Security Experts:

Connect with us

Hi, what are you looking for?


Email Security

ProtonMail, ProtonVPN Will Use Alternative Routing to Bypass Censorship

Privacy-focused services provider Proton Technologies is deploying a new system to ensure that its email and VPN applications continue to be accessible even in scenarios where governments or ISPs attempt to block them.

Privacy-focused services provider Proton Technologies is deploying a new system to ensure that its email and VPN applications continue to be accessible even in scenarios where governments or ISPs attempt to block them.

Focused on helping users keep their personal information safe, the company’s encrypted services — ProtonMail, ProtonVPN, ProtonCalendar (in beta), and ProtonDrive (in development) — make it difficult to spy on users, and some countries have attempted to block them.

Over the coming weeks, a new alternative routing feature will become available across all of the ProtonMail and ProtonVPN mobile and desktop applications, the company says.

The new system attempts to evade certain types of blocks through routing network connections to Proton servers differently. Automated, the feature only kicks in when it determines the user is being censored and only works with the company’s apps, but not with its websites.

“While we have largely been able to overcome censorship and attacks, it’s imperative that we remain one step ahead of those who would seek to spy on people and restrict the freedom of information. Alternative routing is an additional capability which helps us ensure users can access our services,” Proton says.

Alternative routing, the company explains, involves the use of third-party infrastructure and networks, including those of companies such as Amazon, Cloudflare and Google. Data remains encrypted and safe of snooping, but IP addresses and the fact that Proton services are being accessed might be visible to these third parties.

When the feature becomes available in the coming weeks, the company’s apps will automatically detect connections that might be subjected to censorship and attempt alternative paths to access the Proton servers.

The method is expected to effectively bypass certain blocks, but it might not succeed every time. Alternative routing will only be used in rare instances (which occur without notice) and is optional, the company explains.

Only a small percentage of the company’s users would need this feature, as the vast majority can freely access its services. However, without the new system, impacted users would not be able to access their inbox or connect to VPN.

Users will have the option to turn alternative routing off in the Settings menu or their applications, provided they do not want it to be used. However, if the Proton services are blocked, the company will not be able to alert users to turn the feature on, ProtonMail says.

To make alternative routing work, ProtonMail also customized the TLS encryption protocol, using public key pinning instead of relying on certificate authorities to authenticate servers, which could become a problem if the company’s servers are compromised.

“In our view, these issues should not matter for most people, but if you are concerned about this, you can turn off alternative routing. However, this may mean you will be unable to access your Proton account if you are on a network that is censoring Proton,” the company says.

To fight censorship, the company also added more protocols to ProtonVPN for Android and has made the APK available on Github, so that users could download it even if Google Play is blocked for them.

Related: ProtonMail Fights Email Spoofing With New DKIM Key Management Feature

Related: ProtonMail Launches Encrypted Calendar Application

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Expert Insights

Related Content

Email Security

Microsoft is urging customers to install the latest Exchange Server updates and harden their environments to prevent malicious attacks.

Cloud Security

Microsoft and Proofpoint are warning organizations that use cloud services about a recent consent phishing attack that abused Microsoft’s ‘verified publisher’ status.

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Cybersecurity Funding

UK-based email security and brand protection solutions provider Red Sift on Thursday announced raising $54 million in a Series B funding round that brings...

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...


The EU's digital policy chief warned TikTok’s boss that the social media app must fall in line with tough new rules for online platforms...


Meta was fined an additional $5.9 million for violating EU data protection regulations with WhatsApp messaging app.