Return to protonvpn.com Facebook   Twitter   Reddit   ProtonMail

Using VPN servers in high-risk countries

Posted on March 6th, 2019 by in Privacy & Security.

Protonvpn vpn servers high risk countries

 

As part of our mission to make a secure and private Internet available to all, ProtonVPN will have to add servers in countries with poor privacy protections. Here’s how to safely use servers in high-risk countries.

Which VPN server you connect to is generally determined by what information you are trying to access and where that server is located. To access information that a government censored within its borders, you would need to connect to a VPN server outside your country. Other times you may need to access information that is only available inside your own country. For example, some websites only allow you to log in if you are using an IP address from the country hosting it. If you are traveling abroad, you would need a VPN to access that site. Therefore, the only way for us to properly serve our users, who come from more than 180 countries worldwide, is to add servers in practically every country on earth.

However, privacy laws vary widely from country to country, just as governments range from liberal democracies to dictatorships. Adding a server to a country does not mean that we endorse its government’s policies and regulations. In the process of serving our global user base and fulfilling requests for servers in more countries, we must necessarily add servers in countries which are, quite frankly, terrible at privacy.

In recognition of this, it is important for the ProtonVPN community to be informed about the risks that can come with using these servers, and how some of these risks can be mitigated. We would also like to clarify our own policies regarding high-risk countries.

Guidelines for connecting to servers in high-risk VPN countries

Understand your threat model before connecting to servers in high-risk countries

As outlined in our threat model, ProtonVPN cannot guarantee the absolute security of our servers in high-risk countries (such a guarantee is impossible for all VPN services). Therefore, you should consider any servers in a country with weak privacy protections to potentially be compromised as part of your user threat model.

Consider the following examples: If you are using the Internet to do low-risk activities (e.g., streaming TV or looking up football scores), then which server you connect to is not important. On the other hand, if you are a North Korean dissident handling sensitive communications, we would not recommend connecting to a server in North Korea (if we ever get one), as the North Korean secret police could potentially be monitoring that server.

Use Secure Core VPN

If you must connect to a server in a country with weak privacy protections, enable the Secure Core feature (available with the ProtonVPN Plus plan). With Secure Core, your Internet traffic is routed through special, hardened servers in countries with strong protection laws, like Iceland, Sweden, or Switzerland, before it goes through the server in the high-risk country. If authorities are monitoring the VPN server in the high-risk country, they will only be able to trace the traffic from it back to the Secure Core server and not to your true IP address.

Whenever we add servers in unfriendly jurisdictions, we will always add Secure Core coverage to those servers. Secure Core significantly reduces the risk of using a server in any unfriendly jurisdiction.

ProtonVPN policies in high-risk countries

To continue providing our users with the highest degree of security possible, even in countries with weak privacy protections, we have adopted the following internal policies for high-risk jurisdictions.

Avoid directly owning infrastructure

To avoid unfriendly governments from trying to claim jurisdiction over ProtonVPN, we will utilize third-party infrastructure in high-risk countries. VPN services that own hardware or have a substantial staff presence in a country with weak privacy protections could fall under that country’s jurisdiction through the “principal place of business” doctrine. By working through third parties, ProtonVPN avoids having a physical presence in any jurisdictions with weak privacy protections, making it difficult to dispute our status as a Swiss company.

Work only with reliable partners

We will thoroughly scrutinize all potential infrastructure partners in high-risk countries and only work with those whose values align with our mission. This vetting process may delay adding servers in certain high-risk countries where it is difficult to find a suitable partner. Even when we find an ideal partner, we will also deploy technical measures to further mitigate some of the risks of having a VPN server in an unfriendly jurisdiction.

Always use dedicated hardware

ProtonVPN only uses bare metal (physical) servers that we can fully control all the way down to the base operating system level. We have followed this policy in all countries. Using a bare metal server as opposed to a virtual server means the hardware is dedicated solely to ProtonVPN, giving us a higher degree of control and making it more secure. This bare-metal-only policy will continue in unfriendly jurisdictions to ensure that our servers are harder to compromise.

Leave countries rather than compromise our values

We expect that in some high-risk countries, law enforcement or intelligence agencies may exert pressure on our infrastructure providers to monitor network traffic upstream of our servers. In the US, for example, ISP monitoring and NSA data collection is the default on almost all Internet connections. Since our Secure Core architecture reduces the amount of information that these agencies can collect through this type of surveillance, they may try to force ProtonVPN to log the online activity on our servers. If this situation arises, we will shut down our server and withdraw from the country in question, instead of compromising our values or our strict no-logs policy.

Communicate transparently

Finally, we reiterate our commitment to transparency. We are transparent about who we are, and we have always communicated openly with the community. As ProtonVPN’s global network grows, this transparency will become more critical. If we come under pressure or feel that we can no longer live up to our privacy standards in a high-risk country, we will promptly share this information with our community and shut down the servers in that country. We will also endeavor to more systematically identify the privacy risks of each country and communicate that to the community at large.

It is an unfortunate fact that there are numerous countries around the world where online privacy is under attack. If we avoided these countries altogether though, we would only be able to have servers in Sweden, Switzerland, and Iceland, which would not be enough to sufficiently serve the needs of our community. However, as long as you are aware of the threat model, or enable Secure Core VPN, you can use our VPN servers anywhere in the world. We look forward to bringing ProtonVPN to every country in the world.

Best Regards,
The ProtonVPN Team

You can get a free ProtonVPN account here.

Follow us on social media to stay up to date on the latest ProtonVPN releases:  Twitter Facebook | Reddit

To get a free ProtonMail encrypted email account, visit: protonmail.com

Prior to joining ProtonVPN, Richie spent several years working on tech solutions in the developing world. As a senior editor and writer at Latterly, he covered and commented on international human rights stories. He joined ProtonVPN to advance the rights of online privacy and freedom.

Post Comment

8 comments

  1. User

    Could you be more specific as to what constitutes a ‘high-risk country’ in terms of privacy? I think it’s important to highlight some general conditions even though everyone has a different threat model. North Korea is a good example, yes, but you don’t offer a server in that location and I think it’s important and helpful for us readers to know how ProtonVPN identifies such risks.
    Thanks in advance!

  2. ProtonVPN Admin

    What is high risk really depends on your threat model, which varies from person to person. That’s why it’s hard to be specific about this. For example, a German citizen using hypothetical North Korean servers probably actually faces very little risk.

  3. ANTI CCP

    I live in China, almost all servers can’t connect

  4. ProtonVPN Admin

    Hello, for China you might need to use an alternative connection method. Please write an e-mail via https://protonvpn.com/support-form or fill in the following
    form: https://protonvpn.com/support-form for further instructions and our support team will assist you accordingly.

  5. Cassio

    Would opening a server on a high risk country generate problems for users not using these servers? I am worried because some VPN operating servers in high risk countries were forced (court orders or legislation) to provide de-encription keys for their VPNs… So, the question is, would opening a VPN server in a high risk country open the possibility for the encryption protocols (used in other ProtonVPN) servers be shared with governments from these high risk countries? If that’s the case, then opening a VPN server in a HR Country (while still keeping the legal entity in Switzerland) would surely lessen the security currently offered by ProtonVPN.
    Could you clarify this issue?
    Regards

  6. ProtonVPN Admin

    Hello! Thank you for your question. As we discussed in the blog post, if we get a request that goes against our values, we will shut down our VPN servers in that country rather than comply.

  7. Patrick

    I notice that NordVPN use a British hosting provider (M247) in many countries including Switzerland. Presumably UK’s GCHQ could secretly force M247 to provide access to the hardware at their sites – what methods to ProtonVPN and others have to protect against this? Do you use hosting providers that are likely to be subject to these sorts of secretive orders?

  8. ProtonVPN Admin

    Our solution is Secure core VPN which guards against situations like this: https://protonvpn.com/support/secure-core-vpn/

Leave a Reply

Your email address will not be published. Required fields are marked *

Knowledge base

 

Secure Your Internet Today

Get ProtonVPN