ISP.

Sophisticated Censorship

Similarly, if your ISP is using Deep Packet Inspection (DPI), it is possible for them to identify and block or throttle traffic that goes over a VPN.They cannot decrypt the traffic, but they can slow it down or block it. While it IS possible to bypass DPI through clever means, sophisticated censorship programs can ALWAYS block VPN traffic if they want to. This is because like with the rest of the internet, VPN connections are established over TCP/IP, which means that an adversary can always block VPNs by simply blocking connections to the IPs of the VPN servers. Indeed, this is what Netflix and the Great Firewall of China is doing.

Other things to keep in mind…

On the internet, you can often find VPN services that claim that their services provide complete anonymity, foolproof security, bypass all censorship, bulletproof streaming, etc. However, the technical limitations of VPN are quite clear and well defined by the technology. Simply put, any provider that claims otherwise is either lying, or worse, does not fully understand the threats.

Last but not least – VPN Trust

It is important to keep in mind that when you are using a VPN, you are effectively transferring trust from your ISP to the VPN provider. Thus, it is important to think about what the VPN provider has done to earn that trust. This is important because there are a large number of VPN services which are malicious and are being used to spread malware. Our security team has also identified at least one VPN service which is working on behalf of a state surveillance agency. For more information, we recommend reading this article about VPN trust.

When you use ProtonVPN, you are effectively entrusting us with your Internet traffic, and while we think we have done a lot to earn your trust, it is still our responsibility to point out that you still must trust us when using ProtonVPN. For additional security questions, we can always be reached at security@protonvpn.com.

Best Regards,
The Proton Technologies Team

We are the scientists, engineers, and developers who build ProtonMail, the world's largest encrypted email service. We're now building ProtonVPN also to ensure that everybody can have access to free and secure internet.

Post Comment

34 comments

  1. lateralvanguard

    Can you pay in monthly installments? i dont have enough to pay a year right now. ipvanish lets you do it. and its a good vpn, but its a US company. so i want out, but the free version and the basic are no good. i want the one beow visionary, but paid in installments. is this possible?

  2. ProtonVPN Admin

    Yes, there is monthly billing on the sign up page that you can pick.

  3. OMG

    https://vpntesting.info do these leaks affect Protonvpn or have they been fixed

  4. James

    When will you provide secure instant messaging service?

  5. GNU

    Could you please say something to this vulnerabilities in OpenVPN:
    https://guidovranken.wordpress.com/2017/06/21/the-openvpn-post-audit-bug-bonanza/

  6. ProtonVPN Admin

    These have been patched now on our systems.

  7. GNU

    Good to know. Thanks for this fast reaction!

  8. MrMan

    In the Secure Core protocol, is the ovpn file the public key for the exit server or the first hop server? The former would be more private.

  9. ProtonVPN Admin

    The former

  10. MrMan

    If I buy protonvpn Plus, do I get access to protonmail plus? or do i buy them seperately? also, please can you let us add a custom option to have more email aliases? I’m not interested in more space or emails sent per day, i just want to also use protonmail by giving different people different email addresses but receiving it in the same place so i can increase privacy. Thank you

  11. ProtonVPN Admin

    ProtonMail Plus and ProtonVPN Plus, but if you get both, you will also get a 20% discount on both.

  12. theGNU

    Today I found this: https://guidovranken.wordpress.com/2017/06/21/the-openvpn-post-audit-bug-bonanza/
    I’ve seen you recommend to use OpenVPN for Linux-Users. So for me it looks like it’s not a good idea to use OpenVPN.

  13. Three years ago ProtonMail was launched. Today, it is launching ProtonVPN – Yogiraj_The_Ultron

    […] understand that when it comes to VPNs, trust is paramount. Whether it is our transparent VPN threat model, our Swiss jurisdiction, our reputation, our relationship with the community, or the fact […]

  14. Three years ago ProtonMailwas launched. Today, it is launching ProtonVPN. – Security AffairsSecurity Affairs

    […] trust. We understand that when it comes to VPNs, trust is paramount. Whether it is our transparent VPN threat model, our Swiss jurisdiction, our reputation, our relationship with the community, or the fact that you […]

  15. Anna Nonymous

    What about anonymous payment options?

  16. ProtonVPN Admin

    Bitcoin is supported and will be automated soon.

  17. Apl anonym

    Hmm. Can’t see it anywhere…
    Where can you choose the Bitcoin payment option?

  18. lateralvanguard

    YESSSS. paying buy bitcoin or other crypto would be awesome

  19. John

    If you do not log any user traffic, urls etc how do you plan to enforce your ToS e.g. “Usage Policy and Prohibited Activities”? Users are going to use the services for P2P of copyrighted content and similar actions which may be illegal under Swiss law for which ProtonVPN will then at first be held liable. How will you proceed in such cases?

  20. dun-jia

    I love it!, i used https://2ip.io/privacy/, and it showed high anonymity, also used grc.com, shields up all and most ports are stealthed and shows open port 443 only!, great so far. Will there be other added features ? i’ve used other vpn’s and i like the fact that leaving the end point is not compromised, i’ve used other vpn’s and it leaves a trail. I love secure core!

  21. Three years ago we launched ProtonMail. Today, we’re launching ProtonVPN. | Artificia Intelligence

    […] trust. We understand that when it comes to VPNs, trust is paramount. Whether it is our transparent VPN threat model, our Swiss jurisdiction, our reputation, our relationship with the community, or the fact that you […]

  22. Aniruddha Arondekar

    Any plans to add Indian or Servers in South Asia.. I know countries here doesn’t have Privacy laws.. Despite the absense of Privacy Laws, does Protonmail is considering about deploying servers? Is it possible that you can deploy server e.g. say in India and still protect user’s data?

  23. ProtonVPN Admin

    Yes, we will look into adding an India server. Our Secure Core technology allows us to provide protection even in countries without good privacy laws.

  24. Evan Brown

    Does this mean countries such as India, Russia etc. may only be possible to use behind Secure Core servers as a result of poor privacy conditions?

  25. milkman

    When will you add latin servers?

  26. ProtonVPN Admin

    It is planned for the next few months.

  27. Jeff

    Is there a possibility that ProtonVPN will be using obfuscation in the future to mitigate the possibility of DPI (because we all know that practically every ISP uses it, even if they don’t admit it)? Also, doesn’t the use of non-standard ports (port 1194, for example), combined with obfuscation, reduce the chances of the ISP throttling or blocking the person’s internet connection?

  28. ProtonVPN Admin

    Yes, we will be adding this. We are currently evaluating several technologies for this.

  29. Evan Brown

    Are you able to disclose potential candidates or such obfuscation and are there any timeframes you want to implement this by? Personally I’m hoping to do a full switch over by November since that’s when my other subscription runs out, i just don’t want to do it without obfuscation in place.

  30. SandPox

    Right, just use port 443, when ISP look at it then it just like they’re looking at an encrypted HTTP connection so it would be less suspicious than 1194 which is the default OpenVPN port.

  31. lateralvanguard

    defo. what vpn do you currently use?
    I use ipvanish, but want out of a US company, even though they are very good. Offer all the extras for security. If proton could have the same thing going on, it would be fantastic, and id be a lifetime subscriber unless made to think its not safe.

  32. victorhck

    Great explanation!!

Leave a Reply

Your email address will not be published. Required fields are marked *

Knowledge base

 

Secure Your Internet Today

Get ProtonVPN