We’re announcing today a new anti-censorship system that can help users access our website if their government, ISP, or network administrator has blocked Proton services. The alternative routing feature is not yet deployed as of writing, but in the coming weeks, we plan to release it across all of our mobile and desktop applications. With this post, we wish to provide a bit more information to the community about the measures we are taking to ensure that Proton services are highly available, even in countries with censorship.
First, you don’t have to configure any settings to take advantage of alternative routing, which routes network connections to Proton servers differently to evade certain types of blocks. This system works automatically to let you use the Proton apps. And it only kicks in if we think you’re being censored. This feature is unfortunately not available for our websites, but it will work on all mobile and desktop apps (both ProtonMail and ProtonVPN).
Note, using ProtonVPN is also an effective way to bypass many forms of censorship, and ProtonVPN is available for all Proton users (just go to protonvpn.com/download, install the app for your device, and log in with your Proton account).
In this article, we’ll describe some important information about alternative routing, and why this is an important step forward in our mission to provide privacy and security to all.
Why Proton requires anti-censorship measures
Our mission is to make it easy for anyone to keep their personal information safe. Our easy-to-use, encrypted services — ProtonMail, ProtonVPN, ProtonCalendar (in beta), and ProtonDrive (in development) — make it much harder to spy on you, steal your information, or misuse your private data.
While we have largely been able to overcome censorship and attacks, it’s imperative that we remain one step ahead of those who would seek to spy on people and restrict the freedom of information. Alternative routing is an additional capability which helps us ensure users can access our services.
The vast majority of our users will never need this system because Proton is very rarely blocked. But in critical situations for a small minority of users, this feature provides a seamless way to continue accessing your inbox or connecting to VPN.
When this feature is released in the coming weeks, our apps will automatically detect when a connection might be subject to censorship, and try alternative paths to establish a connection to Proton servers. While this method will not always succeed, in many cases it can be effective in bypassing certain blocks. This is an active area of research for our team, so over time, our anti-censorship capabilities will also get better and better over subsequent releases.
Typically, alternative routing is not used; we will only fall back to this method if we suspect Proton is being blocked in your location. We have made this alternate routing opt-out by default because it will only trigger in the rare instances when attempts to censor Proton are detected and because these attempts can occur without notice. Once Proton services are blocked, we do not have the ability to reach out to our users to inform them they should activate this feature.
However, we recognize there are trade-offs, which is why in the Settings of all of our apps you will have the option to turn off alternative routing if you never want it to be used.
Important things to know about alternative routing
Like most solutions to difficult problems, our anti-censorship system is not without drawbacks. Therefore, we have made this system optional, and you can turn it off in your app settings.
Because blocking Proton usually involves targeting Proton infrastructure, alternative routing requires us to use third-party infrastructure and networks we do not control, some of which might belong to companies such as Amazon, Cloudflare, Google, etc., which may not have a good track record of privacy. Note, these third parties cannot see your actual data. All data transferred over third-party networks will remain encrypted at all times, just like the data that is transmitted via your ISP when you connect to Proton services regularly. However, these third parties could see your IP address and the fact that you are trying to connect to Proton.
Additionally, we’ve had to customize TLS encryption to make the alternative routing work. TLS is the encryption protocol used in HTTPS, and it depends on certificate authorities to authenticate servers. Because censors require this information to identify targets, we are using public key pinning instead. This provides equally strong encryption but can be problematic if our server is somehow compromised.
What we’re working toward
At Proton, we have spent the last several months aggressively combating censorship around the world. We are the email and VPN provider of choice for many activists and pro-democracy movements around the world, and we will continue fighting to provide secure and private Internet services for all who need them.
That’s why we have spoken out against censorship in the UK while also developing new technologies to help users bypass blocks. For instance, ProtonVPN for Android now offers more protocols, making it more difficult to be blocked or censored. We have also made the APK available for download on Github so you can still download our app even if Google Play is blocked in your location.
More anti-censorship measures are coming, and we will be sharing additional updates as they become available. Follow us on social media to be informed of the latest updates.
Thank you for your support — it’s because of our community that we’re able to invest in making the Internet open and accessible.
You can get a free secure email account from ProtonMail here.
We also provide a free VPN service to protect your privacy.