A downside to having persistent storage that is not mentioned is that a server could potentially be compromised in a way that survives restarts. No amount of disk encryption will protect you from that.
If the machine has no persistent storage and boots from a medium that is provably read-only (i.e. a DVD or a netboot image), it's always going back to a known state every time it comes back up.
Also "keys off site" is nowhere near as safe as keys don't exist. (can't exist, it's not a matter of a key when ram loses power)
Also "we don't log" is quite far from "it doesn't matter even if we accidentally logged, because the ram has gone poof".
The ProtonVPN setup is probably quite good and more than good enough, but it is disingenuous to claim that it is actually equivalent.
Encryption and policy are not the same or just as good as does-not-exist.
What could possibly be true, and so what they could possibly say honestly is that it's close, and the operational gain is worth the security loss.
I know how my mom can fail to see the absolutly binary 180 degree night and day difference between something that is difficult and something that is impossible, and see them both as being close to each other way to one side of a slider, but I don't know how anyone who programs or administers a computer fails to see those as actually being at opposite ends of a slider with only 2 settings, possible and not-possible.
The obvious benefit of having a ram only vpn is eventually it will be shutdown or rebooted. An encrypted hard drive will have its data stored for practically the rest of time.
Nothing in this article tells me why Proton VPN is better than a Ram vpn.
In the case you shared, the name/address of the terrorism suspect was actually given to police by Apple, not Proton. The terror suspect added their real-life Apple email as an optional recovery address in Proton Mail. Proton can't decrypt data, but in terror cases Swiss courts can obtain recovery email.
Moreover, the case concerns Proton Mail not Proton VPN, and Proton VPN's no-logs policy has been proven in both independent audits (https://protonvpn.com/blog/no-logs-audit) and in court (https://protonvpn.com/blog/transparency-report).
You have to read the whole argument, to get past "Full-disk encryption achieves the same end" where they're equating the encrypted-on-disk with ephemeral RAM.
Only once you get to a later claim that the logs they store on local disk "contain no personal information" (they claim; even in event of error?) is the earlier claim arguable for a relevant threat model.
Totally non-expert thought: Isn't that only true if you're total RAM cpacity is N(2), where N is the amount of RAM for the server. Due to the volatile nature of memory, without snapping, freezing, modifying, and promoting how would one envision updating a RAM-disk OS?
You only need N(2) if you're updating by downloading and switching to an entire second rootfs image. If your OS takes up 500MB and you update a single 5MB component, then you only need 505MB, and that only until the update completes and the old version is dropped and you return to 500MB.
> RAM can be just as easily accessed as hard disks if the computer is on
Ok. But that doesn't protect you from cases where it is off. Like if the hard drive is confiscated or stolen.
> Full-disk encryption achieves the same end
Not entirely. The decryption key could be compromised. Or someone might figure out may have some way to crack the decryption (unlikely, but not impossible).
> A good VPN service has no logs worth seizing anyway
That is half of a good argument. The other half would be "and we disable swap so that parts of memory don't accidentally end up on disk". But they don't mention swap.
> Location, location, location
That might help against government seizure, but what if the disk is stolen?
> “The result is that seizing our servers when powered off will yield no more information than seizing RAM-only servers.”
This is just false. If your servers are seized I guarantee they also want your disk encryption password. How to prevent it? No disk, and no way into the OS without booting it with some special arguments.
They say in the article the encryption passwords are stored off site, presumably in Switzerland where their HQ is. Switzerland does not have any law compelling handing over passwords as far as I am aware. They also say the logs on the (encrypted) drives don't contain any useful information linking back to users anyway.
Which still results in a clearly weaker defense compared to not persisting data, as the data will remain available to be acquired legally or illegally even after powering the system down.
But a motivated nation state can size servers without powering them down, it has been done in the past. Sure, it's harder than just smashing the door and grabbing them, but still possible. In the end, when discussing security one has always to start by clearly defining the intended threat model.
As I recall they said similar things about their encrypted email service, giving the impression that there was nothing to share with Authorities. Then they gave up enough personal information to lead to the arrest of a French activist.
Poor opsec there to be honest; I think they handed over the recovery email address he provided when he registered which was some gmail or something address which easily gave away his identity.
As far as I know they were not able to access any of the mail in his account.
But whenever they reboot a us vpn server somehow that password is making it into the LUKS system (can we assume some kind of agent that runs during boot?) which likely has some credentials also baked in?
Unless we believe a human being is manually entering these in their hundreds of us vpn servers every time they restart?
> Remember, the courts consider decryption keys just like house keys, they can be demanded by the police and are not protected by the fifth amendment
Proton VPN is based in Switzerland where the fifth amendment doesn’t apply anyway as a US-specific constitutional concept. They might have stronger or weaker protections in this area, I don’t know, but not the fifth amendment.
You are correct. The fifth amendment to the current Swiss federal constitution prohibits
the construction of minarets, rather than protecting anything.
…there are some technical tricks to retrieve RAM values after power loss
Do these tricks still work? Did they ever work or is it more internet rumor? Modern RAM refreshes itself really quickly and I suspect signal degradation happens more quickly than historical modules.
If you are worried about the gestapo seizing your servers and freezing the RAM, is there any mitigation in place?
I think it’s pretty much infeasible. Some professor did it in a lab once but I can’t see that level of sophistication being used against a public vpn server, whatever the circumstances.
SGX encrypted memory would work as a solution for this, probably.
It's been awhile since I read about this, but I remember the discharge time of the tested ram was so slow it seemed like anyone reasonably quick and prepared could potentially pull it off, even without freezing. But it was with SDR or DDR and modern ram discharge is so much quicker it is basically impossible now.
I was imagining more the scenario that gman appears and you hastily flip the switch.
I have so little trust in computer security I assume the powers that be have a USB stick with 0 days that can compromise any modern OS by just plugging into an active machine.
Not the US fifth amendment, no. (Edit: it does apply in cases where they are dealing within the US with officials at any level of US government, or when making statements to US officials who are conducting a custodial interrogation abroad.)
They are based in a country with more than five amendments to its current federal constitution, but since they are unlikely to want to construct a minaret, the prohibition on doing so in the current Swiss federal constitution’s fifth amendment doesn’t affect them in any meaningful way.
Yeah, in contexts which are sufficiently US-linked those protections may apply - I’ve edited my comment. Mostly not though.
Anyway, even in the US, providing a decryption key would only be protection by the fifth amendment if testimony by a human is involved - not simply, for example, turning over a USB key or even a piece of paper on which the key is printed So this question is mostly moot for the scenario we are discussing, except if information in a human mind is needed to access the key.
> Do we really assume not being in the US directly fixes everything?
Nobody said anything about fixing everything. When the US fifth amendment doesn’t apply, people have fewer protections from the US government, not more.
Also, I should correct myself slightly on when the US fifth amendment applies: in the rare case where US officials do conduct a custodial interrogation abroad, US courts will recognize the US fifth amendment protection against self-incrimination for statements made to those US officials in that context, even for statements made by foreign nationals. But US courts will not recognize those rights for statements made to foreign officials, outside of two rarely applicable exceptions. Also, of course, dealings within the US with US government officials are constitutionally protected for all nationalities.
I’ve edited my comment upthread accordingly.
With respect to Proton’s home government of Switzerland, they might have more protections or fewer protections than the US fifth amendment offers versus the US government when it does apply - I have no idea and avoided making any assertion either way about that.
Good luck with that, Article 7 of the Swiss Federal Act on International Mutual Assistance in Criminal Matters states that Swiss citizens may not be extradited to a foreign country without their written consent. This protection of citizens from extradition is a longstanding tradition in Swiss law.
Yes but there are cases where the accused may not even be a citizen. Also Switzerland still has a provision with other countries for allowing Swiss citizens to be tried in Switzerland for crimes committed abroad.
I really don’t see that. If you say this about Proton I guess you can basically say it about any company. You are really going to need to get some proof at this point.
If the machine has no persistent storage and boots from a medium that is provably read-only (i.e. a DVD or a netboot image), it's always going back to a known state every time it comes back up.