Kaspersky VPN Secure Connection - Transparency and Security

We strive to deliver the best VPN service for you.

Wherever you are and wherever you come from, we want you to be safe and protected, along with your private information, while surfing in cyberspace.

The VPN service makes sure the data you send and receive online, and your Internet traffic, remains safe in cyberspace, but trust is critical when choosing a VPN service. To help you make a well-informed decision, we share below how our (1) Kaspersky VPN works and handles data on devices and operating systems; and (2) what we do for enhancing product security and delivering a better service for you.

Q: Have you ever been contacted by law enforcement agencies regarding your VPN service?

A: Neither Kaspersky, or Pango have ever received any inquiries regarding Kaspersky VPN service. We have also agreed with Pango that they will notify us in case they receive any future inquiries.

Q: How do you ensure the data security?

A: We strictly follow the principle of purpose limitation in data management.

  • Kaspersky VPN clients do not store data about user’s online activity.
  • Only information, which is crucial for correct functioning of the software, is processed when the Kaspersky VPN is used. It includes a device used, subscription details, and wireless network specifications. The full list is in Kaspersky VPN EULA.
  • The only situation when a user can technically be identified is when they choose to communicate with the company (such as via chat or email) or choose to provide email address (login) to register at My Kaspersky.
  • Our partner – Pango – also does not store any information that identifies what the user browses, views, or does online via that VPN connection.
  • Data flows are encrypted with leading industry algorithms: Advanced Encryption Standard (AES) 256 to protect data to make impossible to carry out a successful brute-force attack on. Kaspersky VPN also uses algorithms that support Perfect Forward Secrecy to make sure that encryption will not be compromised – even if one of the private keys have been compromised.

Q: Where are your servers are located?

A: We have physical servers in more than 40 regions around the globe, giving you more virtual locations to choose from as well as faster and more reliable connections.

  • At the moment, these locations include the USA, the UK, Canada, Czech Republic, Germany, Denmark, Spain, France, China, Ireland, Netherlands, Russia, Sweden, Turkey, Ukraine, Mexico, Singapore, Belgium, Poland, Italy, Switzerland, Austria, Brazil, Japan and more.
  • These servers are hosted by our partner, the software company Pango, headquartered in Redwood City, California, USA.
  • Premium users may choose which location to connect to (location for free users is assigned automatically) before their device connects to the VPN, after which they are given the VPN server IP address.
  • In risky situations – when a user connects to an insecure Wi-Fi network or opens a sensitive website, Kaspersky VPN offers to switch on encryption, meaning security when the device connects.

Q: How do you ensure the data integrity?

A: We provide the Kill Switch functionality.

  • When your Internet connection is interrupted, the Kill Switch automatically blocks the device’s Internet access until the VPN network connection is restored, thus eliminating the risks of using an unprotected connection.
  • Users of the premium Kaspersky VPN can switch the feature on in the software settings. With it active, users will be unable to transfer data unless the VPN is actively protecting the system.

Q: Do you cooperate with government agencies?

A: We are not obliged to cooperate with and do not share data, but we comply with applicable laws and block access to websites as prescribed by local legislation.

  • At any stage of this mechanism we do not have access to information about the websites (restricted by national legislations or not) our users are trying to visit, nor we log such events. Therefore, it is technically impossible to share your online activity with anyone because this information is not logged.
  • Furthermore, Kaspersky is not a telecommunication provider and is not obliged to cooperate with government agencies and share data, including in Russia. This has been confirmed with a voluntary third-party legal assessment[1].
  • However, upon request and in compliance with applicable laws we block access to websites that are considered illegal in some countries. The blocking procedure depends on the specific country and its legislation. For example, in Russia, all prohibited websites are stored in the special department database, and Kaspersky periodically checks the list of prohibited sites stored in it. We then pass the list of prohibited sites to the Pango infrastructure where it checks destination address against the aforementioned list. At any stage we`re not sharing any data with that special department.
  • If an address is blocked, for http (HyperText Transfer Protocol) we redirect the user to a Kaspersky VPN special page, which shows a warning; for websites with https (HyperText Transfer Protocol Secure) the VPN server just does not connect to them.

Q: How do you keep the VPN product safe for users?

A: We coordinate with the research community and process reports on security flaws found in Kaspersky VPN.

  • The product security in our VPN Service is ensured through Kaspersky’s vulnerability management and disclosure program, including our Bug Bounty Program managed at the HackerOne.
  • So far we`ve received and closed three reports for minor non-critical security flaws in Kaspersky VPN. The description of those flaws and mitigation to them can be found here.
  • We also held an audit of the Pango infrastructure to make sure everything was up to the highest standard. Part of the process also involves monitoring the quality of Pango services to ensure SLAs (Service Level Agreement) are met and maintained, which also includes that of third-party intervention.

Q: I have more questions!

A: At Kaspersky Transparency Centers we provide the unique opportunity of executive briefings of our products, including Kaspersky VPN, and tell about engineering and data management practices.

  • We provide both remote and physical access to learn about products, including Kaspersky VPN Secure Connection – how they work and what data management practices are applied. Depending on the type of request you have, we offer three options available at Transparency Centers – from lightweight executive briefings to hardcore reviews of the software development.
  • To request remote or physical access to Kaspersky Transparency Center and learn more about Kaspersky VPN Service, please click here.

[1] In 2019 Kaspersky published the results of a voluntary third-party legal assessment aimed at providing an independent evaluation of the obligations the company adheres to in line with Russian legislation. Conducted by a prominent Russian and international law expert, Dr. Kaj Hober, Professor of International Investment and Trade Law at Uppsala University in Sweden, the analysis covers three Russian laws related to data processing and storage*, which were widely reported as the ones which Kaspersky Lab – being a Russian based company – is obliged to comply with. The results following the analysis are freely available online and provide an unbiased and fair legal assessment to the company’s customers and partners looking for reliable information about Kaspersky Lab. Based on Dr. Kaj Hober’s review, the company does not fall under obligations of those legal acts primarily due to the nature of its activities.