Understanding VPN Threat Models

This article examines the threat model of VPNs, including the risks that VPNs are intended to protect against, as well as the risks that VPNs are unable to mitigate.

At Proton, we firmly believe that a false sense of security is worse than having no security at all. Therefore, we maintain complete transparency in defining the threat model for both Proton Mail and Proton VPN.


This article primarily pertains to Proton VPN, as it offers distinctive security features that enable it to safeguard against a broader spectrum of threats as compared to other VPN services. For a more comprehensive understanding of the security challenges faced by VPNs in general, we recommend referring to our article on selecting the best VPN service.

Proton VPN is designed to be effective when:

Protecting unsecured Internet connections

Proton VPN creates a secure, encrypted connection between your computer and one of our VPN servers located across the globe. This tunnel is fortified with AES-256, ensuring that anyone with control over the internet connection you’re using is unable to intercept your online activity. Consequently, you can confidently browse the internet, even while connected to public networks.

Hide your browsing history from your ISP

Your ISP can only see that you’ve established a connection with a Proton VPN server. However, any information about the content of your online activities such as the websites you visit or the data you transfer remains concealed from your ISP.

Prevention of data discrimination

Using a VPN service can be instrumental in preserving net neutrality, as it encrypts all your internet traffic, preventing your Internet Service Provider (ISP) from selectively slowing down or throttling specific types of traffic.

Prevent Internet censorship

A VPN can assist in circumventing website blocks imposed by either ISPs or websites that restrict access to visitors from specific countries. By doing so, it safeguards the open accessibility of global information.

Secure file sharing or bittorrent

A lot of internet service providers (ISPs) may prevent the use of file sharing protocols like bittorrent. Additionally, in some countries, engaging in file sharing may result in significant consequences such as hefty fines. Proton VPN, on the other hand, offers a secure way to participate in file sharing and bittorrent activities by directing peer-to-peer (P2P) traffic through countries with strict safety measures. It is worth mentioning that as a Swiss company, we adhere to Swiss regulations, which only authorize file sharing for personal, non-commercial purposes.

Proton VPN also provides some protection in the following situations:

Preventing VPN Leakage

Proton VPN’s Secure Core architecture enables us to safeguard your identity, even when you exit through a server located in a country with highly developed surveillance infrastructure and capabilities such as the US or UK. This additional layer of security helps to prevent advanced adversaries from conducting correlation/timing attacks by intercepting our exit servers. For more information on Secure Core, please refer to our website.

Prevent online tracking

While using Proton VPN can provide protection against most forms of IP-based tracking, it may not be enough to defend against the more advanced tracking techniques used by privacy invasive companies like Google or Facebook. These companies can track your activities across multiple websites using methods such as cookies or canvas fingerprinting, even if you have masked your true IP address through a VPN connection. To remain completely untraceable online, it is advisable to also clear your cookies regularly, use private browsing mode, and opt for privacy-enhancing browsers instead of ones like Google Chrome.

Proton VPN does not protect you from the following:

Stay completely anonymous online

Many VPN services claim that using their VPN can make you completely anonymous online, but this is not entirely true. The issue of tracking has been previously discussed and it demonstrates that achieving full anonymity with a VPN service is technically impossible. Although the sites you visit won’t know your true IP address, the VPN provider will always have access to it. Therefore, while you can sign up for Proton VPN anonymously by using an anonymous Proton Mail email address, your true IP address will be known to us because you are connecting to our servers.


Proton VPN’s anonymity is not based on a technical guarantee, but rather on a weaker legal guarantee. According to Swiss law, we cannot be forced to log your IP address. Therefore, although we technically have access to your IP address, we cannot be legally obligated to log it or turn it over. This is a unique feature of Swiss law and one of the reasons why we decided to base Proton VPN in Switzerland.

Bandwidth throttling

Proton VPN cannot assist you in circumventing your ISP’s decision to throttle your entire Internet connection. This is because the VPN connection to Proton’s servers is established through the connection provided by your ISP.

Close scrutiny

If your Internet Service Provider (ISP) is utilizing Deep Packet Inspection (DPI), they have the capability to detect and restrict traffic transmitted over a VPN. Although they cannot decipher the traffic, they have the ability to impede or restrict it. Despite the possibility of circumventing DPI through innovative methods, VPN traffic can always be blocked by advanced censorship programs if they choose to do so. This is because VPN connections, like the rest of the internet, operate over TCP/IP, which implies that a third party can prevent VPN usage by prohibiting connections to the IP addresses of VPN servers. In fact, Netflix and the Great Firewall of China currently utilize this method.

Other things to remember ……

There are numerous VPN services available on the internet that advertise complete anonymity, foolproof security, and the ability to bypass all censorship and offer bulletproof streaming. Nevertheless, the technical limitations of VPNs are well-defined and evident in the technology. In other words, any VPN provider that claims otherwise is either dishonest or lacks a thorough understanding of the potential risks.

And last but not least – VPN Trust

When using a VPN, it is crucial to bear in mind that you are transferring trust from your Internet Service Provider (ISP) to the VPN provider. Therefore, it’s imperative to consider the measures that the VPN provider has taken to establish that trust. The reason being that there are numerous VPN services that are malicious and are utilized to distribute malware. Additionally, our security team has identified at least one VPN service that converts your device into a botnet. To learn more about VPN trust, we recommend reading this article.


By utilizing Proton VPN, you are effectively relying on us to safeguard your internet traffic. While we have taken significant measures to earn your trust, it’s still our responsibility to remind you that trust is still required when using Proton VPN. If you have additional security inquiries, please feel free to contact us through our support form.

Best Regards,
The Proton Team

Proton Team

Proton was established by a group of scientists who had crossed paths at CERN and shared the conviction that an internet where privacy is the norm is vital for upholding freedom. Our global team of developers, engineers, and designers is dedicated to equipping you with secure means to manage your online data.

Protect your online security