ProtonBlog
Illustration of alternative routing

Introducing alternative routing to prevent censorship of Proton apps

(This article has been updated from the original feature announcement to reflect the fact that alternative routing is now in full operation.)

Alternative routing is an anti-censorship system that can help you access our website if your government, ISP, or network administrator has blocked Proton services. In this post, we discuss the measures Proton is taking to ensure that our services are highly available, even in countries with censorship.

First, you don’t have to configure any settings to take advantage of alternative routing, which routes network connections to Proton servers differently to evade certain types of blocks. This system works automatically to let you use the Proton apps(new window). And it only kicks in if we think you’re being censored. This feature is unfortunately not available for our websites, but it will work on all mobile and desktop apps (both Proton Mail and Proton VPN). 

Note, using Proton VPN is also an effective way to bypass many forms of censorship, and Proton VPN is available for all Proton users (just go to protonvpn.com/download(new window), install the app for your device, and log in with your Proton account).

In this article, we’ll describe some important information about alternative routing, and why this is an important step forward in our mission to provide privacy and security to all.

Why Proton requires anti-censorship measures

Our mission is to make it easy for anyone to keep their personal information safe. Our easy-to-use, encrypted services — Proton Mail(new window), Proton VPN(new window), Proton Calendar (in beta), and Proton Drive (in development) — make it much harder to spy on you, steal your information, or misuse your private data.

Because of this, some actors(new window) want to(new window) threaten(new window) our mission(new window). Over the years, certain countries have made attempts (generally unsuccessful) to block access to Proton services.

While we have largely been able to overcome censorship and attacks, it’s imperative that we remain one step ahead of those who would seek to spy on people and restrict the freedom of information. Alternative routing is an additional capability which helps us ensure users can access our services.

The vast majority of our users will never need this system because Proton is very rarely blocked. But in critical situations for a small minority of users, this feature provides a seamless way to continue accessing your inbox or connecting to VPN.

When this feature is released in the coming weeks, our apps will automatically detect when a connection might be subject to censorship, and try alternative paths to establish a connection to Proton servers. While this method will not always succeed, in many cases it can be effective in bypassing certain blocks. This is an active area of research for our team, so over time, our anti-censorship capabilities will also get better and better over subsequent releases.

Typically, alternative routing is not used; we will only fall back to this method if we suspect Proton is being blocked in your location. We have made this alternate routing opt-out by default because it will only trigger in the rare instances when attempts to censor Proton are detected and because these attempts can occur without notice. Once Proton services are blocked, we do not have the ability to reach out to our users to inform them they should activate this feature.

However, we recognize there are trade-offs, which is why in the Settings of all of our apps you will have the option to turn off alternative routing if you never want it to be used.

Important things to know about alternative routing

Like most solutions to difficult problems, our anti-censorship system is not without drawbacks. Therefore, we have made this system optional, and you can turn it off in your app settings. 

Because blocking Proton usually involves targeting Proton infrastructure, alternative routing requires us to use third-party infrastructure and networks we do not control, some of which might belong to companies such as Amazon, Cloudflare, Google, etc., which may not have a good track record of privacy. Note, these third parties cannot see your actual data. All data transferred over third-party networks will remain encrypted at all times, just like the data that is transmitted via your ISP when you connect to Proton services regularly. However, these third parties could see your IP address and the fact that you are trying to connect to Proton. 

Additionally, we’ve had to customize TLS encryption to make the alternative routing work. TLS is the encryption protocol used in HTTPS, and it depends on certificate authorities to authenticate servers. Because censors require this information to identify targets, we are using public key pinning instead. This provides equally strong encryption but can be problematic if our server is somehow compromised.

In our view, these issues should not matter for most people, but if you are concerned about this, you can turn off alternative routing. However, this may mean you will be unable to access your Proton account if you are on a network that is censoring Proton. We will be updating our Privacy Policy to also include information about alternative routing.

What we’re working toward

At Proton, we have spent the last several months aggressively combating censorship around the world. We are the email and VPN provider of choice for many activists and pro-democracy movements(new window) around the world, and we will continue fighting to provide secure and private Internet services for all who need them.

That’s why we have spoken out against censorship in the UK(new window) while also developing new technologies to help users bypass blocks. For instance, Proton VPN for Android now offers more protocols(new window), making it more difficult to be blocked or censored. We have also made the APK available for download on Github(new window) so you can still download our app even if Google Play is blocked in your location.

More anti-censorship measures are coming, and we will be sharing additional updates as they become available. Follow us on social media to be informed of the latest updates.

Thank you for your support — it’s because of our community that we’re able to invest in making the Internet open and accessible.

You can get a free secure email account from Proton Mail here.

We also provide a free VPN service(new window) to protect your privacy.

Proton Mail and Proton VPN are funded by community contributions. If you would like to support our development efforts, you can upgrade to a paid plan(new window). Thank you for your support.

Обеспечьте конфиденциальность своих данных с Proton
Создать бесплатный аккаунт

Статьи по теме

en
  • Основы конфиденциальности
Identity theft is a major sector of criminal activity. About 24 million people fell victim in the United States alone in 2021, costing them over $16 billion. Credit card fraud is the most common type, but criminals target all kinds of personal data.
en
  • Основы конфиденциальности
Google is one of the biggest obstacles to privacy. The Big Tech giant may offer quick access to information online, but it also controls vast amounts of your personal or business data. Recently, more people are becoming aware of the actual price you
What to do if someone steals your Social Security number
en
  • Основы конфиденциальности
If you’re a United States citizen or permanent resident, you have a Social Security number (SSN). This number is the linchpin of much of your existence, linked to everything from your tax records to your credit cards. Theft is a massive problem, whic
compromised passwords
en
  • Основы конфиденциальности
Compromised passwords are a common issue and probably one of the biggest cybersecurity threats for regular people. How do passwords get compromised, and is there anything you can do to prevent it? * What does compromised password mean? * How do pa
Is WeTransfer safe?
en
  • Основы конфиденциальности
WeTransfer is a popular service used by millions worldwide to send large files. You may have wondered if it’s safe or whether you should use it to share sensitive files. We answer these questions below and present a WeTransfer alternative that may su
what is a dictionary attack
en
  • Основы конфиденциальности
Dictionary attacks are a common method hackers use to try to crack passwords and break into online accounts.  While these attacks may be effective against people with poor account security, it’s extremely easy to protect yourself against them by usi