What is acceptable use of ProtonVPN?

I have recently bought into the ProtonVPN ecosystem and have been loving it so far. I do however have a question about acceptable uses of ProtonVPN.

I have been reading around and read that ProtonVPN can attribute DDoS activity over their networks down to an account and terminate that account to prevent further abuse of their servers. Obviously this is necessary otherwise every service provider out there would have blocked ProtonVPN servers in a heartbeat and the VPN would be useless.

As I am getting more into tech, privacy and cyber security I am interesting in trying my hand at sites like TryHackMe and HackTheBox to understand cyber security from a red teaming perspective.

My question is that could this be erroneously flagged as malicious activity (obviously given the nature of the sites) and get my account banned and does ProtonVPN even have the ability to isolate and monitor traffic at this level of granularity?

Apologies if this is super paranoid I have important stuff in Proton and would rather not risk losing access to it if this is the case. Any advice is greatly appreciated.

When you use tryhackme at least you connect to their own vpn config to access the hacking boxes so it shouldn’t be an issue at all.

I’ve done some HTB machines while connected to Proton VPN and haven’t had an issue. But if you’re worried about it and would rather be safe than sorry, you can keep Proton connected on your host system and set your VM to use a bridged adapter on your normal network interface, that way none of the VM traffic will go through Proton and you can just connect to HTB/THM’s VPN in your VM while still keeping your host system protected by Proton VPN.

HI! Our automatic anti-abuse system might indeed get triggered by abusive traffic patterns with the risk of your session being disconnected, and perhaps your account being suspended.

That said, we have a Safe Harbor policy: https://proton.me/security/safe-harbor, and you can always contact our anti-abuse team for help through this appeals form: https://proton.me/support/appeal-abuse

If you have specific questions related to your specific use case and whether its protected by this policy, you can always contact us at [email protected] for more details.

I have important stuff in Proton and would rather not risk losing access to it.

The easy solution is to not use any Proton service, including VPN, for anything questionable.

I see. I did not know this. Thank you!

That sounds like a good idea. I’ve been meaning to set up a VM on my primary PC for ages anyway so it’s a good reason to finally get to it.

That is good to know. Thank you for your response!

TryHackMe and HackTheBox are not questionable and in the terms of service Proton do specifically state that it is unauthorized hacking that is prohibited (these sites would by their nature be authorized hacking) but I am just wondering how they would be able to distinguish between what is unauthorized and what is authorized and whether this poses risks to accounts performing legitimate activities that could seem suspicious.

I do understand your point though it is better to be safe than sorry and not risk it in the first place.

I am generally curious about why. What happened to you?

Because what you want to do is of course against TOS

Visiting the pages isn’t questionable. I’d advise to not use any red team / penetration testing related actions while connected to Proton VPN.

I am just wondering how they would be able to distinguish between what is unauthorized and what is authorized

That determination is probably not up to Proton VPN. If you try to hack the NSA, the CIA or similar, you can rest assure you soon will be enjoying cuffs.

You can not use a VPN service to hide, even if you are using a fake name and address. The traffic has to originate from somewhere and if that is your home internet connection you will get busted.

The way the Proton TOS is worded I think ethical hacking is within TOS. Specifically the TOS prohibits:

Attempting to access, probe, or connect to computing devices without proper authorization (i.e. any form of unauthorized “hacking”)

Given that TryHackMe and HackTheBox are created with the intent to hack it would seem that it does fall within TOS.

Of course. A VPN is not an anonymity tool and if you perform illegal activity that traffic can still ultimately be traced back to you if investigated.

However, would ProtonVPN automatically make that distinction between malicious and benign traffic that look similar (for example would ethical pentesting be flagged and the account removed) or would a complaint by a third party have to be raised first before an investigation into that activity is launched?

I’m not about to risk my account to do some ethical hacking over ProtonVPN but I am just curious at this point what is Proton’s procedure for this kind of stuff.

That’s true! Awesoem

would ProtonVPN automatically make that distinction between malicious and benign traffic that look similar

Very unlikely. A VPN service is not law enforcement.