But the problem is also widespread. A record 35 countries blocked access to the internet in 2022, according to Access Now. Many of these countries, like Myanmar and Iran, are run by authoritarian leaders, but the worst offender in 2022 was India, the world’s most populous democracy. It imposed over 80 internet blackouts, most of which affected the contested regions of Kashmir and Jammu. 

This being said, there are some glimmers of hope: According to Freedom House, 26 countries saw their internet freedom improve, including the United States, which is still one of the most influential online spaces globally. There’s also been a broader push by everyday people worldwide to fight back against internet censorship. People everywhere are fighting to restore access to the open internet, either in the courts or by downloading and using VPNs to bypass the blocks. 

For this year’s World Day Against Cyber Censorship, we’ll look at how fighting for a free and open internet is integral to Proton VPN and the future of censorship.

We built Proton VPN to fight censorship

We launched Proton VPN in 2017, roughly three years after we launched our end-to-end encrypted email service, Proton Mail. We launched Proton Mail in response to the Snowden revelations that exposed a global system of mass surveillance. As an end-to-end encrypted email service that could protect people’s messages, Proton Mail became popular with journalists worldwide who used it to communicate with their sources. In many places with authoritarian governments, Proton Mail ended up getting blocked. This gave us the idea to launch Proton VPN. 

Authoritarian governments, including Turkey, Russia, and Belarus, still occasionally attempt to block Proton Mail, but Proton VPN makes it much more difficult. Since 2017, Proton VPN has grown to help millions of people all around the world access crucial information, stay in touch with friends and family, and express themselves in the face of online censorship. 

We view the freedom of expression and the freedom of information as vital human rights, and we’ve worked with anti-censorship organizations worldwide to fight for a free and open internet. This effort has been led by the Proton community. Thanks to your support, we’ve been able to donate to vital anti-censorship technologies, including:

• WireGuard
• Tails
• Tor

You’ve also enabled us to work with organizations that provide vital support to journalists and fight censorship in all its forms, including:

• Sponsoring a Reporters Without Borders (RSF) journalist digital security program
• Partnering with RSF
• Leading a training session with the Second Asian Investigative Journalism Conference in Kathmandu, Nepal
• Partnering with Deutsche Welle
• Supporting Access Now
• Supporting Netblocks

None of this would have been possible without the support and generosity of the Proton community. Every person that subscribes to a paid plan helps fund our work that is providing vital internet access. It’s thanks to you that we have been able to stand up for online freedoms in Hong Kong, Russia, and other authoritarian countries. 

We hope every member of the Proton community is proud of the work they’ve enabled.

You’re enabling online freedom

People have learned that Proton VPN is an effective way of accessing the uncensored internet, and we have become a lifeline for those in need. 

VPNs, in general, are effective tools for bypassing online censorship because they allow people to shield their browsing habits from their internet service provider (ISP). Typically, when a government wants to censor specific websites or social media, it instructs the national ISPs to block connections to those sites. When you connect to a VPN, your connection is encrypted, and the ISP can’t see what website you’re visiting. It can only sees that you’re connected to a VPN server. The VPN then handles your connection, allowing you to safely access the uncensored web. 

Proton VPN goes beyond standard VPNs with our complement of anti-censorship features, all of which are available with our Free plan:

• Stealth — A WireGuard-based VPN protocol that obfuscates your VPN traffic and makes it look like normal HTTPS internet traffic, making it hard to detect and block. 
• Smart Protocol  — This feature automatically detects censorship attempts and selects the best VPN protocol to help you bypass the block. 
• Alternative routing —This feature automatically detects attempts to block your connection to our service and bypasses them by rerouting your connection over third-party services, like AWS. 

The Proton community’s support also has allowed us to provide the best free VPN service available. Our Proton VPN Free plan has no data limits, no artificial connection speed limits, no ads, and keeps no logs, making it the perfect tool for those in dire need. 

Resisting the next wave of censorship

Unfortunately, fighting the censors deployed by authoritarian regimes is a cat-and-mouse game. We develop a new VPN protocol, the censors work on fine-tuning their deep packet inspection tools to detect it. But it seems like we’re rapidly approaching an inflection point. 

Despite the persistent and pervasive online censorship, the internet is still mostly global. Only China has been effective at cutting nearly all ties between its internet and the global internet. But there’s evidence that other countries might attempt to replicate its model. Russia has been experimenting with creating its own “splinternet” for years, and the invasion of Ukraine might be what finally launches it. And according to Freedom House, there’s evidence that Belarus, Cuba, India, Iran, Rwanda, and Singapore have taken steps toward detaching their internet from the rest of the globe’s as well. 

This would represent a new phase in online censorship that we all need to resist. But as long as governments use censorship to try to control their citizens, the Proton community will be ready to fight back.

At Proton, our goal is to give everyone privacy and security online, so join us. Together, we can build a better internet where privacy is the default.

The post The fight against censorship has never been more important appeared first on Proton VPN Blog.

Deutsche Welle (DW) is Germany’s international news organization that provides accurate and independent coverage and analysis of events worldwide. While DW is state-funded, it’s governed by the Deutsche Welle Act, which is intended to keep it independent and free of government interference. 

DW is available in 32 languages, making it an invaluable news source, especially in countries where authoritarian governments censor objective reporting. These regimes often see DW as a threat and the governments of Turkey, Iran, and Russia have blocked DW’s TV channel and website.

In the fall of 2022, DW came to Proton to see if we could help them make their independent reporting available all around the world. Proton VPN is one of the most widely used VPNs when people need to bypass online censorship. We’ve become the VPN people turn to when all others are blocked. We view this as a vital part of our work to build a better internet.

That’s why we’re excited to announce that we’re partnering with DW to ensure that the people who need it most can access a credible and objective news source for free. Simply look for the specially-labeled DW servers in all our Free locations (United Sates, Japan, and Netherlands), or search for “news”.

Connecting to a DW server will provide you with direct, unlimited, high-speed access to the DW website, including all live streaming and video-on-demand content.

Fighting for a better internet

Internet censorship is unfortunately becoming commonplace, but we believe our partnership with DW, which is the first of its kind, is an effective way to fight back. Given DW’s work in the face of persistent internet blocks, our partnership is a natural extension of our work, even if it has no precedent. 

We believe we all have a responsibility to stand up and defend human rights, especially in places where they are under assault. Together, DW and Proton are dedicated to providing everyone with the ability to access the information they need. And because these servers function as VPN servers, they also protect DW’s readers from government surveillance. 

“We are very happy to be partnering with a company that is just as dedicated as we at DW are to protecting the online privacy of activists, journalists and others while providing them with free, unrestricted access to the open Internet,” said Guido Baumhauer, the Managing Director of Distribution, Marketing, and Technology at DW.

We’ve focused on turning Proton VPN into one of the most censorship-resistant VPNs currently available. Thanks to the support of the Proton community, we’ve been able to develop novel anti-censorship features, including:

• Smart Protocol — Detects attempts to block your VPN connection and automatically selects the VPN protocol and IP port that will bypass the block
• Alternative Routing — Bypasses advanced VPN block attempts by routing your connection over hard-to-trace third-party networks
• Stealth VPN protocol — Obfuscates your VPN connection to make it look like a standard internet connection

We hope that through this partnership, we can help DW deliver accurate news to people living behind the veil of state-imposed censorship. 

The post Deutsche Welle and Proton VPN team up to fight censorship appeared first on Proton VPN Blog.

Find out which browsers are best for your privacy

• How to block third-party cookies on your browser

If you want to keep your online activity private, a virtual private network (VPN), such as Proton VPN, will prevent the websites you visit from knowing your IP address, the unique number assigned to your internet connection by your internet service provider (ISP). 

This is good because websites can easily use your IP address to uniquely identify you, know your rough geographic location, and track you when you visit other websites.

However, your IP address is not the only way websites can track you across the internet. Despite the rise in browser and device fingerprinting, the most common method for such tracking is still third-party cookies. 

What are cookies?

Cookies are small text files that are stored on your browser when you visit a website. When you revisit the website, it can retrieve and read its cookies, letting it remember things about you. 

Cookies can perform many useful tasks, such as remembering that you’re logged in, what your preferences are, which language you speak, what’s in your shopping basket, and so on.

Cookies used by a website to facilitate and enhance its own functionality are known as first-party cookies. These are usually benign, and attempts to block them will likely reduce a website’s usability or even break it entirely. That’s why it’s not usually a good idea to block first-party cookies. 

What are third-party cookies?

Much more insidious are third-party cookies. These cookies are stored on your browser by websites other than the ones you visit (in other words, by third parties). Their purpose is almost entirely to track your behavior on different websites.

These third parties are typically advertising companies such as Google, or social media networks such as Facebook, TikTok, and Twitter, all of which rely heavily on knowing as much about you as possible to keep you engaged and serve you with highly-targeted ads. 

How do third-party cookies work?

Websites often host JavaScript from other (third-party) websites. Typical examples include social media Like buttons, third-party live chat support windows, and website analytics platforms such as Google Ads and Adsense (also run by Google). 

Although these cookies can improve the functionality of a website, they can also expose your information to parties you didn’t even know were present. For example, if a website uses Google Analytics, that website can trace your activity on its site, but so can Google. 

This allows whoever created the cookie in the first place to keep track of all the websites you visit, and often also what you did on those websites. If you visit a shopping website for example, third-party cookies can record which items you look at and pass this information on to its creators. 

Cookies and EU law

The ePrivacy Directive (known often as the “EU cookie law”) came into effect in 2012. It requires all websites to ask anyone who visits them using a European Union (EU) IP address for explicit consent before placing cookies on their browser. 

In theory, this should give EU citizens control over all third-party cookies placed on their browsers. However, this hasn’t been an effective policy for the following reasons: 

• Not all websites respect the law. 
• Many websites make it difficult to quickly block third-party cookies without blocking all cookies. 
• Bombarded with extensive cookie consent options for every website they visit, many (if not most) people simply accept all cookies because it’s the easiest option.

Netshield Ad-blocker

If you have a paid Proton VPN plan, you can use our NetShield Ad-blocker feature. This DNS filter doesn’t specifically block third-party cookies, but it does block many of the third-party scripts that load cookies onto your browser.

Learn more about NetShield Ad-blocker

How to block third-party cookies on your browser

• Firefox (desktop)
• Firefox (Android)
• Firefox (iOS and iPadOS)
• Chrome, Chromium, Brave, and Opera (desktop)
• Brave (Android)
• Opera (Android)
• Microsoft Edge (Windows)
• Safari (macOS)
• All browsers (iOS and iPadOS)
• Vivaldi (desktop)

Firefox (desktop)

1. Go to ☰ → Settings → Privacy & Security → Browser Privacy → Enhanced Tracking Protection → Custom. 

2. Ensure the Cookies checkbox is selected and select the level of cookie protection you’d like from the dropdown menu. 

Firefox provides several options to block the worst types of third-party cookies, making it easier for you to protect your privacy without breaking the websites you visit. You can also just block all third-party cookies. 

Firefox (Android)

1. Go to ⋮ → Settings → Privacy and security → Enhanced Tracking Protection → Custom. 

2. Ensure the Cookies checkbox is selected and choose the level of cookie protection you’d like from the dropdown menu. 

The Firefox Android app provides several options to block the worst types of third-party cookies, making it possible to browse privately without breaking the websites you visit. You can also block all third-party cookies. 

A similar setting can be found on Firefox Focus for Android by going to ⋮ → Settings → Privacy and security → Cookies and Site Data → Block cookies. 

Firefox (iOS and iPadOS)

On iOS and iPadOS, all third-party cookies should be blocked by default. However, Firefox and Firefox Focus on iOS/iPadOS have an additional setting:

1. Go to ☰ → Settings → Privacy →Tracking Protection → Strict.

This setting blocks a great deal more than just third-party-cookies, but the in-app documentation notes that it blocks “Cross-Site Trackers — These cookies follow you from site to site to gather data about what you do online. They are set by third parties, such as advertisers and analytics companies”. 

You can find a similar setting in Firefox Focus for iOS by going to ⋮ → Settings → Tracking Protection → Enhanced Tracking Protection. Third-party cookies are not specifically mentioned, but you can block various trackers and scripts based on their purpose (advertising, analytics, and social blocking are enabled by default). 

Chrome, Chromium, Brave, and Opera (desktop)

Go to ⋮ or ☰ → Settings (or Go to full browser settings on Opera) → Privacy and security → Cookies and other site data and select Block third-party cookies.

Brave (Android)

Go to ⋮ → Settings → Brave Shields and privacy → Block Cookies and select Block cross-site cookies. 

As with all browsers on iOS and iPadOS, third-party cookies on Brave are blocked by default (see below). There is an additional option to block cross-site trackers (⋯ → Settings → Brave Shields & Privacy → Block Cross-Site Trackers). 

Opera (Android)

Go to Settings (gear icon) → Privacy → Cookies and select Enabled, excluding third-party.

Microsoft Edge (Windows)

1. Go to ⋯ → Settings → Cookies and site permissions → Cookies and data stored → Manage and delete cookies and site data → Block third-party cookies.

Safari (macOS)

Safari on macOS blocks all third-party cookies (and many other forms of cross-site tracking) by default. To check this, open Safari and go to the macOS menu bar → Safari → Settings → Privacy tab and ensure Website tracking: Prevent cross-site tracking is enabled. 

By default, macOS allows advertisers to measure their performance without associating your ad activity with you. If you’re not comfortable with this, you can disable it in the Privacy tab by unchecking Web advertising: Allow privacy-preserving measurement of ad effectiveness. 

iOS and iPadOS (all browsers)

As part of the WebKit engine that all browsers on iOS and iPadOS must use, all third-party cookies are blocked by default on iOS 14+ and iPadOS 14+. To check this setting is enabled, go to Settings → [your browser] → and Allow Cross-Website Tracking is switched off. 

Safari on iOS and iPadOS allows advertisers to measure their performance without associating your ad activity with you. If you’re not comfortable with this, you can disable it by going to Settings → Safari → Privacy & Security and toggling the Privacy Preserving Ad Measurement switch off. 

Vivaldi (desktop)

Go to Settings (gear icon to the bottom left) → Privacy and Security → Third-Party Cookies and select Block All. 

Final thoughts

Blocking third-party cookies in your browser is an important part of preserving your privacy online. Other important steps you can take are:

• Use a VPN (such as Proton VPN) to hide your real IP address
• Use a script-blocker (such as Proton VPN’s built-in NetShield Ad-blocker feature) to prevent advertising, trackering, and other malicious scripts on web pages
• Use a browser that is resistant to fingerprinting. Fingerprinting is hard to block, but some are better at it than others.

Frequently asked questions

How can I tell that websites use third-party cookies

It is easy to see what third-party cookies are hosted on a web page using the Chrome browser. Hit F12 to open Developer Tools and go to the Application tab (you may need to click ≫ to see it) → Storage → Cookies. 

Any cookies that belong to domains other than the website you’re visiting are third-party cookies.

This example shows a reddit page that hosts a third-party cookie from Twitter. 

Can third-party cookies be useful to the user?

The scripts that set third-party cookies can be useful. For example, scripts that load a live chat support window make it easier for you to get help. Third-party cookies themselves, however, are almost invariably used by advertisers to track your browsing history and online activity (with the end goal of using that data to show you personalized ads)..  

These tracking cookies offer you no benefit besides (questionably) more relevant ads. 

Are third-party cookies safe?

Cookies are safe in that they cannot carry viruses or other malware, so they can’t directly harm you or your device. The danger they represent is to your online privacy — they allow advertisers and social media services to identify you, track your online activities, and even to monitor your interactions on websites (for example, by logging everything you look at on a website).

Do I need to block third party cookies and use NetShield Ad-blocker

It’s a good idea. NetShield Ad-blocker blocks scripts from a list of domains that we consider to be actively malicious, or simply of no value to most people who use Proton VPN. 

However, it doesn’t block domains that people actually want to use, such as Twitter or Facebook, and so does not block all third party cookies.

On the other hand, NetShield Ad-blocker can block many non-cookie-related scripts that can track you in other ways (such as fingerprinting) or which may otherwise harm you (such as scripts that inject malware onto your device). 

In addition to this, NetShield Ad-blocker helps protect your entire internet connection, not just threats from inside your browser. For example, mobile games often load ads from third-party domains. NetShield Ad-blocker can block these, but changing the cookie preferences in your browser won’t. 

We therefore recommend blocking third party cookies in your browser and also using NetShield Ad-blocker. 

The post How to block third-party cookies on all browsers appeared first on Proton VPN Blog.

In this article, we discuss what Permanent Kill Switch does, how to enable it, and how it differs from our regular kill switch feature.

What is a kill switch?

Our kill switch feature blocks all external network traffic to and from your device until the app automatically re-establishes a connection to the same VPN server. This prevents your real IP address from being accidentally exposed on the internet if your VPN session is disrupted (for example, when you change your WiFi network or encounter technical issues). 

The kill switch only engages when you start a VPN connection, and is disabled when you manually disconnect the VPN or shut down your device. 

What is our permanent kill switch?

The permanent kill switch prevents all outgoing and incoming connections outside the VPN interface. This means that your device will not be able to access the internet unless you connect to one of our VPN servers. This includes if you manually disconnect the VPN and when your device is shutting down and starting up. 

When the permanent kill switch is enabled, you can‘t access the internet unless you connect to a Proton VPN server. 

How to use the permanent kill switch

A Kill Switch icon is now located in the Quick Settings bar of the Proton VPN Windows and Linux apps. Click on it to show all kill switch options. You can enable the Kill Switch, enable the Permanent Kill Switch, or turn Kill Switch Off (this disables both types of Kill Switch).

Learn more about how to use the permanent kill Switch

How does the permanent kill Switch work?

On Windows, our kill switch and permanent kill switch features use the Windows Filtering Platform, deploying specific filters to block connections outside the VPN interface.

The kill switch uses dynamic filters to block all incoming and outgoing connections when an existing VPN connection drops. It only allows our app to try to reconnect to the last server used. 

The permanent kill switch uses persistent filters that force all outgoing internet connections to go through the VPN interface. If the VPN is not connected for any reason, no internet connections are possible.

On Linux, we create a dummy network interface and redirect all outgoing traffic there to block connections.

Final thoughts

Our team is always developing new ways to improve security and protect your privacy. The permanent kill switch achieves both these aims while also being very easy to use. 

The permanent kill switch provides an additional way to protect your privacy online by ensuring that you never accidentally access the internet without the protection using a VPN brings.

Thank you for your continued support.

FAQ

The post Always stay secure with our permanent kill switch appeared first on Proton VPN Blog.

You asked, we listened. We are excited to announce the Proton VPN browser extension in beta, one of our most requested features. With the browser extension, you can:

• Easily protect your browser traffic with the VPN, without affecting speeds or the IP address of the other apps on your system. For example, you can browse privately without affecting the ping rates for online games. Or you can stream from another country in one browser while shopping for the best local deals in a different browser. 
• Connect to different VPN servers in different browsers
• Browse privately on your work computer while connected to your company VPN
• Browse privately on devices where you don’t have the admin rights to install a full VPN app
• Protect your privacy on low-end devices that struggle to run a full VPN app

The Proton VPN browser extension is available for Chromium-based browsers (such as Google Chrome, Brave, Microsoft Edge, Chromium, Opera, and Vivaldi) and Firefox-based browsers (including Firefox itself, LibreWolf, and Waterfox).

It is a premium feature available to everyone with a paid Proton VPN plan (Proton VPN Plus, Proton Unlimited, Proton Visionary, or Proton for Business).

What is the Proton VPN browser extension?

Our browser extension provides similar protection to our full VPN app, but it only encrypts your browser’s internet connection (using HTTPS). If you want to encrypt all the connections made by your device, you still need to download our app.

Learn how a VPN works

You can run the extension in as many different browsers as you like, and you can connect each browser to a different VPN server. Each browser running an active VPN connection does count towards the limit of ten simultaneous VPN connections.

For example, if traveling away from home, you could run Brave with the Proton VPN browser extension connected to a nearby VPN server to secure your browsing session using the fastest available server. At the same time, you could run Firefox with the Proton VPN browser extension connected to a server in your home country, so that you can easily access your favorite geo-restricted online services.

With this VPN extension, you can:

• Quickly and easily hide your browsing history from your internet service provider (ISP) and public WiFi hosts 
• Bypass censorship
• Prevent tracking from websites you visit by hiding your IP address
• Stream your favorite shows, movies, and live TV when traveling away from home 

All this happens within your browser. Connections made by your device’s operating system, other apps, and browsers not running our browser extension aren’t encrypted or routed through our VPN servers.

How to use the Proton VPN browser extension

1. Download the Proton VPN browser extension from the Chrome Web Store or Firefox Browser Add-ons. 

2. Sign in using your Proton VPN Account details.

3. Click the Quick Connect button or choose a country or individual server.

To use the Proton VPN browser extension, you must have a paid Proton VPN plan. If you are on our Free plan, you can upgrade to access this premium feature.

The Proton VPN browser extensions are stand-alone products, and you do not need the full Proton VPN app to use them. 

Please see our support article for more information on the Proton VPN browser extension.

Serving our community

We share your enthusiasm for a Proton VPN browser extension. It makes it very easy to protect your privacy, bypass censorship, and stream content in your browser with just a couple of clicks. 

And this is just the start. In the future, you’ll be able to use advanced features from our VPN app on our browser extension, like Secure Core and split tunneling.

As always with Proton VPN, the browser extension will be made open source so that you can trust (and verify) its code. This new extension will make it even simpler for more people to enjoy the peace of mind that comes from using a no-logs VPN service that’s based in Switzerland and trusted by millions of activists, journalists, and ordinary people around the world. 

The post Introducing the Proton VPN browser extension appeared first on Proton VPN Blog.

Learn more with our ultimate guide to torrenting

To share files this way, you need torrent downloader software, usually referred to as a BitTorrent (or just torrent) client. There are many torrent clients available, and most of them cost no money to download and use.

However, many of these “free” torrent clients are closed-source proprietary software. In addition to the inherent dangers of not being able to check what the software is really doing, this also means that many of them have a business model you should be aware (and, indeed, wary) of. 

This includes more popular torrent clients, such as uTorrent and the almost-identical official BitTorrent client, which are closed source and rely on intrusive ads for revenue. 

At Proton, we believe that open-source software that allows you to check the code for yourself is the only way to guarantee that you can trust an app. And when it comes to torrent clients, trusting your software is crucial because it can see what you are downloading and from where.  

1. Transmission
2. qBittorent
3. LibreTorrent
4. BiglyBT
5. Deluge

That’s why our list of best torrent clients for your privacy focuses solely on free and open-source (FOSS) options. Please note that, as far as we know, none of these clients have been independently audited. But neither have the closed-source alternatives. At least with these torrent clients, their code is open for anyone to inspect. 

Always use a VPN when torrenting

No matter which torrent client you choose, you should always use a VPN when torrenting. The decentralized distributed nature of P2P file sharing is one of its biggest strengths as a platform, but for it to work, you need to connect directly to other torrent users. 

This means anyone sharing a file with you (your “peers”) can see your real IP address. In the example below, we can see the IP address of everyone sharing a Linux Mint download. 

However, if you use a VPN, your peers will see the IP address of the VPN server instead of your real IP address. 

We also strongly recommend using a kill switch when torrenting, so your IP address will remain hidden even if the VPN disconnects in the middle of a download. 

Proton VPN does not endorse copyright infringement. The P2P clients discussed in this article should be used solely for the purpose of downloading legal content.

Learn more about how a VPN works

Proton VPN is a no-logs VPN service based in privacy-friendly Switzerland. With a paid Proton VPN plan, you can connect to any of our optimized torrent servers to download files safely and with peace of mind. You can easily identify torrent servers in our apps using the double-arrow icon next to them.

What to look for in a torrent client

Even the most bare-bones modern torrent clients include everything you need to torrent (except direct access to torrent files or magnet links). Other than being open source and ad-free or not, what sets torrent clients apart is the details .

Do you want a lean no-frills client that simply gets the job done, or do you enjoy playing around with lots of advanced features? Is there any particular feature you consider very important, such as binding to the VPN interface or automatic compatibility with Proton VPN manual port forwarding?  

Below, we look at what makes each of our favorite BitTorrent clients unique so you can decide yourself which suits you best.

Five top torrent clients for your privacy

1. Transmission

Platforms: macOS, Windows, Linux, FreeBSD

Pros

• Looks great
• Lightweight
• Fully-featured
• Works seamlessly with Proton VPN manual port forwarding

Cons

• No built-in RSS feed subscription

Transmission initially gained popularity as the only torrent client built from the ground up for macOS (complete with Dock and Growl support). Although it’s now available on all major desktop platforms, Transmission is still notable for offering native support on Apple Silicon (M1 and M2 ARM-based Macs) and for being one of the most aesthetically pleasing options available.

But there’s a lot more to Transmission than looks alone. A fully-featured torrent client, it supports watch directories, global and per-torrent speed limits, protocol encryption, tracker editing, web seeding, blocklists for bad peers, and more. 

A notable omission from Transmission’s feature list is that it doesn’t support subscribing to RSS feeds. Third-party plugins that add this functionality are available, but they aren’t as polished as the built-in solutions found on other clients. 

If you use Proton VPN to torrent on platforms other than Windows, you will appreciate that Transmission is the only torrent client verified to automatically work with manual port forwarding with no additional configuration needed. 

2. qBittorrent

Platforms: Windows, macOS, Linux. 

Pros

• Can bind to the VPN interface
• Lightweight
• Can stream video content
• Fully featured

Cons

• macOS is not well supported
• It’s easy to misconfigure binding to the VPN interface, which exposes your torrent traffic

qBittorrent is another lightweight, fullyfeatured open-source torrent client. Although available for all major desktop platforms, the official qBittorrent website notes that the macOS version is not well supported because there are currently no active macOS developers or contributors. 

qBitTorrent offers all the advanced features you’d expect from a modern torrent client, including BitTorrent protocol encryption, torrent prioritization, torrent querying, selective content download, torrent creation, remote access, and RSS subscription. It also allows you to search for torrents from the client (with the help of an array of optional plugins).

The stand-out feature of qBittorrent is the ability to bind the client to your VPN interface. This acts much like a VPN kill switch, preventing torrent connections that don’t use the VPN. 

Learn how to bind qBittorrent to the VPN interface

However, you must be careful when doing this as it’s easy to accidentally bind the client to your physical internet interface (for example, your WiFi card) instead of your VPN interface. If you do this, your torrent traffic will bypass the VPN interface.

Another great qBittorrent feature is the ability to download files in sequential order. This allows you to stream video content while it’s still downloading. 

3. LibreTorrent

Platforms: Android (including on F-Droid and for Android TV support)

Pros

• Has almost everything you would expect from a desktop torrent client
• Can stream video content
• BitTorrent v2 support
• Features specifically designed to improve the experience on mobile devices

Cons

• Not much

Unlike iOS, Android is an open platform with numerous torrent apps available for it. LibreTorrent is an Android-only open-source  (copyleft license) BitTorrent v2 app with a sleek material design (complete with a dark theme and dedicated tablet UI) and lots of features. 

These include RSS subscription and auto-downloading, IP filtering, sequential downloads (for video streaming), scheduling, and more.

It also includes features designed to make using a torrent app on your mobile device a better experience, such as the ability to set the app to torrent only when connected to WiFi, only connect when your device is charging, or stop torrenting if your device’s battery falls below 15%.

4. BiglyBT 

Platforms: Windows, macOS, Linux, Android (including on F-Droid and for Android TV)

Pros

• Can bind to the VPN interface
• Greatly expandable through plugins
• Android TV support
• Swarm merging
• Lots of options

Cons

• Feels a little old fashioned

In the early days of torrenting (around  2003), one of the most popular and pioneering VPN clients was the open-source Azureus. Over time, Azureus changed its name to Vuze, became increasingly proprietary, started showing ads, and added so many new features that it became a byword for software bloat. Yet much of this “bloat” was extremely useful, and Vuze remained popular among torrenters. 

Development on Vuze ended in 20217, but some former Vuze developers soon launched BiglyBT, an open-source version of Vuze, without the ads and with less bloat. 

Notable features include binding to the VPN interface (much like you can in qBittorrent), swarm merging to complete torrents that do not have all the available bits, and support for seeding to WebTorrent peers. Bigly BT also offers an Android TV interface. 

Many of the more advanced features that were cut from Vuze, such as an embedded media player, RSS scanner, iTunes integration, and much more, are available through easily-installed plugins. 

Deluge

Platforms: Windows, macOS, Linux, FreeBSD

Pros

• Ultra-lightweight
• Third-party plugins

Cons

• Less fully-featured (bloated?) than many other options

Deluge is a bloat-free open-source BitTorrent client. Its feature list is quite short compared to the other options listed here. Still, it includes everything most torrenters want from a torrent client, including support for magnet links and remote web management of downloads.

Some additional functionality can be added through third-party plugins, highlights of which include RSS subscription and streaming while downloading. Deluge is a good choice if you want a traditional, no-frills, open-source torrent client that simply does its job well. 

Final thoughts

There are some fantastic free, open-source, and safe torrent clients out there that easily match the quality and features of their commercial alternatives. The order for this list is necessarily arbitrary, as all the apps discussed above are great at what they do. 

Transmission is the easiest option if you want to torrent using Proton VPN with manual port forwarding (although all desktop apps listed here work with manual port forwarding). Beyond that, though, they’re all good clients and that the ultimate choice depends on which features you value the most

The post Five best torrent clients for your privacy 2023 appeared first on Proton VPN Blog.

In this article, we look at what the GFW is and how it prevents citizens of mainland China from accessing the free and open internet.

• What is the great firewall of China?
• Why does the great firewall of China exist?
• How does the Great Firewall of China work?
• What websites does the Great Firewall of China block?
• Is it possible to bypass the Great Firewall of China?
• Frequently asked questions

What is the great firewall of China?

Since 1998, the government of mainland China has been concerned about the internet, which it perceives as a source of social and political threats to the regime’s cultural values and ideology. At the same time, it has always recognized the internet’s utility in fueling economic growth. 

Its response was to build a regulatory framework supported by a far-ranging and increasingly sophisticated system of internet censorship known officially as the Golden Shield project — known outside of China as the Great Firewall of China.

The first phase of the GFW was completed in 2006, but it has since grown in complexity and scope, restricting internet access into and out of mainland China to only three highly-monitored access points. 

The GFW is designed to block Chinese citizens’ access to the uncensored internet via technical censorship measures. It’s not concerned with policing internal dissent. The Communist Party of China (CPC) controls China’s domestic internet using an army of cyberpolice to actively monitor domestic social media channels. 

One of the most visible aspects of the Great Firewall is that it blocks websites and services that are household names throughout the rest of the world, including all Google services,  YouTube, Instagram, Facebook, Twitter, Wikipedia, and the websites of most major international news organizations.

Also blocked are services designed to bypass China’s censorship measures, including almost all international VPN services.

It is worth noting that the Great Firewall of China covers mainland China, not Hong Kong or Macau. Until recently, these Special Administrative Regions’ internet access was never interfered with and they could browse the  uncensored internet. Hong Kong’s freedom is now threatened by the 2020 Hong Kong national security law. Still, both Hong Kong and Macau remain outside the scope of the advanced censorship system that is the Great Firewall of China.

Why does the Great Firewall of China exist?

The primary goal of the Great Firewall is to  control the flow of information into and out of the country. As China opened up to the rest of the world with the economic reforms known as the socialist market economy in the 1980s and 1990’s, its population became increasingly exposed to ideas and attitudes that the CPC saw as a threat to its social values and political ideology.

The arrival and increasing penetration of the internet into Chinese society caused a dilemma for the CPC. They could clearly see the internet’s value as a tool for economic growth — and its ability to  expose the Chinese people to “dangerous” ideas.

However, the GFW also serves a useful secondary purpose. With the GFW, China has effectively built an internet inside the internet, with a captive market of around 700 million internet users (approximately a quarter of all internet users on the planet). 

This has allowed domestic alternatives to international internet services that are ubiquitous elsewhere, to flourish on the Chinese mainland. These include:

• Bilibili and Tencent Video (YouTube)
• Sina Weibo (Twitter)
• Qzone (Facebook)
• WeChat (WhatsApp)
• Zhihu (Quora)

The CPC keeps tight control over these services, which serves as a lucrative form of trade protectionism. However, it also makes it much easier for the government to monitor and control domestic political dissent and other social trends it disapproves of. 

How does the Great Firewall of China work?

The CPC doesn’t share details about its highly sophisticated internet censorship system with the rest of the world. 

However, various sources, including reports from inside China and lessons learned from long-standing attempts to breach the firewall (often using side-channel analysis), have allowed security experts to surmise at least some of the tactics used to prevent people living in China from interacting with the wider world.

These blocks can be implemented either at the three international exit points monitored directly by the government or by the small number of government-controlled internet service providers (ISPs) that service China’s around 700 million internet users.

Destination IP address blocking

The Chinese government simply blocks connections to address ranges that belong to websites and other internet resources it wishes to censor. 

URL filtering

The government uses transparent proxies to scan URLs, HTTP headers, and the HTTPS Server Name Indication (SNI) for banned keywords.

DNS poisoning

The internet is set up so that DNS queries are usually handled by ISPs. This means the CPC can use the ISPs to aid in its censorship efforts. It often directs ISPs to block or redirect DNS queries to banned websites.

TCP reset attacks

Government cyberpolice can inject forged TCP packets into connections to send end-of-connection requests to blocklisted servers. These TCP reset attacks appear to come from the same infrastructure responsible for deep packet inspection.

Deep packet inspection

Originally developed to detect VPN use, deep packet inspection (DPI) is now an integral part of the Great Firewall. China’s DPI techniques are among the most sophisticated ever developed, making them very difficult to bypass. 

Learn more about deep packet inspection

Fake SSL root certificates

HTTPS, the encryption system that secures the internet, relies on a web of trust. Connections are validated using SSL certificates, which we trust because we trust Certificate Authorities (CAs) to only issue SSL certificates to verified domain owners. 

Over the years, the Chinese government has used root SSL certificates belonging to Chinese CAs to perform multiple man-in-the-middle attacks. 

The most notable example occurred in 2015, when Google proved that the Chinese CA CNNIC was abusing its position of trust by issuing unauthorized digital certificates for several Google domains. In response, some browsers stopped accepting certificates issued by CNNIC. However, this block was not enforced on other Chinese CAs, and browsers continue to accept  new Chinese CAs since.

The 2017 National Intelligence Law of the People’s Republic gives the Chinese government the formal power to ask any Chinese CA for the use of their root certificates. 

Active probing

To help tackle anti-censorship services such as VPNs and Tor, Chinese authorities use active probing to trace connections back to blocklisted IP addresses.  

Blocking access to app downloads

All access to websites that offer ways to bypass GFW restrictions (such as VPNs and Tor) are blocked. All Google services are blocked, including the Google Play Store, so Android users can’t download VPN apps.

If you use an Android in China, you must instead download apps from one of the several  domestic app stores, such as Tencent MyApp or Baidu Mobile Assistant. These stores often contain apps of dubious provenance but no international VPN apps.

The Apple App Store remains accessible from within China, but in 2017 Apple complied with China’s demands to remove all major international VPN apps from its app marketplace.  

What websites does the Great Firewall of China block?

China now blocks thousands of websites, including protonvpn.com and proton.me. Some of the more notable blocked sites include:

• ABC
• BBC
• Bloomberg
• CNN
• Dropbox
• Facebook, Messenger, and Instagram
• Gmail
• Google services and apps (including Calendar, Docs, Maps, Play Store, etc.)
• Hong Kong Free Press
• LinkedIn
• OneDrive
• New York Times
• Pinterest
• Reddit
• Quora
• Reuters
• Signal
• Slack
• Snapchat
• Spotify
• Steam Store
• Twitch
• Twitter
• The Guardian
• Time
• Vimeo
• Wall Street Journal
• Wikipedia
• WhatsApp
• YouTube

It’s important to note that while the GFW is incredibly sophisticated, it isn’t entirely impenetrable. In fact, its implementation is rather inconsistent within China. Websites blocked in one province might be accessible in the next. Theoretically subversive websites can sometimes be accessed freely while innocuous ones devoid of objectionable or politically sensitive material are banned.

Even Google services have occasionally been reported as available in some areas in recent years. 

Is it possible to bypass the Great Firewall of China?

There are no reliable ways to consistently bypass the GFW of China. This includes almost all VPN services, which can be detected using China’s highly advanced DPI systems, even when using obfuscation technologies that are useful elsewhere. 

Other technologies can be helpful, although results are usually very hit-and-miss. You can counter DNS poisoning with third-party DNS services that encrypt DNS queries using DNS over TLS (DoT) or DNS over HTTPS (DoH). Similarly, you can evade URL filtering using Encrypted Server Name Indication (ESNI). ESNI is now supported in Firefox but not  Chrome (yet).

All public Tor nodes are blocked in China, but the anonymity network is still partially accessible in China using bridges and pluggable transports such as obfs4.

Another tool reported to be effective is Shadowsocks. Created by a Chinese developer specifically to bypass Chinese censorship, this tool creates SOCKS5 proxy connections to a server you rent yourself. This makes it unlikely that Chinese authorities have placed this server’s IP address on a blocklist. 

Final thoughts

The effort and resources the CPC has poured into the Great Firewall demonstrates how potent free speech can truly be.

Here at Proton VPN we believe that free speech, access to unfiltered information, and the ability to freely form friendships and exchange ideas with others around the world is a fundamental human right.

Tools offered by Proton VPN, such as Stealth protocol and Alternative routing have proven effective at defeating censorship in places such as Russia, Iran, and Egypt. While we at Proton have yet to find a way to consistently bypass the GFW, we support efforts everywhere to defeat online censorship.

Frequently asked questions

The post What is the Great Firewall of China and how does it work?  appeared first on Proton VPN Blog.

The technique is commonly used in firewalls, intrusion detection systems, and other network security systems.

Unfortunately, the same analysis techniques used to protect private networks can also be used by governments and other organizations to monitor internet traffic and censor online dissent.

Using DPI, organizations can examine packets as they pass through a network to understand their purpose. This allows them to block or restrict access to certain websites, applications, and services. 

Using a VPN prevents this kind of analysis, as the packets are encrypted. But the VPN protocol itself can often be identified by DPI. This allows repressive governments (and occasionally other organizations, such as offices and campuses) to effectively block access to VPN services, even when attempts are made to hide (obfuscate) the fact that a VPN is being used.

In this article, we look at how deep packet inspection works, with a focus on how repressive governments use it to impose censorship restrictions. We also look at how DPI affects virtual private networks (VPNs) such as Proton VPN, which are designed to overcome such restrictions. 

• What is a data packet?
• How packet analysis works
• Simple packet analysis
• Deep packet inspection
• DPI and government censorship
• How VPNs works
• Simple VPN blocks
• Simple VPN anti-censorship tactics
• How DPI is used to detect VPNs
• VPN obfuscation

What is a data packet?

When data is sent over a network (such as the internet), it’s divided into small portions. These small portions are called data packets (or just packets). 

The Internet Protocol uses data packets to help ensure information sent across the web reaches the correct destination. When all the packets making up a dataset (such as an image or the contents of an email) reach their destination, they’re reassembled.

The actual data contained in a packet is called its “payload”. Each packet also has a header that contains metadata explaining things like where it’s going and where it came from.

All data transmitted over the internet is sent in packets. 

How packet analysis works

An organization performing any form of packet analysis must first obtain packets to analyze. This can be done in many ways, but port mirroring, physical network taps, and WiFi sniffing are common tactics. Once an organization has access to packets, it can analyze them in various ways. 

Simple packet analysis

The easiest (and cheapest) way for an organization to implement blocks on network traffic is to examine the information contained in packet headers. This allows these organizations to block packets based on the ports they use or their destination IP address. 

Deep packet inspection

The problem with simple packet analysis for organizations that wish to censor the internet is that it’s easy to bypass simply by changing the destination IP address or the port numbers used. This is because simple packet analysis doesn’t look at the data (the payload). Deep packet inspection analyzes the entire packet, including the payload. 

How does deep packet inspection work?

DPI techniques include:

1. Signature-based detection — Compares packets against a database of known malicious or unwanted traffic patterns
2. Anomaly-based detection — Looks for patterns or behaviors that deviate from normal network traffic
3. Protocol analysis — Examines the structure and format of packets to identify which protocol is in use
4. Content inspection — Examines the actual data contained in the payload, such as the text of an email, to identify and block specific keywords or phrases
5. Behavioral analysis — Examines the behavior of network traffic over time, such as the frequency of connections to a particular server or the amount of data transferred, to identify and block unusual activity patterns

DPI and government censorship

Repressive governments around the world want to limit their citizens’ access to independent information, their capacity to interact with the international community, and their ability to express viewpoints critical of the regime. 

This is part of the reason that internet blackouts continue to become more common. But these blackouts are incredibly costly for any country that regularly relies on the internet (so basically every country except for North Korea). The internet shutdowns from 2022 cost the global economy roughly $24 billion. 

The solution to this dilemma in places such as Russia, China, Iran, and Egypt is to make the internet available but block websites and apps they don’t want their citizens to access. On a basic level, this is quite simple to achieve. All governments have to do is instruct their domestic internet service providers (ISPs) to block connections to certain IP addresses. 

The problem with this approach is that technologies such as virtual private networks (VPN) make it easy for more tech-savvy citizens to bypass these blocks, so governments deploy DPI to detect (and block) VPN use.

Read more about internet censorship 

How VPNs works

A VPN creates an encrypted connection between your device and a VPN server run by a VPN service such as Proton VPN. The VPN app then routes all connections from your device through this “VPN tunnel”. This includes DNS queries, which your VPN provider resolves rather than your ISP (as usually happens). 

Because the data sent through the VPN tunnel is securely encrypted, your ISP (and, by extension, your government) can’t see your data’s content or which websites you visit. All it can see is the IP address of the VPN server you connected to. 

Learn more about how a VPN works

What an ISP can’t see, it can’t block, which is why VPNs are effective anti-censorship tools. Repressive governments, of course, know this, so their usual response is to try to block access to VPNs. 

Simple VPN blocks

The simplest way to do this is to block access to VPN services’ websites. Such blocks are usually easy to evade — for example, by distributing VPN software such as Proton VPN’s Android APK file via an encrypted messenger or social media channels. 

It’s also possible to perform simple packet analysis on packet headers using the following methods: 

Destination IP address analysis

Authorities can examine the destination IP address of packets and match them against a list of known VPN server IP addresses. Armed with such a list, it’s easy for an ISP to block access to all of a VPN service’s servers. 

With the resources available to most governments, it’s not difficult for them to compile these lists themselves. But they don’t really need to because many commercial services do good business by compiling and selling such lists. 

Port analysis

DPI can examine the destination port number of packets and match them against a list of known VPN port numbers

For example, by default, OpenVPN uses UDP port 1194, while WireGuard uses UDP port 51820. 

SSL/TLS certificate analysis

By examining packets’ SSL/TLS certificates, authorities can match them against a list of known VPN SSL/TLS certificates and detect if people are using a VPN.

Simple VPN anti-censorship tactics

Simple packet analysis is a common censorship tactic because it’s easy and cheap. It’s also fairly easy for a VPN service to bypass using the following methods:

VPN over TCP

HTTPS is the encryption standard that secures the web, making possible much of what we take for granted being able to do on the internet. This includes securing all online financial transactions, such as online purchases and managing your bank account online.

HTTPS uses TCP port 443, so VPN services often also run their VPN protocols over TCP port 443. This makes it difficult to simply block this port without effectively shutting down the entire internet.

OpenVPN has built-in support for TCP, making it a popular choice among VPN services using this tactic. WireGuard is usually run over UDP, but Proton VPN has also developed a way to run WireGuard over TCP. 

Learn more about the difference between UDP and TCP

VPN over TCP can effectively evade simple protocol analysis, but more advanced DPI techniques can easily spot the difference between HTTPS and VPN packets.

Changing port numbers

Although VPN protocols default to using expected ports, most can be run over almost any port (except for ports reserved for specific functions). So a simple (but often effective) anti-censorship technique is to run VPN protocols over non-standard ports. 

Proton VPN’s Smart Protocol feature detects when a connection is blocked and automatically switches between VPN protocols and port numbers to find combinations that aren’t blocked.  

Alternative routing

An unusual anti-censorship tactic used by Proton VPN is alternative routing. If access to any Proton service is blocked (including to the Proton VPN website), we try to route the connection through third-party server networks that are unlikely to be blocked (such as AWS). 

VPN bridges

Destination IP address analysis is a challenging attack vector to overcome, but some VPN services mitigate the issue with VPN bridges. These allow them to evade censorship by providing alternative entry points to the VPN network that are not publicly listed or blocked by censors. 

VPN services can achieve this by using a technique called “bridge relaying” or “bridge mode.” This is when a VPN provider runs a few “bridge relays” that it doesn’t publicly list and only provides to people who need to defeat censorship. These bridge relays act as a secret entry point to the VPN network and can be used to bypass blocks on VPN traffic.

Another way VPNs use bridges is by allowing people to connect to the VPN network through a “bridge VPN”, which is when a VPN connection is established between your device and a VPN server that censors haven’t blocked. You can then use this bridge VPN to connect to the main VPN network and access blocked content.

How DPI is used to detect VPNs

Online censors and internet users have been locked in an arms race since the web’s earliest days. ISPs started to block ports, so people started using non-standard ports. Repressive governments responded by using DPI to determine what traffic was doing on open ports, which encouraged people to use VPNs to defeat the DPI. In turn, governments developed more sophisticated DPI techniques, and so on. 

DPI is hard to bypass because it examines the entire packet to identify VPN traffic in a variety of ways. These include: 

Protocol analysis

This examines the structure and format of packets to identify which protocol is in use and detect if the packets are using a VPN protocol like OpenVPN, PPTP, L2TP, or IKEv2.

Packet size analysis

Unusual packet sizes may indicate the use of a VPN.

Behavioral analysis

DPI can examine network traffic behavior over time to identify patterns that may indicate the use of a VPN. For example, if there is an unusual spike in traffic to a specific server or a sudden change in the location of IP addresses, it might indicate that a VPN is being used.

VPN obfuscation

As the next step in the arms race for an uncensored internet, some VPN services have developed custom VPN protocols resistant to DPI techniques. For example, we developed the Stealth protocol for Proton VPN.  

This new protocol combines various open-source technologies, most notably using obfuscated TLS tunneling over TCP to look like HTTPS in a more censorship-resistant way than simply running VPN over TCP port 443. 

Learn more about Stealth

Stealth has helped millions of people overcome VPN blocks in places such as Iran and Russia, but we can’t guarantee its effectiveness against advanced DPI techniques.

Final thoughts

Deep packet inspection can be sophisticated and poses an ongoing challenge to our work of bringing the open internet to everyone. But we founded Proton VPN to face challenges exactly like this, and our engineers are always developing new anti-censorship tools and features. 

We’re locked in an arms race with some of the globe’s most repressive governments, and the stakes could not be higher. Repressive governments rely on keeping tight control over the information their citizens can access, who they can talk to, and what they can say to their fellow citizens and the rest of the world. 

But we believe everyone has the right to access independent reporting, associate with whomever we please, and criticize injustices and abuses of power. We’re fighting to ensure everyone has access to these fundamental human rights.  

Proton VPN was founded to help fight for a world without censorship, which is why we offer a 100% free VPN service. With Proton VPN, anyone can access the free and open internet. We’re proud that activists, journalists, and ordinary people around the world turn to Proton VPN in times of turmoil.

If you live in a repressive country, our service is here to help. If you don’t, you can support our mission to make the uncensored internet available for everyone by signing up for a Proton VPN Plus plan. 

The post What is deep packet inspection? appeared first on Proton VPN Blog.

Instagram is a wildly popular social networking platform that emphasizes sharing photos and videos. It’s owned by Meta, the umbrella company that also owns Facebook, Messenger, and WhatsApp. And like these services, Instagram is often the target of state censorship. Additionally, the platform is routinely blocked on college and office networks.

Fortunately, in most cases, it’s easy to unblock Instagram using a VPN such as Proton VPN. 

How to unblock Instagram

A VPN app allows you to bypass many forms of online censorship, including most of the methods used to block Instagram. When you use a VPN app, your device connects to a VPN server run by a provider such as Proton VPN before connecting to the internet (or in this case, the servers running Instagram).

The connection between your device and the VPN server is secured using encryption, which means no one can see the content of your data as it travels between your device and the VPN server. This includes whoever controls the WiFi network you’re using and your internet service provider (ISP). 

Learn more about how a VPN works

Unblock state censorship of Instagram

Most state censorship relies on governments ordering domestic ISPs to block access to specific domains (such as those used by Instagram). To unblock Instagram, you can usually just connect to a VPN server in a country that isn’t censoring the platform. 

Of course, governments know that people do this, so in more repressive countries, they also try to block access to VPN services that allow their citizens to access banned content and platforms.

Overcoming these VPN blocks is always a cat-and-mouse game between governments and VPN services, but Proton VPN offers advanced anti-censorship tools that can be highly effective. These include:

• Alternative routing —  We route connections through third-party networks (such as AWS) when direct access to our servers is blocked. 
• Stealth protocol — Our custom-made VPN protocol (built on tried-and-tested open-source primitives), designed to evade many forms of deep packet inspection.
• WireGuard TCP and OpenVPN TCP — Although not as effective as Stealth, these VPN protocols are also useful tools for overcoming censorship blocks.
• Smart protocol — This feature detects when a connection is blocked and automatically switches between VPN protocols and ports to find a way around the block.

Unblock Instagram at school, college, or work

Schools, colleges, universities, and offices offer WiFi so their students and employees can do their work.

Usually, these are simple IP blocks that prevent connections to IP ranges known to belong to targeted social media platforms. You can easily overcome these blocks with a VPN, so to unblock Instagram on a school computer or your office laptop, just connect to any VPN server. 

If you use Proton VPN, our Quick Connect feature will allow you to access Instagram while connecting to the fastest server available for your location. 

Although quite rare, some educational establishments use more advanced VPN blocking techniques. In such cases, the advanced features Proton VPN offers primarily to evade state censorship can be effective.

It’s worth noting that your place of work or learning may not approve of you evading their carefully-placed restrictions. Although you’re unlikely to get into as much trouble as accessing NSFW material (for example), you may still face disciplinary measures. 

State censorship of Instagram

Instagram has been banned in China since 2016 and has been intermittently blocked in Iran and Turkey during times of domestic crisis.  

Russia started blocking Instagram in March 2022, after the platform changed its hate-speech rules to allow Ukrainians to share messages such as “Death to the Russian invaders.” The move incensed Russian authorities, who were quick to label Meta an “extremist organization” and open a criminal investigation into the company.  

Russia’s Instagram ban is believed to affect some 80 million users, but Meta’s decision won it high praise from President Zelensky:

Although China, Turkey, and Russia are the biggest offenders, Instagram is routinely blocked whenever a country experiences periods of protest, repression, or other political instability.

You’ll still need an Instagram account

Instagram doesn’t want anyone using the service without an Instagram account, and severely limits what you can see and do unless you sign in with one. A VPN doesn’t help getting around these restrictions.

What you can do is sign up for a free Instagram account using SimpleLogin by Proton to create an anonymous email alias that you can disable at any time. If you have any Proton account, you can use it to sign in to Simple Login without any additional need to register. 

The post How to unblock Instagram appeared first on Proton VPN Blog.

Malicious hackers try to gain unauthorized access to or otherwise disrupt the operation of your computer, smartphone, or any other internet-connected device. 

While a virtual private network (VPN) is a great way to protect your privacy and security online, it’s not designed to defend you against hackers in all situations. We explain how and when a VPN can help to keep hackers at bay.

How does a VPN protect you from hackers?
Encrypting your internet
Hiding your IP address
What hackers does a VPN protect you against?
Man-in-the-middle attacks
Evil twins (malicious hotspots)
WiFi sniffing
DNS spoofing
Other remote attacks
What hackers does a VPN not prevent?
Get a trusted VPN and more to fight hackers

How does a VPN protect you from hackers?

A good VPN is an essential tool to protect your privacy and improve your overall security online. But it only helps to defend against specific types of online attacks.

By encrypting your internet connection and hiding your IP address, a VPN can help to prevent hackers from exploiting unsecured networks or using your IP address to target you.

Encrypting your internet

With a VPN, all the traffic from your device is securely encrypted, so your internet service provider (ISP), mobile network, or public WiFi provider can’t see your traffic. Your DNS queries, or requests to visit websites, are also encrypted, so your ISP can’t see where you go online.

So if you’re using a VPN on public WiFi, any criminal that hacks into the network can’t monitor your online activity. But most websites and apps now use HTTPS, which has significantly reduced the threat from public WiFi hackers, as we explain below.

Hiding your IP address

When you connect to a VPN, the original IP address assigned to you is hidden from public view. All anyone online can see is the address of the VPN server you’re connected to.

By hiding your original IP address, a VPN can prevent hackers from using it to remotely hack into or otherwise attack your device.

Let’s consider in more detail the types of hacking a VPN can help to prevent.

What hackers does a VPN protect you against?

Since a VPN encrypts all your internet traffic and hides your IP address, the main scenario where a VPN can defend you against hackers is on unsecured public WiFi networks. 

Some free public WiFi networks still use insecure encryption or lack a strong password, so they’re vulnerable to attack: Hackers can break into the network and spy on you.

With a VPN switched on, the encrypted VPN tunnel between your device and the VPN keeps your online activity safe from hackers’ prying eyes.

However, most websites now use HTTPS, which encrypts the traffic between your device and the website. As HTTPS secures the information you submit online, like personal or financial details, the risk from public WiFi hackers is much lower than it once was.

But HTTPS only encrypts the data you exchange with websites. It doesn’t hide which sites you visit, so a hacker could still monitor where you go online. Nor does it defend you against DNS spoofing (see below).

Man-in-the-middle attacks

In a man-in-the-middle (MITM) attack, the hacker intercepts the traffic between your device and the WiFi router. That way, they can eavesdrop on what you do, for example, to steal your personal details or impersonate you online.

A VPN hides your internet activity, keeping you safe from attack. MITM attacks include evil twins, WiFi sniffing, and DNS spoofing.

Evil twins (malicious hotspots)

Looking to connect to free WiFi in a cafe one day, you might see several networks on your device: “Seattle_Starbucks_WiFi”, “Starbucks_WiFi”, or “FREE_Starbucks_WiFi”. Be careful, as one could be an “evil twin” malicious hotspot created by a hacker — connect, and all your data could be visible to them.

If you do fall for the evil twin, a VPN will hide your data from the intruder.

WiFi sniffing

One way hackers can exploit unsecured networks is to use specialist software to “sniff out” data packets and analyze them. With a packet sniffer, they could monitor your internet traffic and even hijack your cookies to impersonate you online and access your bank (to give a worst-case example).

With your VPN on, your data and real IP address are encrypted and can’t be sniffed.

DNS spoofing

When you enter a website address in your browser, it sends a DNS query to your ISP to look up the website’s correct numerical IP address. Unfortunately, these DNS requests, which can expose your entire browsing history, are typically unencrypted. If a hacker spoofs or “poisons” your DNS requests, they can redirect you to a malicious site they control.

A good VPN handles and encrypts all your DNS requests, meaning hackers can’t tamper with them. 

Other remote attacks

As a VPN hides your real IP address, it can also shield you from various attacks that exploit your IP address, whatever network you’re on.

For example, if hackers know your IP address, they can scan the ports on your device to spot weaknesses or target you with a denial-of-service (DoS or DDoS) attack.

What hackers does a VPN not prevent?

Apart from exploiting unsecured public WiFi, hackers can use various ways to access or damage your online devices. Here are some threats a VPN won’t stop.

Malware

Hackers can use all kinds of malware to access your device, like spyware, rootkits, and remote access Trojans. A VPN isn’t designed as a primary line of defense against malware.

But some good VPNs like Proton VPN can give you some protection. Get Proton VPN Plus, and you can enable NetShield Ad-blocker to block some malware from ever reaching your device.

Still, a VPN is no substitute for antivirus or internet security software, which actively monitors and scans your device for malware. Install antivirus software on your devices and keep it updated.

Software vulnerabilities

A VPN can’t protect you against hackers attacking weaknesses in your apps or operating system. These range from known vulnerabilities, for which security patches may be available, to so-called zero days, which aren’t known to product developers and have no fixes.

To minimize the risk from known threats, keep your apps, operating system, and antivirus definitions updated to the latest versions. 

Human error 

One of the easiest ways criminals can hack your device is with your help. If you don’t lock down your online accounts with strong passwords and two-factor authentication (2FA) where possible, you’re putting yourself at risk of being hacked.

Hackers can also use social engineering to trick you into disclosing confidential information or taking action that could compromise your device.

A VPN is no defense if you follow a link in a phishing email or download malicious software from an unauthorized website.

Get a trusted VPN and more to fight hackers

A VPN is a great tool to protect your privacy and security online, but it’s only a defense against certain kinds of hacking. As a VPN encrypts your internet connection and hides your IP address, it can help to protect you against public WiFi hackers or anyone using your IP address to attack you.

So a good VPN is just one weapon in your armory against hackers, along with these basic precautions:

• Use strong passwords and two-factor authentication (2FA).
• Install antivirus or malware removal software.
• Beware of phishing, and be careful what you download.
• Keep your operating systems, apps, and antivirus updated.

Remember that a VPN provider can see your online activity and could itself be hacked, so choosing  a VPN you can trust is vital. Proton VPN is trusted by millions worldwide, including journalists and activists, because we designed it to be as private and secure as possible. 

At Proton, our goal is to give everyone privacy and security online, so join us. Together, we can build a better internet where privacy is the default.

Learn more about what a VPN protects you from

The post Does a VPN protect you from hackers? appeared first on Proton VPN Blog.