ProtonBlog(new window)

Proton Drive threat model

Share this page

When it comes to privacy and security, defining a threat model(new window) is important because no single technology can be 100% effective. Staying safe requires understanding the threats you face and the limitations of the technology you use.

How Proton Drive can protect your data

Proton Drive provides a high degree of protection in several key areas.

Data interception

Proton’s services are designed to stop others from intercepting and decrypting your communications through their use of end-to-end encryption(new window), which encrypts your files on your device and does not decrypt them until they reach their end destination. This means that if an attacker gains access to data flows between your device and our servers, they will not be able to decrypt your files. Only you and the people you share your files with can access the keys required to decrypt the data. Proton Drive protects all files with end-to-end encryption.

Data seizure

Under Swiss law, it’s illegal for Proton Drive to comply with requests for user data sent to us by foreign countries. As a matter of policy, Switzerland will generally deny legal requests from foreign countries with poor human rights records. In all cases, requests must comply with Swiss privacy laws, which are among the most stringent in the world. However, Proton Drive’s use of end-to-end encryption means we cannot decrypt or hand over your files.

Data abuse

Because of the encryption we use, we cannot abuse your privacy or monitor the data you keep on Proton Drive. We have no way of reading your data or using it to build a profile on you for advertising purposes as Google does. Proton Drive has no advertising (even for our free cloud storage plan) and therefore no incentive to monetize your data.

Data breaches

Data breaches are becoming more and more common and affecting some of the world’s largest companies. Even if Proton Drive’s servers were compromised, its use of end-to-end encryption means your files will generally remain safe. Proton Drive does not possess the encryption keys necessary to decrypt your files, meaning an attacker cannot steal them from us. 

What Proton Drive can’t protect against

Proton Drive’s sophisticated encryption will protect your files against most threats, but even it cannot maintain your security in every situation. It’s impossible to provide an exhaustive list of all potential attacks, but below is an overview of the attack scenarios you’re most likely to encounter, particularly if you’re facing a sophisticated attacker like a state-backed actor. 

Certain man-in-the-middle attacks

As discussed above, Proton Drive’s end-to-end encryption means an adversary cannot decrypt the data you send using Proton’s services. However, attackers could send you a modified version of Proton’s website or application and use this to learn your credentials. This is known as a man-in-the-middle (MITM) attack.

Fortunately, there are several ways to protect against MITM attacks. Proton uses TLS to secure the delivery of our software to your browser and prevent attackers from tampering with our code en route. Generally speaking, a successful MITM attack requires breaking TLS, typically by using a forged TLS certificate. Proton uses key pinning whenever possible to detect and block such attacks. 

While this makes a successful MITM attack much harder to pull off, it is not impossible, particularly if the target does not exercise good vigilance. For example, suppose you get tricked into downloading a fake Proton Drive application or connecting to a fake Proton Drive website. In that case, you could accidentally give your credentials to an attacker, allowing them to bypass our end-to-end encryption.

How you can minimize this risk

Many MITM attacks are preceded by phishing attacks that try to fool you into going to a fake website or downloading a fake program. Fortunately, if you pay close attention, you can usually spot the fakes.

Only use official Proton Drive clients: If you connect to the Proton Drive web application, make sure it’s from drive.proton.me. If you download an app for Proton Drive in the future (we’ll be releasing apps for all major platforms soon), make sure to get it from proton.me/drive or official app stores. On Android, we do distribute our mobile app outside of the Google Play store, and if you get it from another source, make sure it is a trusted source (such as downloading the APK directly from our website(new window)). 

Endpoint compromise – your device

Our end-to-end encryption ensures that the transfer of data between you and whomever you choose to share your files with is private. Neither Proton nor anyone else can read the data that’s transferred. 

Nevertheless, if the device you use to access Proton Drive is compromised, attackers could be able to access your files. Among other methods, attackers may choose to log every keystroke you make on your device, allowing them to collect your password and use it to gain access to your decrypted files. 

How you can minimize this risk

Attackers have many ways of compromising your device. Nevertheless, you can prevent this by taking the following basic steps:

  • Be vigilant: Don’t click suspicious links or open suspicious files, particularly from people you don’t know.
  • Update your operating systems: Operating systems (OS) and applications are updated after vulnerabilities are found and fixed. Keeping your OS and apps up-to-date and turning on automatic updates will protect you against known vulnerabilities.
  • Be careful on public WiFi: Public WiFi networks are opportunities for attackers. Make sure your traffic is protected by using a reputable VPN when accessing public WiFi. However, remember that VPN companies vary in quality and privacy, and many VPN services are malicious(new window). Proton VPN(new window) is a VPN service that is available for free for all Proton users and has been independently audited for security and safety.

Endpoint compromise – your user account

Compromised accounts occur when your credentials become known to an attacker. Bad actors can obtain this knowledge from data breaches that provide them with your passwords or as a result of bad physical security. 

Every year, attackers breach databases across the world. This allows them to learn the login credentials of individual users. Individuals who reuse passwords across multiple services are especially vulnerable to attack; if any website or app is breached, attackers would have access to all accounts where you used that password.

How you can minimize this risk

  • Passwords: Use different passwords for every service you use. If you only use one or two passwords, the compromise of any single service could let attackers break into all the other digital services you use. At the same time, do not use simple passwords that can easily be guessed, like “123456789”. 
  • Use two-factor authentication: Proton Drive supports two types of two-factor authentication (2FA)(new window). One requires you to enter a six-digit code generated by an authenticator app on your smartphone each time you log in. This means even if an attacker steals your password, they cannot break into your account without access to your phone. Proton Drive also supports two-factor authentication via security keys(new window) to provide even greater security for your account. 
  • Enter your password when you’re alone or in a private place: This will prevent people from looking over your shoulder and recording your password.

What Proton Drive does not provide

100% security

While Proton Drive is a highly secure system and sufficient for most security needs, there’s no such thing as 100% security. Well-resourced and determined adversaries can, given enough time, always find flaws in a given system and how its users interact with it. 

State-based actors have a variety of means of digital and physical surveillance that may compromise even secure systems such as Proton Drive. For this reason, if you’re the target of a well-resourced state actor, it’s important you take a multi-layered approach to security (such as encrypting your files locally before uploading them to Proton Drive or only connecting to Proton Drive via the Tor anonymity network, which is supported by Proton’s new onion site).

Support for illegal activity

You cannot use Proton Drive for purposes that are illegal under Swiss law. This is prohibited by our terms and conditions and will lead to your account being suspended. Under Swiss law, Swiss authorities can also open investigations into accounts that have been used for illegal purposes, and Proton is obliged by law to respond to court orders issued by Swiss authorities.

How Proton Drive keeps your data secure

You can read Proton Drive’s security and encryption model(new window) to learn more about how it keeps your data secure. We’re confident that Proton Drive’s encryption makes it the most secure and private cloud storage service available today. 

As part of our commitment to keeping it that way, Proton Drive is open source, so anybody can check our software and confirm that it works as advertised. Finally, all Proton services also undergo periodic independent third-party security reviews, and Proton Drive is no exception. 

Protect your privacy with Proton
Create a free account

Share this page

Proton Team(new window)

We are scientists, engineers, and specialists from around the world drawn together by a shared vision of protecting freedom and privacy online. Proton was born out of a desire to build an internet that puts people before profits, and we're working to create a world where everyone is in control of their digital lives.

Related articles

How to share a PDF
  • Основы конфиденциальности
Sharing a PDF with coworkers, friends, or family members can sometimes be trickier than it seems if you’re trying to share a large file or if you want to use secure encryption. In this article, we show you how to share any PDF quickly, easily, and se
Proton Pass for Windows
Proton Pass is launching its new app for Windows, allowing you to access our password manager from your desktop. As one of our community’s most requested features, it’s available to everyone starting today. Proton Pass is the centerpiece of our effo
password policy
Businesses are increasingly dealing with the fallout from cybercrime: The number of attacks is on the rise and the damage done is growing exponentially. One of the most common vulnerabilities for organizations are their passwords. Since they are your
How to free up disk space
  • Основы конфиденциальности
If you’ve ever owned an electronic device of any kind, you know the struggle of running out of space. No matter if it’s a smartphone, laptop, or desktop computer, there never seems to be enough room for all your files. Let’s show you some simple ways
What is 3-2-1 backup
  • Основы конфиденциальности
Data backup is vital for businesses and individuals alike: In case something happens to your primary computer, you always have a copy of your data to fall back on.  How should you approach backup, though? The 3-2-1 rule can act as a guide when decid
  • Основы конфиденциальности
What was your first pet’s name? In what city were you born?  We’ve all had to answer these questions to reset a long-forgotten password, but consider how that works. Much of this information is easy to find for others (or easily forgotten by you), m