When it comes to privacy and security, defining a threat model is important because no single technology can be 100% effective. Staying safe requires understanding the threats you face and the limitations of the technology you use.
How Proton Drive can protect your data
Proton Drive provides a high degree of protection in several key areas.
Proton’s services are designed to stop others from intercepting and decrypting your communications through their use of end-to-end encryption, which encrypts your files on your device and does not decrypt them until they reach their end destination. This means that if an attacker gains access to data flows between your device and our servers, they will not be able to decrypt your files. Only you and the people you share your files with can access the keys required to decrypt the data. Proton Drive protects all files with end-to-end encryption.
Under Swiss law, it’s illegal for Proton Drive to comply with requests for user data sent to us by foreign countries. As a matter of policy, Switzerland will generally deny legal requests from foreign countries with poor human rights records. In all cases, requests must comply with Swiss privacy laws, which are among the most stringent in the world. However, Proton Drive’s use of end-to-end encryption means we cannot decrypt or hand over your files.
Because of the encryption we use, we cannot abuse your privacy or monitor the data you keep on Proton Drive. We have no way of reading your data or using it to build a profile on you for advertising purposes as Google does. Proton Drive has no advertising (even for our free cloud storage plan) and therefore no incentive to monetize your data.
Data breaches are becoming more and more common and affecting some of the world’s largest companies. Even if Proton Drive’s servers were compromised, its use of end-to-end encryption means your files will generally remain safe. Proton Drive does not possess the encryption keys necessary to decrypt your files, meaning an attacker cannot steal them from us.
What Proton Drive can’t protect against
Proton Drive’s sophisticated encryption will protect your files against most threats, but even it cannot maintain your security in every situation. It’s impossible to provide an exhaustive list of all potential attacks, but below is an overview of the attack scenarios you’re most likely to encounter, particularly if you’re facing a sophisticated attacker like a state-backed actor.
Certain man-in-the-middle attacks
As discussed above, Proton Drive’s end-to-end encryption means an adversary cannot decrypt the data you send using Proton’s services. However, attackers could send you a modified version of Proton’s website or application and use this to learn your credentials. This is known as a man-in-the-middle (MITM) attack.
Fortunately, there are several ways to protect against MITM attacks. Proton uses TLS to secure the delivery of our software to your browser and prevent attackers from tampering with our code en route. Generally speaking, a successful MITM attack requires breaking TLS, typically by using a forged TLS certificate. Proton uses key pinning whenever possible to detect and block such attacks.
While this makes a successful MITM attack much harder to pull off, it is not impossible, particularly if the target does not exercise good vigilance. For example, suppose you get tricked into downloading a fake Proton Drive application or connecting to a fake Proton Drive website. In that case, you could accidentally give your credentials to an attacker, allowing them to bypass our end-to-end encryption.
How you can minimize this risk
Many MITM attacks are preceded by phishing attacks that try to fool you into going to a fake website or downloading a fake program. Fortunately, if you pay close attention, you can usually spot the fakes.
Only use official Proton Drive clients: If you connect to the Proton Drive web application, make sure it’s from drive.proton.me. If you download an app for Proton Drive in the future (we’ll be releasing apps for all major platforms soon), make sure to get it from proton.me/drive or official app stores. On Android, we do distribute our mobile app outside of the Google Play store, and if you get it from another source, make sure it is a trusted source (such as downloading the APK directly from our website).
Endpoint compromise – your device
Our end-to-end encryption ensures that the transfer of data between you and whomever you choose to share your files with is private. Neither Proton nor anyone else can read the data that’s transferred.
Nevertheless, if the device you use to access Proton Drive is compromised, attackers could be able to access your files. Among other methods, attackers may choose to log every keystroke you make on your device, allowing them to collect your password and use it to gain access to your decrypted files.
How you can minimize this risk
Attackers have many ways of compromising your device. Nevertheless, you can prevent this by taking the following basic steps:
- Be vigilant: Don’t click suspicious links or open suspicious files, particularly from people you don’t know.
- Update your operating systems: Operating systems (OS) and applications are updated after vulnerabilities are found and fixed. Keeping your OS and apps up-to-date and turning on automatic updates will protect you against known vulnerabilities.
- Be careful on public WiFi: Public WiFi networks are opportunities for attackers. Make sure your traffic is protected by using a reputable VPN when accessing public WiFi. However, remember that VPN companies vary in quality and privacy, and many VPN services are malicious. Proton VPN is a VPN service that is available for free for all Proton users and has been independently audited for security and safety.
Endpoint compromise – your user account
Compromised accounts occur when your credentials become known to an attacker. Bad actors can obtain this knowledge from data breaches that provide them with your passwords or as a result of bad physical security.
Every year, attackers breach databases across the world. This allows them to learn the login credentials of individual users. Individuals who reuse passwords across multiple services are especially vulnerable to attack; if any website or app is breached, attackers would have access to all accounts where you used that password.
How you can minimize this risk
- Passwords: Use different passwords for every service you use. If you only use one or two passwords, the compromise of any single service could let attackers break into all the other digital services you use. At the same time, do not use simple passwords that can easily be guessed, like “123456789”.
- Use two-factor authentication: Proton Drive supports two types of two-factor authentication (2FA). One requires you to enter a six-digit code generated by an authenticator app on your smartphone each time you log in. This means even if an attacker steals your password, they cannot break into your account without access to your phone. Proton Drive also supports two-factor authentication via security keys to provide even greater security for your account.
- Enter your password when you’re alone or in a private place: This will prevent people from looking over your shoulder and recording your password.
What Proton Drive does not provide
While Proton Drive is a highly secure system and sufficient for most security needs, there’s no such thing as 100% security. Well-resourced and determined adversaries can, given enough time, always find flaws in a given system and how its users interact with it.
State-based actors have a variety of means of digital and physical surveillance that may compromise even secure systems such as Proton Drive. For this reason, if you’re the target of a well-resourced state actor, it’s important you take a multi-layered approach to security (such as encrypting your files locally before uploading them to Proton Drive or only connecting to Proton Drive via the Tor anonymity network, which is supported by Proton’s new onion site).
Support for illegal activity
You cannot use Proton Drive for purposes that are illegal under Swiss law. This is prohibited by our terms and conditions and will lead to your account being suspended. Under Swiss law, Swiss authorities can also open investigations into accounts that have been used for illegal purposes, and Proton is obliged by law to respond to court orders issued by Swiss authorities.
How Proton Drive keeps your data secure
You can read Proton Drive’s security and encryption model to learn more about how it keeps your data secure. We’re confident that Proton Drive’s encryption makes it the most secure and private cloud storage service available today.
As part of our commitment to keeping it that way, Proton Drive is open source, so anybody can check our software and confirm that it works as advertised. Finally, all Proton services also undergo periodic independent third-party security reviews, and Proton Drive is no exception.