So I’ve read blog posts, articles, and Wikipedia pages for like 2 hours about Proton VPN because I’m interested in it, but this Secure Core thing is bugging me out
If I don’t want my data to directly go to a US server for example, I’d use Secure Core to make my data go through Switzerland, then the US. But then, why couldn’t I just connect to Switzerland, and not use the additional US server? I feel like it just adds a server, thus slows the connection for no real benefit? (I know I’m very probably wrong, I just want some info)
Let’s say you need to connect to a US VPN to access a geo locked resource, but you don’t want your ISP to know you’re connecting to a US address. You connect to Switzerland and then to the US.
That way, you’re able to access the resource, but someone monitoring your traffic will only see you connecting to Switzerland.
Second case scenario is if a server becomes compromised for any reason. In that case, one server knows who the user is and the other server knows what resources the user accessed. But, a single server being compromised will not give the information about both the users and the content accessed.
To use your example, in some cases, a website requires you to have a US-based IP address, so you want your exit server to be a US one. You can learn more here: https://protonvpn.com/support/secure-core-vpn
If you’re not using Secure Core, it will look like this. You<–>Proton Server<–>Web Site. Even without the logs from Proton, if the authority of the country the Proton Server is in can monitor the traffic around it for long enough, there’s still a possibility that they can figure things out. For example, the Proton Server is accessing this specific site everyday around 3 am to 4 am and only a few people are accessing the Proton Server everyday from 3 am to 4 am as well.
Now if you turn on Secure Core, it will look like this. You<–>Secure Core<–>Proton Server<–>Web Site. In this case, even if you’re targeted by the authority, all they can see is you’re accessing the Secure Core everyday but they can’t see where the real destination is. The “secure” cores are in countries with strong legal protection and physical protection as well, like running in an underground data center or former military base.
It routes your data through a Proton server in a non-5 Eyes country before landing you on a server in a 5 Eyes country.
If you don’t know what 5 Eyes is, you’re likely part of the 95% run-of-the-mill VPN users who doesn’t need Secure Core. However I’d wager that many Proton Suite subscribers are in that other 5%.
Let’s say you are a whistleblower at a giant aerospace and defense company, and want to expose their gross mismanagement and wrongdoing. So you go to an anonymous forum and air your grievances. But the company has powerful lawyers and government connections, and they convince a court to compel the forum hosting provider to give them your connection logs, which include your IP address and the times you accessed the site.
Normally this would be a dead end, since the IP leads back to a VPN that doesn’t keep logs. But this time things are different; the company is extremely determined to unmask the whistleblower and enlists the help of ISPs and law enforcement to log everyone who connects to that particular VPN server. From there they can match the forum login times with everyone who was using the VPN at that time, and compare billing records with the employee database to single out the whistleblower.
But add in a second country and VPN node, and such a “correlation attack” becomes ineffective without cooperation and coordination between both countries.
It’s very similar in concept to the TOR network. Getting bounced around multiple times, especially with your input node being in a privacy friendly country really decreases the risk of both correlation attacks and node takeover attacks.
That being said, if you’re not actively concerned about something monitoring you at that level (governments, billion dollar corporations), you don’t really need to use it. Correlation and node takeover attacks are usually used by large players to take out large players. I believe one of the silk road remakes went down this way, but I could be wrong.
I’d wager that 95% of VPN users outside of totalitarian regimes are using their service to access iPlayer / Netflix / CBC / foreign news sites from a location where they can’t normally get it. The sheer volume of people asking for updates on the ProtonVPN Apple TV app in this subreddit alone is enough to prove that point.
Nobody at MI6 is going to come after you because you wanted to watch the Glastonbury concerts from America. Secure Core is not meant for those users.
On the flipside, those trying to access Twitter from Brazil right now should probably use Secure Core.
For those engaging in higher risk activities, legal or otherwise, they may benefit from using Secure Core. But if you can’t think of any use for a VPN outside of bypassing your iPhone’s location services, you probably don’t need it.
Thanks a lot for your explanation, but if let’s say I’d connect at 12:14 on the website, and send what I typed at 12:40
Even with secure core, wouldn’t they be able to tell that my particular computer has sent data packets to the VPN exactly at 12:14 (which would be the login), received data packets just after (would be loading the website), and sent packets at 12:40 (which would be posting what I typed)?
And even maybe, wouldn’t the ISP be able to know that at 12:14 I received 120KB of data (which would be the website size), and on their side when they load the website, they also receive exactly 120KB of data, which would very likely mean that I’ve received those packets from the website?
One can only guess the extends of the capabilities of timing and correlation attacks. Especially which modern AI technologies. There are defenses against this such as DAITA, which Proton does not offer.
But honestly if your threat model involves such attacks you’d might want to consider using Tor.
If you leave the app open while connected, you will see that it constantly generates background traffic even when you aren’t loading any websites, so for files of less than a few MB, attempting to identify the contents of the transmission that way would be wildly inaccurate, especially if you have other websites open at the same time. Your computer also generates its own traffic, e.g. checking for updates, apps refreshing in the background. All of this traffic flows through the encrypted VPN tunnel (assuming you’ve set it up correctly) and the ISP won’t see what is what.
Especially if you log into the VPN well ahead of time and leave it running.
Furthermore, you are not the only one using the VPN; others are using it at the same time, and the connection between the entry and exit nodes is also encrypted. So if you connect to US via Switzerland, this is what each link in the chain sees.
Your ISP (US)
You are connected to VPN1 (Switzerland).
All of your traffic is encrypted and going through VPN1.
ISP does not see VPN2 or Website.
VPN1 (Switzerland)
You are connected from ISP (US).
You are connected to VPN2 (US).
All of your traffic is encrypted and going through VPN2.
VPN1 does not see Website.
VPN2 (US)
You are connected from VPN1 (Switzerland).
You are connected to Website.
VPN2 does not see ISP.
Website
You are connected from VPN2 (US).
Website does not see ISP or VPN1.
In short, there is no single link along the chain that can see the traffic at both the source and destination. To do that would take a team effort from authorities in the US, Switzerland, and potentially a third country if the website isn’t hosted in either two. And the Swiss are unlikely to comply with such a request unless it deals with international crimes like terrorism, not a simple breach of contract/NDA.
I find myself debating between using Secure Core or a direct connection to Switzerland, Sweden or Iceland:
Option 1: Direct connect to Switzerland, Sweden or Iceland. This ensures my exit IP is in a privacy friendly country. But no guarantee the server I use is actually owned by Proton.
Option 2: Secure Core connection. This ensures the entry server is owned by Proton. But my exit will not be in a privacy friendly country (CH,SW,IS).
(btw, is reddit shadowbanning all my comments until manual approval?)