Kaspersky VPN Secure Connection - Transparency and Security
Last updated 11.10.2021
We strive to deliver the best VPN service for you!
Wherever you are, we want you to be safe and secure while surfing in cyberspace.
All VPN services claim they are capable of safeguarding your data in cyberspace, but when it comes to choosing a VPN vendor, trust is everything. To help you make a well-informed decision, we have answered some common questions about how Kaspersky VPN works and handles data, and what we do to enhance product security and deliver a better service.
Q: Have law enforcement agencies ever requested any information from your VPN service?
A: No. Kaspersky has never received any inquiries regarding the Kaspersky VPN service. Note that if we did receive such inquiries, we would adhere to our policy on dealing with law enforcement and government requests where all external requests go through a mandatory legal verification as a first step to ensure the security and privacy of our users as well as compliance of the company with the applicable national and international laws. In addition, neither Kaspersky nor its VPN vendor Pango monitors or stores any data that ties a user to his or her online activity, and we would not be able to provide the content data (data which users create or communicate) that law enforcement agencies sometimes want for electronic evidence.
To learn more about our Law Enforcement and Government Requests Report, please follow this link.
We have also published recent statistics on requests received from our users about all our products.
Q: How do you ensure data security?
A: Data flows are encrypted with the industry-leading Advanced Encryption Standard (AES) 256 algorithm, making it impossible to carry out a successful brute-force attack. Kaspersky VPN also uses algorithms that support Perfect Forward Secrecy, to make sure encryption will not be compromised—even if one of the private keys has been compromised.
Additionally, our data management security controls include, but are not limited to:
- Kaspersky VPN does not store any data nor permit any of its vendors to store data that ties a user to his or her online activity.
- We only process information for particular, pre-determined purposes that are legitimate with regard to applicable laws and which are relevant for the functionality of Kaspersky VPN. This includes information about the device used, subscription details, and wireless network specifications. The full list is available at Kaspersky VPN EULA.
- The only scenario where Kaspersky obtains any information about a VPN user (for example, the user’s email address) is when they choose to communicate with the company (for example, via chat or email) or choose to provide an email address (login) to register at My Kaspersky. However, even in this case, we cannot link that information to a user’s VPN traffic because we don’t monitor or store such traffic.
Q: Where are your VPN servers located?
A: Kaspersky VPN uses servers provided by our partner and they are located in more than 70 regions around the globe, thus giving you more virtual locations to choose from as well as faster and more reliable connections.
- You can access many virtual locations while using the Kaspersky VPN service, including the US, UK, Netherlands, Czech Republic, Canada, Germany, Denmark, Spain, France, Sweden, Turkey, Ukraine, Mexico, Singapore, Belgium, Poland, Italy, Switzerland, Austria, Brazil, Japan, and many others.
- The servers are managed by our VPN vendor, Pango GmbH and its affiliates, which are located in Switzerland and the United States of America.
- Premium users can choose which location to connect to, before receiving the VPN server IP address. For users of free versions, a location is assigned automatically. In risky situations, such as when a user connects to an insecure Wi-Fi network or opens a sensitive website, Kaspersky VPN suggests enabling encryption (for Android and Windows users). However, the user decides whether to use this or not, and thus to give permission for enabling encryption.
Q: How do you ensure data integrity?
A: Via the Kill Switch function.
- When your connection is interrupted, Kill Switch, which is available for Premium users, automatically blocks the device’s access to the internet until the VPN connection is restored. Using the Kill Switch eliminates any risks associated with unprotected connection. Once the Kaspersky VPN service activates Kill Switch, users are notified about this; users also have the option to de-activate this function.
- Premium users of Kaspersky VPN can turn on Kill Switch in the software settings. When Kill Switch is active, data will only be transferred if the VPN is actively protecting the system.
Q: Do you share data with government agencies?
A: We make every effort to ensure that user data is safe. We never provide any government organization or third parties with access to the company’s infrastructure or user data. We provide information on such data as well as technical expertise for cybercrime investigations upon request, but no third party can directly or indirectly access our infrastructure or data, and all requests go through mandatory legal verification before being approved, rejected or challenged. We do this to ensure the security and privacy of our users as well as to ensure our compliance with applicable laws and regulations. If requests do not pass the legal verification, we may reject or challenge such requests. Please check our Law Enforcement and Government Requests Report to learn about Kaspersky’s policy in dealing with requests from law enforcement and governments worldwide.
Q: Do you follow states’ regulations?
A: We comply with the laws and legal procedures of all countries in which we operate, and we block access to websites that are considered illegal in some countries upon request and to ensure compliance with the applicable laws.
- The website blocking procedure depends on the specific country and its legislation. When prohibited websites are identified, Pango follows the applicable domestic laws and then implements a functionality that ensures that these websites are not available and cannot be reached.
- In cases when an address is blocked, if the website uses Hypertext Transfer Protocol (HTTP), users are redirected to a special Kaspersky VPN page that displays a warning. If the website uses Hypertext Transfer Protocol Secure (HTTPS), the VPN server simply does not connect to the website.
- During no stage of the website blocking procedure do we have access to information about the websites (restricted by national legislation or otherwise) that our users are trying to visit, nor do we log such events. Therefore, we do not have users' online activity and it is impossible to share it with anyone.
Q: How do you keep the VPN product safe for users?
A: We adhere to the principles of responsible vulnerability disclosure. We coordinate vulnerability discovery and mitigation with the research community in the event if security flaws are found in Kaspersky VPN.
- The product security in our VPN Service is ensured by Kaspersky’s vulnerability management and disclosure program, including our Bug Bounty Program managed by HackerOne. We also adhere to Ethical Principles in Responsible Vulnerability Disclosure to provide greater transparency on how we cooperate with the research community with regards to vulnerability treatment and disclosure.
- So far we’ve received and closed three reports for minor non-critical security flaws in Kaspersky VPN. The description of those flaws and their mitigation is published on the Kaspersky website.
- We have also audited the Pango infrastructure to make sure they meet the highest standards.
- We continuously monitor the quality of Pango services to ensure that they meet and maintain their SLAs (Service Level Agreement) commitments.
Q: I still have more questions!
A: Kaspersky Transparency Centers provide our enterprise customers and partners the opportunity for executive briefings on our products, including Kaspersky VPN, as well as our engineering and data management practices.
- We provide both remote and physical access to learn how our products—including Kaspersky VPN—work and which data management practices are applied. Depending on the type of request you have, we have multiple options available at our Transparency Centers, from lightweight executive briefings to hardcore reviews of software development.
- To request remote or physical access to a Kaspersky Transparency Center and to learn more about the Kaspersky VPN service, visit the Kaspersky Transparency Center website.