(This article has been updated from the original feature announcement to reflect the fact that alternative routing is now in full operation.)
Alternative routing is an anti-censorship system that can help you access our website if your government, ISP, or network administrator has blocked Proton services. In this post, we discuss the measures Proton is taking to ensure that our services are highly available, even in countries with censorship.
First, you don’t have to configure any settings to take advantage of alternative routing, which routes network connections to Proton servers differently to evade certain types of blocks. This system works automatically to let you use the Proton apps(новое окно). And it only kicks in if we think you’re being censored. This feature is unfortunately not available for our websites, but it will work on all mobile and desktop apps (both Proton Mail and Proton VPN).
Note, using Proton VPN is also an effective way to bypass many forms of censorship, and Proton VPN is available for all Proton users (just go to protonvpn.com/download(новое окно), install the app for your device, and log in with your Proton account).
In this article, we’ll describe some important information about alternative routing, and why this is an important step forward in our mission to provide privacy and security to all.
Why Proton requires anti-censorship measures
Our mission is to make it easy for anyone to keep their personal information safe. Our easy-to-use, encrypted services — Proton Mail(новое окно), Proton VPN(новое окно), Proton Calendar (in beta), and Proton Drive (in development) — make it much harder to spy on you, steal your information, or misuse your private data.
Because of this, some actors(новое окно) want to(новое окно) threaten(новое окно) our mission(новое окно). Over the years, certain countries have made attempts (generally unsuccessful) to block access to Proton services.
While we have largely been able to overcome censorship and attacks, it’s imperative that we remain one step ahead of those who would seek to spy on people and restrict the freedom of information. Alternative routing is an additional capability which helps us ensure users can access our services.
The vast majority of our users will never need this system because Proton is very rarely blocked. But in critical situations for a small minority of users, this feature provides a seamless way to continue accessing your inbox or connecting to VPN.
When this feature is released in the coming weeks, our apps will automatically detect when a connection might be subject to censorship, and try alternative paths to establish a connection to Proton servers. While this method will not always succeed, in many cases it can be effective in bypassing certain blocks. This is an active area of research for our team, so over time, our anti-censorship capabilities will also get better and better over subsequent releases.
Typically, alternative routing is not used; we will only fall back to this method if we suspect Proton is being blocked in your location. We have made this alternate routing opt-out by default because it will only trigger in the rare instances when attempts to censor Proton are detected and because these attempts can occur without notice. Once Proton services are blocked, we do not have the ability to reach out to our users to inform them they should activate this feature.
However, we recognize there are trade-offs, which is why in the Settings of all of our apps you will have the option to turn off alternative routing if you never want it to be used.
Important things to know about alternative routing
Like most solutions to difficult problems, our anti-censorship system is not without drawbacks. Therefore, we have made this system optional, and you can turn it off in your app settings.
Because blocking Proton usually involves targeting Proton infrastructure, alternative routing requires us to use third-party infrastructure and networks we do not control, some of which might belong to companies such as Amazon, Cloudflare, Google, etc., which may not have a good track record of privacy. Note, these third parties cannot see your actual data. All data transferred over third-party networks will remain encrypted at all times, just like the data that is transmitted via your ISP when you connect to Proton services regularly. However, these third parties could see your IP address and the fact that you are trying to connect to Proton.
Additionally, we’ve had to customize TLS encryption to make the alternative routing work. TLS is the encryption protocol used in HTTPS, and it depends on certificate authorities to authenticate servers. Because censors require this information to identify targets, we are using public key pinning instead. This provides equally strong encryption but can be problematic if our server is somehow compromised.
In our view, these issues should not matter for most people, but if you are concerned about this, you can turn off alternative routing. However, this may mean you will be unable to access your Proton account if you are on a network that is censoring Proton. We will be updating our Privacy Policy to also include information about alternative routing.
What we’re working toward
At Proton, we have spent the last several months aggressively combating censorship around the world. We are the email and VPN provider of choice for many activists and pro-democracy movements(новое окно) around the world, and we will continue fighting to provide secure and private Internet services for all who need them.
That’s why we have spoken out against censorship in the UK(новое окно) while also developing new technologies to help users bypass blocks. For instance, Proton VPN for Android now offers more protocols(новое окно), making it more difficult to be blocked or censored. We have also made the APK available for download on Github(новое ок�но) so you can still download our app even if Google Play is blocked in your location.
More anti-censorship measures are coming, and we will be sharing additional updates as they become available. Follow us on social media to be informed of the latest updates.
Thank you for your support — it’s because of our community that we’re able to invest in making the Internet open and accessible.
You can get a free secure email account from Proton Mail here.
We also provide a free VPN service(новое окно) to protect your privacy.
Proton Mail and Proton VPN are funded by community contributions. If you would like to support our development efforts, you can upgrade to a paid plan(новое окно). Thank you for your support.
