ProtonVPN has a Secure Core feature that improves user privacy and data security by mitigating some of the risks from a compromised VPN server.
A common method to expose VPN traffic is to compromise the server that handles your traffic. This risk is particularly acute for servers located in high-risk jurisdictions. To mitigate this risk, ProtonVPN has Secure Core servers. This article provides an overview of the attacks and threats that Secure Core mitigates, how it achieves higher VPN privacy, as well as instructions on how to activate Secure Core in ProtonVPN.
- What does Secure Core protect against?
ProtonVPN’s unique Secure Core architecture allows us to protect our users from network attacks that other VPNs cannot defend against. A classic VPN setup involves a client passing traffic through a VPN server en-route to the final destination. If an attacker can get control of the VPN server, or monitor the network of the server, they will be able to match VPN clients with their traffic, nullifying the privacy benefits of the VPN.
Such timing/correlation attacks are not difficult to accomplish. In countries with restrictive Internet regulations (China, Russia, Iran, Turkey, etc), or countries with broad surveillance powers (USA, UK, etc), state surveillance agencies typically have the legal ability to coerce either the VPN provider, or the network/server provider of the VPN provider, to assist with such network monitoring. Therefore, even though ProtonVPN is based in Switzerland, we cannot be certain that authorities are not monitoring our VPN servers located in those high-risk countries.
- How does Secure Core increase VPN privacy?
Secure Core allows us to defend against this threat to VPN privacy by passing user traffic through multiple servers. When you connect to a server in a high-risk jurisdiction like the US, your traffic will first go through our Secure Core servers. Therefore, even if an attacker monitors our servers in the US, they would only be able to follow the traffic back to the edge of our Secure Core network, thus making it far more difficult to discover the true IP address and location of ProtonVPN users.
We have also gone to extraordinary lengths to defend our Secure Core servers. First, servers are located in countries selected specifically for their strong privacy laws (Iceland, Switzerland, and Sweden). We also placed our Secure Core servers in high-security data centers to ensure strong physical security. ProtonVPN infrastructure in Switzerland and Sweden is housed in underground data centers, while our Iceland servers are on a former military base. Furthermore, Secure Core servers are wholly owned and provisioned by us (shipped on-site directly from our offices). Finally, Secure Core servers are connected to the Internet using our own dedicated network with IP addresses that are owned and operated by our own Local Internet Registry (LIR).
These measures provide us with a much higher level of certainty that no one has tampered with our Secure Core servers. While there is no such thing as 100% security, Secure Core is just one of the many ways ProtonVPN delivers better security and privacy by protecting against complex attacks other VPNs cannot defend against.
- How do I activate Secure Core?
Secure Core is a feature included in our Plus and Visionary Plans and can be activated as follows:
Windows ProtonVPN application:
- Download and install ProtonVPN, start the app and log in
- Find and activate Secure Core under the country tab on the left.
- Connect to the available servers in the list underneath.
Android ProtonVPN application:
- Install the ProtonVPN Android VPN mobile app from the Play Store.
- Tap the selector next to “Use Secure Core” to activate Secure Core.
- Connect to one of the available Secure Core servers in the server listing.
On MacOS, GNU/Linux, iOS
- Follow the step by step guide to set up ProtonVPN on MacOS, Linux, iOS devices or Android devices
- When selecting a server configuration file, choose a config file with a name structure similar to xx-xx-00.protonvpn.com.xxxxxxx.ovpn