Security Experts:

ProtonMail, ProtonVPN Will Use Alternative Routing to Bypass Censorship

Privacy-focused services provider Proton Technologies is deploying a new system to ensure that its email and VPN applications continue to be accessible even in scenarios where governments or ISPs attempt to block them.

Focused on helping users keep their personal information safe, the company’s encrypted services — ProtonMail, ProtonVPN, ProtonCalendar (in beta), and ProtonDrive (in development) — make it difficult to spy on users, and some countries have attempted to block them.

Over the coming weeks, a new alternative routing feature will become available across all of the ProtonMail and ProtonVPN mobile and desktop applications, the company says.

The new system attempts to evade certain types of blocks through routing network connections to Proton servers differently. Automated, the feature only kicks in when it determines the user is being censored and only works with the company’s apps, but not with its websites.

“While we have largely been able to overcome censorship and attacks, it’s imperative that we remain one step ahead of those who would seek to spy on people and restrict the freedom of information. Alternative routing is an additional capability which helps us ensure users can access our services,” Proton says.

Alternative routing, the company explains, involves the use of third-party infrastructure and networks, including those of companies such as Amazon, Cloudflare and Google. Data remains encrypted and safe of snooping, but IP addresses and the fact that Proton services are being accessed might be visible to these third parties.

When the feature becomes available in the coming weeks, the company’s apps will automatically detect connections that might be subjected to censorship and attempt alternative paths to access the Proton servers.

The method is expected to effectively bypass certain blocks, but it might not succeed every time. Alternative routing will only be used in rare instances (which occur without notice) and is optional, the company explains.

Only a small percentage of the company’s users would need this feature, as the vast majority can freely access its services. However, without the new system, impacted users would not be able to access their inbox or connect to VPN.

Users will have the option to turn alternative routing off in the Settings menu or their applications, provided they do not want it to be used. However, if the Proton services are blocked, the company will not be able to alert users to turn the feature on, ProtonMail says.

To make alternative routing work, ProtonMail also customized the TLS encryption protocol, using public key pinning instead of relying on certificate authorities to authenticate servers, which could become a problem if the company’s servers are compromised.

“In our view, these issues should not matter for most people, but if you are concerned about this, you can turn off alternative routing. However, this may mean you will be unable to access your Proton account if you are on a network that is censoring Proton,” the company says.

To fight censorship, the company also added more protocols to ProtonVPN for Android and has made the APK available on Github, so that users could download it even if Google Play is blocked for them.

Related: ProtonMail Fights Email Spoofing With New DKIM Key Management Feature

Related: ProtonMail Launches Encrypted Calendar Application

view counter