Return to protonvpn.com Facebook   Twitter   Reddit   ProtonMail

VPN Threat Model

Posted on June 18th, 2017 by in Security.

vpn-threat-model

 

In this article, we analyze the VPN threat model. This covers the threats a VPN is designed to guard against, and also the threats a VPN cannot counter.

We believe that the only thing worse than no security, is a false sense of security. For this reason, whether it is ProtonMail or ProtonVPN, we are always fully transparent when it comes to defining the threat model for the services that we provide.

This article applies rather specifically to ProtonVPN, because ProtonVPN contains unique VPN security features which allow it to defend against a wider range of threats compared to other VPN services. To get a better idea of the security risks that are faced by VPNs in general, please look at this article about how to find the best VPN service.

ProtonVPN is designed to be effective in the following situations:

Securing an insecure internet connection

ProtonVPN establishes an encrypted tunnel between your computer and any one of our VPN servers around the world. This encrypted tunnel is secured with AES-256, and will successfully prevent an adversary who has control over the internet connection that you are using from being able to snoop on your traffic. This means you can safely browse even on public internet networks.

Hiding your browsing history from your ISP

The only data that is visible to your Internet Service Provider (ISP) is that you have made a connection to a ProtonVPN server. The contents of your traffic, including what websites you are visiting, or what data you are transferring, is hidden from your ISP.

Preventing data discrimination

A VPN service can help ensure net neutrality. Because all of your traffic is encrypted, your ISP will not be able to selectively throttle or slow down certain types of traffic.

Preventing Internet censorship

If your ISP is blocking traffic to certain websites (or websites are blocking access for visitors from certain countries), a VPN can help to bypass these blocks and ensure that all of the world’s information remains freely accessible.

Safe file sharing or bittorrent

Many ISPs will block bittorrent or other file sharing protocols. Even worse, file sharing can lead to severe penalties and fines in some countries. ProtonVPN allows safe file sharing and bittorrent because we route P2P traffic through safe countries. Note, as a Swiss company, our official policy is in line with Swiss law, which only permits file sharing for personal, non-commercial use.

ProtonVPN also offers some protection in the following situations:

Protection against VPN compromise

Because of ProtonVPN’s unique Secure Core architecture, we can protect your identity even if you are exiting through a server in a country that has extensive surveillance infrastructure and capabilities (US, UK, etc). This provides extra security in the event an advanced adversary is tapping our exit servers and running correlation/timing attacks. You can learn more about Secure Core here.

Protection against online tracking

ProtonVPN can defend against most IP based tracking, as connecting through one of our VPN servers will mask your true IP address. However, tracking employed by large, privacy invasive companies such as Google or Facebook is quite a bit more sophisticated. Thus, even if you mask your true IP address, companies like Google and Facebook can still track you across multiple sites across the Internet by using cookies or using canvas fingerprinting. Thus, if you really want to stay untraceable online, it’s also important to clear your cookies, use private browsing mode, and use privacy enhancing browsers (not Google Chrome for example).

ProtonVPN cannot defend you against the following situations:

Staying fully anonymous online

You will often see VPN services claim that their VPN can make you fully anonymous online. This is not true, see for example, the tracking issue discussed previously. Full anonymity with a VPN service is technically impossible because even though the sites you visit will not know your true IP address, the VPN provider will ALWAYS know your true IP. Therefore, while you can certainly sign up for ProtonVPN anonymously (using an anonymous ProtonMail email address), because you are connecting to our servers, we will know your true IP address.

Therefore, ProtonVPN’s anonymity doesn’t come from a technical guaranty, but from a weaker legal guaranty. Under Swiss law, we cannot be forced to log your IP address, and therefore even though we technically have access to your IP addresses, we cannot be legally obligated to log it and turn it over. This is rather unique to Switzerland and one of the reasons we decided to base ProtonVPN in Switzerland.

Bandwidth throttling

If your ISP decides to throttle your entire Internet connection, there is nothing that ProtonVPN can do to help you bypass that since the VPN connection to our servers is established over the connection provided by your ISP.

Sophisticated Censorship

Similarly, if your ISP is using Deep Packet Inspection (DPI), it is possible for them to identify and block or throttle traffic that goes over a VPN.They cannot decrypt the traffic, but they can slow it down or block it. While it IS possible to bypass DPI through clever means, sophisticated censorship programs can ALWAYS block VPN traffic if they want to. This is because like with the rest of the internet, VPN connections are established over TCP/IP, which means that an adversary can always block VPNs by simply blocking connections to the IPs of the VPN servers. Indeed, this is what Netflix and the Great Firewall of China is doing.

Other things to keep in mind…

On the internet, you can often find VPN services that claim that their services provide complete anonymity, foolproof security, bypass all censorship, bulletproof streaming, etc. However, the technical limitations of VPN are quite clear and well defined by the technology. Simply put, any provider that claims otherwise is either lying, or worse, does not fully understand the threats.

Last but not least – VPN Trust

It is important to keep in mind that when you are using a VPN, you are effectively transferring trust from your ISP to the VPN provider. Thus, it is important to think about what the VPN provider has done to earn that trust. This is important because there are a large number of VPN services which are malicious and are being used to spread malware. Our security team has also identified at least one VPN service which is working on behalf of a state surveillance agency. For more information, we recommend reading this article about VPN trust.

When you use ProtonVPN, you are effectively entrusting us with your Internet traffic, and while we think we have done a lot to earn your trust, it is still our responsibility to point out that you still must trust us when using ProtonVPN. For additional security questions, we can always be reached at security@protonvpn.com.

Best Regards,
The Proton Technologies Team

We are the scientists, engineers, and developers who build ProtonMail, the world’s largest encrypted email service. We’re now building ProtonVPN also to ensure that everybody can have access to free and secure internet.

Post Comment

55 comments

  1. Iwishtobeanonymous

    Will P2P ever be available on the free accounts?

  2. Irina M

    Unfortunately, we cannot make p2p available to free accounts. The reason we have free accounts available is to help people stay protected online. P2P would increase the load on our servers due to torrenting and this would put more pressure on us, ultimately not allowing us to subsidise the free accounts from the paid ones.

  3. jon doe

    When will you except bitcoin for payment?

  4. Irina M

    You can pay for ProtonVPN with Bitcoin. You can create a free account and afterwards you can upgrade your account by paying with Bitcoin. The instance Bitcoin payment is not supported is at sign-up.

  5. jon doe

    I would purchase your highest plan that includes email and vpn but you guys dont except btc or bch! When will you except these? and if you claim to be private then why dont you except them already? I use your free email right now but would love to support you with bitcoin and get better service in doing so but you dont take it..that i know of or can see right now..

  6. Irina M

    We accepts Bitcoin payments for ProtonMail as well as for ProtonVPN. You can create a free account and afterwards you can upgrade your account or top it with credits by paying with Bitcoin. The only instance where Bitcoin payment is not supported is at sign-up.

  7. Enigma

    Just a quick correction to my post, what I meant to say was VPN Bonding, not load balancing. There are a few methods to accomplish this and is compatible with both Wireguard and OpenVPN. You could even have the number of tunnels be random to further make it attack proof. I could even see bonding over Wireguards Mesh setup combined with Search encryption and possibly some configurable Pi Hole DNS servers on the network as a great privacy tool.

  8. Enigma

    I have some suggestions, I love All things Proton but Proton can do some things to Isolate themselves as king in this industry:

    1) Start implementing Wireguard nodes with wireguard mesh VPN it is a lot better performance than OpenVPN, more secure and well the “mesh VPN” is pretty darn cool

    2) Your secure Core technology is a great start but it is missing a key feature that actually would make it secure. Currently, when a MITM attack is done on a VPN connection the data is all intact to be consumed by the attacker. This can be done at your user’s ISP or even your VPN servers but there is a method that can leave them with nothing but scrambled packets. “VPN load balancing at the packet level”. Basically, two tunnels are established and each packet is load balanced across the two tunnels. Your Secure Core servers would then re-assemble the packets prior to making the connection to the destination and the return packets would split at the Secure Core servers and then load balanced back to the client where they are re-assembled. Even with an effective MITM attack on the tunnel, all they would see is a scrambled mess of packets.

    3) One of your largest competitors and ex Googlers “Disconnect.me” also does encrypted search so people can continue using the search engines they love while still protecting their privacy, you should do the same, you already have them beat with the VPN now beat them on search privacy

  9. Irina M

    Thank you for your suggestions! Means a lot. We will analyse them.

  10. Unknown Entity

    That is indeed curious.

  11. GNU

    Here’s a very interesting link for all interested in cryptography:

    https://theintercept.com/2017/05/11/nyu-accidentally-exposed-military-code-breaking-computer-project-to-entire-internet/

    I have a question to the described supercomputer:

    Do I understand right that this machine, if ready and fully working, is able to decrypt on the fly, so forward secrecy is then not longer a helpful security feature?

  12. GNU

    I asked my question to early. After reading the complete article at The Intercept I know the answer to my question.
    So, dear Admin, please delete my question.
    But perhaps it might be a good idea to publish the link?

    Best regards

    GNU

  13. François DEVAUX

    you are great with great and ethical goal which is very “prosurvival”.
    1)I have question about “javascript difficulty” do you have general advice about it?
    2)I have a question about payment : is paypal secure?Are all visa and mastercard with same efficiency?
    3)I have a question about countries,do you have a countries map with number of terminals like other VPN?
    4)I have a personal question: I was starting with free proton mail.For research I need absolutely VPN and I did
    a complete VPN research,your conditions in Switzerland and in the mountain are probably legally and physically the best.
    After free protonmail I pay now 30 euros/month could I starting VPN with proton mail VPN included
    with protonmail visionary or have to pay 288.00 Er/Yr to start VPN Visionary included.
    Anyway congratulations to be great with worldwide survival and ethical goals
    With Love! FLJD.

  14. ProtonVPN Admin

    Hi, ProtonVPN is included in the Proton Visionary bundle!

  15. Martin

    Any plans to add a polish server?

  16. fuckoof

    Do you have russian servers ?
    What is the technologies are you using on your servers ?

    thanks

  17. ProtonVPN Admin

    our servers support OpenVPN and in the near future also IKE

  18. lateralvanguard

    Can you pay in monthly installments? i dont have enough to pay a year right now. ipvanish lets you do it. and its a good vpn, but its a US company. so i want out, but the free version and the basic are no good. i want the one beow visionary, but paid in installments. is this possible?

  19. ProtonVPN Admin

    Yes, there is monthly billing on the sign up page that you can pick.

  20. OMG

    https://vpntesting.info do these leaks affect Protonvpn or have they been fixed

  21. James

    When will you provide secure instant messaging service?

  22. GNU

    Could you please say something to this vulnerabilities in OpenVPN:
    https://guidovranken.wordpress.com/2017/06/21/the-openvpn-post-audit-bug-bonanza/

  23. ProtonVPN Admin

    These have been patched now on our systems.

  24. GNU

    Good to know. Thanks for this fast reaction!

  25. MrMan

    In the Secure Core protocol, is the ovpn file the public key for the exit server or the first hop server? The former would be more private.

  26. ProtonVPN Admin

    The former

  27. MrMan

    If I buy protonvpn Plus, do I get access to protonmail plus? or do i buy them seperately? also, please can you let us add a custom option to have more email aliases? I’m not interested in more space or emails sent per day, i just want to also use protonmail by giving different people different email addresses but receiving it in the same place so i can increase privacy. Thank you

  28. ProtonVPN Admin

    ProtonMail Plus and ProtonVPN Plus, but if you get both, you will also get a 20% discount on both.

  29. theGNU

    Today I found this: https://guidovranken.wordpress.com/2017/06/21/the-openvpn-post-audit-bug-bonanza/
    I’ve seen you recommend to use OpenVPN for Linux-Users. So for me it looks like it’s not a good idea to use OpenVPN.

  30. Three years ago ProtonMail was launched. Today, it is launching ProtonVPN – Yogiraj_The_Ultron

    […] understand that when it comes to VPNs, trust is paramount. Whether it is our transparent VPN threat model, our Swiss jurisdiction, our reputation, our relationship with the community, or the fact […]

  31. Three years ago ProtonMail was launched. Today, it is launching ProtonVPN | OSINT

    […] understand that when it comes to VPNs, trust is paramount. Whether it is our transparent VPN threat model, our Swiss jurisdiction, our reputation, our relationship with the community, or the fact that you […]

  32. Three years ago ProtonMail was launched. Today, it is launching ProtonVPN – Kirk's Cloud

    […] trust. We understand that when it comes to VPNs, trust is paramount. Whether it is our transparent VPN threat model, our Swiss jurisdiction, our reputation, our relationship with the community, or the fact that you […]

  33. Three years ago ProtonMailwas launched. Today, it is launching ProtonVPN. – Security AffairsSecurity Affairs

    […] trust. We understand that when it comes to VPNs, trust is paramount. Whether it is our transparent VPN threat model, our Swiss jurisdiction, our reputation, our relationship with the community, or the fact that you […]

  34. Anna Nonymous

    What about anonymous payment options?

  35. ProtonVPN Admin

    Bitcoin is supported and will be automated soon.

  36. Apl anonym

    Hmm. Can’t see it anywhere…
    Where can you choose the Bitcoin payment option?

  37. lateralvanguard

    YESSSS. paying buy bitcoin or other crypto would be awesome

  38. John

    If you do not log any user traffic, urls etc how do you plan to enforce your ToS e.g. “Usage Policy and Prohibited Activities”? Users are going to use the services for P2P of copyrighted content and similar actions which may be illegal under Swiss law for which ProtonVPN will then at first be held liable. How will you proceed in such cases?

  39. Forever Curious

    I read the Redit link and am just curious what happens if you or one of your downstream providers (exit point) receives a request from a government, or a government’s law enforcement arm, for information not pertaining to copyright but some other action deemed illegal in some country. Do you consider that a violation of your TOS and shut the account down or go ahead and hand them over to the authorities as requested, or something else entirely? Hopefully not a situation you run into too often.

  40. Irina M

    This has not happened to us yet, but it is indeed a risk. That is why we have Secure Core VPN which is designed to guard against this: https://protonvpn.com/support/secure-core-vpn/
    If we get informed of a TOS violation, we may indeed shut down the account, but this is also not something that has happened before.

  41. dun-jia

    I love it!, i used https://2ip.io/privacy/, and it showed high anonymity, also used grc.com, shields up all and most ports are stealthed and shows open port 443 only!, great so far. Will there be other added features ? i’ve used other vpn’s and i like the fact that leaving the end point is not compromised, i’ve used other vpn’s and it leaves a trail. I love secure core!

  42. Three years ago we launched ProtonMail. Today, we’re launching ProtonVPN. | Artificia Intelligence

    […] trust. We understand that when it comes to VPNs, trust is paramount. Whether it is our transparent VPN threat model, our Swiss jurisdiction, our reputation, our relationship with the community, or the fact that you […]

  43. Aniruddha Arondekar

    Any plans to add Indian or Servers in South Asia.. I know countries here doesn’t have Privacy laws.. Despite the absense of Privacy Laws, does Protonmail is considering about deploying servers? Is it possible that you can deploy server e.g. say in India and still protect user’s data?

  44. ProtonVPN Admin

    Yes, we will look into adding an India server. Our Secure Core technology allows us to provide protection even in countries without good privacy laws.

  45. Evan Brown

    Does this mean countries such as India, Russia etc. may only be possible to use behind Secure Core servers as a result of poor privacy conditions?

  46. milkman

    When will you add latin servers?

  47. ProtonVPN Admin

    It is planned for the next few months.

  48. Jeff

    Is there a possibility that ProtonVPN will be using obfuscation in the future to mitigate the possibility of DPI (because we all know that practically every ISP uses it, even if they don’t admit it)? Also, doesn’t the use of non-standard ports (port 1194, for example), combined with obfuscation, reduce the chances of the ISP throttling or blocking the person’s internet connection?

  49. ProtonVPN Admin

    Yes, we will be adding this. We are currently evaluating several technologies for this.

  50. Evan Brown

    Are you able to disclose potential candidates or such obfuscation and are there any timeframes you want to implement this by? Personally I’m hoping to do a full switch over by November since that’s when my other subscription runs out, i just don’t want to do it without obfuscation in place.

  51. SandPox

    Right, just use port 443, when ISP look at it then it just like they’re looking at an encrypted HTTP connection so it would be less suspicious than 1194 which is the default OpenVPN port.

  52. lateralvanguard

    defo. what vpn do you currently use?
    I use ipvanish, but want out of a US company, even though they are very good. Offer all the extras for security. If proton could have the same thing going on, it would be fantastic, and id be a lifetime subscriber unless made to think its not safe.

  53. victorhck

    Great explanation!!

Leave a Reply

Your email address will not be published. Required fields are marked *

Knowledge base

 

Secure Your Internet Today

Get ProtonVPN