This VPN is now the resistance tool of choice in authoritarian regimes trying to control the internet

By Peter Guest | Contributor

As the official campaigning period in Venezuela’s presidential election began earlier this summer, one by one, news websites started to go offline. First, two fact-checking websites, Cazadores de Fake News and Es Paja, went dark for Venezuelan users. Within a week, a handful of other fact-checking and civil society sites were blocked. As election day approached, the blocks snowballed, with more than 70 media outlets and NGO sites—and even Wikipedia—inaccessible by the end of the month. Under the cover of that censorship, the government of Nicolás Maduro planned to steal the election.

To evade the blocks, thousands of Venezuelans downloaded virtual private networks, services that allow users to bypass geo-restrictions and anonymize their internet use. Downloads of the most popular of these—Proton VPN, made by the Swiss-based secure communications company Proton—spiked 4,000% in the run-up to the vote. The company’s app surged to the top of the download charts in the Apple App Store and Google Play Store, partly because Venezuelan activists and NGOs had endorsed it, partly because it was offering free access to Venezuelans, and partly because the government’s false claims that the app was a scam designed to farm user data had Streisanded the app into notoriety.

Andy Yen, Proton’s CEO, says he believes most users knew that the app wasn’t really a scam—they had so little trust in the government that state media’s warnings not to use Proton were “the proof that they needed,” he says. Yen and I are meeting at Proton’s headquarters, an unremarkable office building in a suburb of Geneva, close to the border with France. “Obviously, the number of downloads increased pretty dramatically,” he adds.

Behind the scenes, the Venezuelan government was trying to find ways to block the VPN. Internet service providers started to block internet protocols (IPs) associated with virtual private networks, as well as pages where users could download the app or set up their accounts. Proton, however, was ready for the censors’ efforts. 

A game of cat and mouse

For the past two years, the company has been engaged in what Yen calls a “cat and mouse game” with censors more sophisticated than those in Venezuela. The company is on the front line as authoritarian countries are stepping up their attempts to control the internet, attacking the technologies and technology providers that help their citizens to bypass censorship. In response, Proton has built “stealth protocols,” set up huge networks of servers all over the world, and created its own internal toolkit of technologies and tactics that it can deploy in emergencies. 

In the past year, the company—whose main shareholder is a Swiss nonprofit foundation—has made additional servers available for free during elections in countries with a history of shutting down access to information. Yen notes, wryly, that Proton is engaged in “the ultimate election interference program, but instead of trying to destroy democracy, it’s trying to save democracy.”

It is a constant, dynamic, often exhausting effort, with Proton’s engineers scrambling to stay ahead of adversaries who are frequently better resourced than the company, and who learn from one another. “They didn’t manage this time. But I would also say they for sure took a lesson from that,” Yen says of Venezuela. “And in the next contested election they will probably level up their game, learning from some of their partners in places like Iran, Russia and China. So it’s literally an arms race. It’s about whether or not we can innovate and develop faster than they can.”

In March 2022, the Russian government tightened its already strict controls on the internet by ordering internet service providers to block Facebook and Instagram, while declaring their parent company, Meta, an extremist organization. The country had already severely cracked down on independent media, banning references to the war in Ukraine in favor of euphemisms such as “special operation.” Soon after, Russians turned in droves to VPNs like Proton to obtain free access to information. There was a point, according to Proton, when 5-6% of Russia’s total internet traffic was passing through its network. The company essentially found itself running a significant part of the free internet for Russian users.

VPNs work by providing users a parallel infrastructure to access the internet. Rather than going through local servers, VPNs route traffic through a separate network, often in a different country outside the user’s location. That means that a user in Russia, for instance, can access sites as if they were sitting in Switzerland, circumventing their own country’s internet censorship. Even their own internet service provider can’t see what they’re looking at online.

In the weeks after the Russian invasion of Ukraine, Proton’s infrastructure came close to being overwhelmed. The demands of Russian users on its Swiss servers were many times greater than the entirety of the country’s own needs. “We were just trying to buy servers,” Yen says. “We don’t care about the price of the server. If it’s available on the open market, you know, for deployment immediately, we’re gonna buy it.”

Proton is tight-lipped about its finances, but the fact that it was able to burn money on something that is very unlikely—at least in the foreseeable future—to return dividends is largely down to its unusual structure. It runs on Yen’s doctrinal belief in privacy. He cofounded Proton in 2014, in the wake of the Edward Snowden scandal, when it was revealed that the US government was running a massive global surveillance program. 

In 2024, the founders transferred ownership of the majority of the company’s shares into the nonprofit Proton Foundation, which is constitutionally bound to further its founding mission of “building a better internet.” Proton has no venture capital or outside investors. In a sense, its revenue-generating services—which include secure email, cloud storage and digital wallets, as well as paid VPN services—exist to give it the resources to invest in its internet-freedom-promoting operations in Russia and beyond. 

As Russians flooded onto VPNs in the spring of 2022, Proton’s teams worked around the clock and over weekends to get more servers online, partly simply to handle the traffic, and partly so that they could stay ahead of the censors, who were hunting down and blocking IP addresses associated with the circumvention tools. The scramble lasted three weeks before Proton was able to stabilize its infrastructure and cope with the surge in Russian demand. 

The relative calm didn’t last long. VPNs are hard to block, but not impossible. Censors need to identify IP addresses and exit nodes associated with its traffic, and shut down access. That requires a fair amount of legwork and a very good vantage point over the national internet infrastructure—something the Russian state censorship agency, Roskomnadzor, didn’t have in 2022. 

Censors, coups, and countermeasures

Despite the government’s authoritarian leanings and a long history of state control over information, the Russian internet isn’t well designed for censorship. Its structure is an artifact from the post-Soviet 1990s and 2000s, when it seemed that the country might embrace Western notions of freedom of information. At the time, it had hundreds of internet service providers, each with its own connections to the global internet. That fragmentation is hard to manage compared to, for example, China, whose internet was built with state control baked in from its inception. But even before Russia’s 2022 invasion of Ukraine, censors were working to impose more central control over the internet, installing deep packet inspection technology, which enables the detailed monitoring of internet traffic, at ISPs. 

Proton monitors traffic on its networks in real time. Its engineers joke that they know when a coup is happening before the BBC does, because they can see users flocking to the VPN. They can also tell when the service has been disrupted, as in July 2022, when traffic from Russia suddenly dropped precipitously. “They found us,” Antonio Cesarano, product lead on Proton VPN, says. Another mad dash began to provision more servers and give the Russians a moving target that would be harder to hit. 

Cesarano is one half of the team responsible for keeping the VPNs active, along with CTO Samuele Kaplun. The pair resemble a comedic duo, one short, one tall, one expressive, one taciturn, occasionally interrupting each other, finishing each other’s sentences. Within the company, they’re known as “Santonio.” 

These all-hands-on-deck moments, when the traffic from censorship hot zones plummets and Cesarano and Kaplun have to scramble to keep people online, tend to happen on weekends. “So my idea is that [censors] work the whole week, right? And then they're like, ‘Yes, we've done the week of work. Let’s deploy’,” Kaplun says. “Then, Saturday morning, I’m in the store with my girlfriend buying furniture and the phone is ringing,” Cesarano adds.

The pair are understandably cautious about giving away too many intricate details of the countermeasures that they’ve developed to stay ahead of Roskomnadzor, but they include automating the switching between IPs that they would previously have had to do manually, making it harder for the censor to squash open lines as they become available. 

The solutions aren’t always technical. If a country blocks Proton’s website and users can't set up accounts, Proton can just drop the requirement to register and make the system free to use for people in countries with a high risk of censorship. Others are more like spycraft—ways to trick censors when they’re trying to reverse-engineer the VPN apps, for example. The threats to users don’t just manifest digitally. Several countries, including Iran and Myanmar, have made it illegal to use VPNs—simply having one on your phone is dangerous. So Proton built a feature that disguises its icon on a phone’s home screen. 

Next generation internet-control technology

Their adversaries are improving their tactics too, however. Recently, the Russians have been far quicker to detect and shut down VPN connections. 

In earlier skirmishes, it seemed that the censors were having to do their detective work manually, looking for traces of VPNs by analyzing peculiar traffic patterns. But recently, that process seems to have become automated, Cesarano says. It’s likely that Roskomnadzor has built or bought a system that uses machine learning to identify the subtle fingerprints of a disguised VPN connection, allowing them to be far more rapidly shut down. If so, that would mean a substantial investment, something that would take, Cesarano says, “years of technological development with very intense resources.”

That tallies with what observers of Russia’s censorship architecture have witnessed. The fragmentation of the Russian internet is still a problem for Roskomnadzor, but the agency has clearly been given resources to invest in technology that improves its control.

“Since the start of the war, Russia has invested in censorship and blocking infrastructure,” Anastasiya Zhyrmont, Eastern Europe policy manager at the NGO Access Now, told me. It’s clear that has yielded breakthroughs. 

In August, the authorities demonstrated their ability to throttle YouTube, which remains a major source of news for Russians. A Russian government official announced the block in advance, saying that it was in response to YouTube’s “anti-Russian” policies: since Russia’s full-scale invasion of Ukraine, the site has worked to remove thousands of Russian propaganda channels. The government’s efforts managed to slow the site down to the point of unusability, so that as much as 90% of the country was unable to access it. 

The block, which analysts believe is designed to push users onto Russia-based streaming platforms that are easier to control, was probably very challenging to execute. Hitting huge platforms, like YouTube, can cause collateral damage, as it often requires censors to disrupt pieces of infrastructure that are shared by other online services. The block in August seems to show that Roskomnadzor “have all the technical capabilities, and they might be able to mitigate the collateral damage,” Zhyrmont says.

David versus Goliath

Russia looms over Proton’s operations because Roskomnadzor is usually the most innovative of the company’s adversaries. But it’s not the only one. Increasingly, other countries are learning lessons from Russia—or, as some in the internet freedom community believe, buying censorship tech directly from Russia. Technologies such as deep packet inspection, which allows network operators to look in detail at the content of internet traffic, are now widely used in Russia, and are increasingly available and affordable on the global market.

Iran in particular has followed Russia’s path of deploying increasingly sophisticated tools to disrupt VPNs. The country has long tried to block access to independent media but began to target social media platforms in the fall of 2022, after massive protests sparked by the death in custody of a young woman, Mahsa Amini. Those blocks, inevitably, pushed many Iranian users onto Proton VPN. But the authorities were ready for them, deploying the same kind of tactics that Proton had seen in Russia. 

“Our usual toolkit wasn’t very effective,” Yen says. But the company had spent months developing something “intended for the Russian censors—to give them, you know, an interesting weekend, right?” That tech, which Proton calls its Stealth Protocol, disguises VPN traffic as normal traffic, making it even harder to detect. Stealth was sitting “in a box” waiting for the next big censorship event in Russia. They deployed it on a Friday night, and all weekend Iranian users flooded onto Proton.

“The regime had to take extreme measures,” Yen says, evidently satisfied. “The only way to block the VPNs was to shut off the internet.” For weeks at a time, Iranian mobile internet providers turned off their networks between 4pm and 10pm, to try to prevent people from arranging protests after work hours. 

“The economic cost is huge. Imagine all the transactions and things that can’t happen because the internet is not working for six hours per day,” Yen says. “That’s actually what countries have to resort to if they can’t overcome your anti-censorship code.”

A year later, when Iran cracked down again ahead of the anniversary of Amini’s death, it was still resorting to shutdowns. 

Yen is quick to point out that these victories don’t come cheaply for Proton, either. “You can’t make money doing this,” he says. The money the company makes from its profit-driven services are a drop in the ocean compared to what authoritarian nations spend to bolster their censorship apparatuses. Russia’s digital ministry has reportedly allocated more than $650 million over the next five years to improve its censorship tools. “If you look at the budgets that these countries are spending to do this compared to, you know, our budgets on this side, it’s a bit unbalanced, let’s say,” Yen says.

Proton’s home base in Switzerland gives it a lot of legal protection, but the company has to be a little paranoid about security. Yen and his senior team don’t take flights that go through Russian airspace or use transit through countries friendly with the Kremlin. 

Russia continues to invest in new ways to cut off its internet from the worldwide web. Access Now’s Zhyrmont says other countries in Russia’s orbit in Eastern Europe and Central Asia are following its lead. Censorship tools are increasingly becoming commoditized, bringing the ability to block VPNs within the reach of countries with fewer financial resources. That supply drives demand. Social media blocks have become common. There was a period of four weeks this summer when Proton’s servers were coping with surges in traffic from Venezuela, Bangladesh, Turkey and Brazil, all of which had imposed some kind of block on social media. 

To the anger of Yen—and others I spoke to across the digital-rights movement—US Big Tech often hasn’t been a very good ally. Since July, Apple has removed dozens of VPNs from the app store in Russia, reportedly in response to government demands. The monopoly that Apple and Google have over the distribution of mobile software presents a real danger to free speech, as it puts users at the mercy of those companies’ commercial decisions. “There is no level of technical circumvention that I can do that will be effective if I cannot be on these devices,” Yen says. “This is the next frontier of the fight.”

Apple didn’t respond to my request for comment. 

I asked Yen, Cesarano and Kaplun what keeps them in a fight that is so clearly one-sided. They all gave variations on the same answer—the joy of being right and solving problems that seem insurmountable. 

Before he founded Proton, Yen was a physicist at CERN, the particle accelerator where scientists are trying to answer some of the most fundamental questions about the makeup of the universe. The company is stocked with mathematicians and physicists. Tim Berners-Lee, credited with developing the worldwide web, sits on the company’s board. Berners-Lee, Yen says, invented the internet protocol not for capitalism or authoritarianism, but to help scientists share information freely. 

Yen, who moves seamlessly between technical details and grand pronouncements about the future of democracy without changing tone, says that foundation is at risk. The internet is breaking into silos as countries such as Russia and Cambodia try to build their own “sovereign” webs, where they seek total control. “The Splinternet is already here,” Yen says. Big tech companies have become gatekeepers for people’s access to information, setting the limits and tone of speech via their own moderation policies and algorithms—and sometimes deciding whether or not to allow their users access to tools like VPNs. It’s a bleak picture, but Yen says he remains oddly hopeful.

“It should be impossible. We should have lost these battles a long time ago,” he says. “We’re able to stay in the game, at least for now. But there’s no guarantee of the future. There’s a light at the end of the tunnel, but it’s a long tunnel.”

Peter Guest is a UK-based journalist covering the intersection of technology and politics.