Kaspersky VPN: Transparency and Security
Last updated 10.16.2023
We strive to provide you with the best, most reliable VPN service.
Wherever you are, we want you to be safe and secure while exploring the internet. And when it comes to choosing a VPN provider, we understand that trust is everything. To help you make an informed decision, we have answered some common questions about how Kaspersky VPN works and handles data, and about what we’re doing to enhance product security and deliver a better service.
Q: Have law enforcement agencies ever requested any information from your VPN service?
A: No. Kaspersky has never received any inquiries of this nature regarding Kaspersky VPN. Please note that if we did receive such inquiries, we would adhere to our policy on dealing with law enforcement and government requests, which requires that all external requests go through a mandatory legal review as a first step to ensure the security and privacy of our users, as well as company compliance with applicable national and international laws. In addition, neither Kaspersky, nor our VPN vendor Pango, monitors or stores any data that ties a Kaspersky VPN user to their online activity, and we would not be able to provide content data (data which users create or send and receive) that law enforcement agencies sometimes want for electronic evidence.
To view our Law Enforcement and Government Requests Report, please follow this link.
We have also published statistics on recently received user requests about all our products.
Q: How do you ensure data security?
A: Kaspersky VPN encrypts all data streams with industry-leading encryption algorithms – Advanced Encryption Standard (AES) 256, and the latest ChaCha20-Poly1305. AES-256 is gold-standard encryption that is used worldwide. Numerous major companies such as Google and Facebook, government departments such as the U.S. National Security Agency, as well as many other leading organizations secure their sensitive data with AES-256. ChaCha20-Poly1305 is a state-of-the-art algorithm used, for example, in the popular WireGuard connection protocol. It is highly efficient, allowing users to browse and discover all types of digital content securely and at high speeds.
Our data security controls also include, but are not limited to:
- Kaspersky VPN does not store any data, or permit its vendors to store any data, that can tie users to their online activity.
- We only process information for specific, pre-determined purposes that are legitimate according to applicable laws, and which are relevant to the functionality of Kaspersky VPN. This includes information about devices used, subscription details, and wireless network specifications (in the EU, UK, Brazil, Vietnam, and the US state of California, we process this data only if you accept a specific corresponding statement). Full details are available at Kaspersky VPN EULA.
- The only scenario where Kaspersky obtains information about a VPN user (for example, the user’s email address) is when the user chooses to communicate with us (for example, via chat or email) or chooses to provide an email address to register on My Kaspersky. However, even in this case, we cannot link that information to the user’s VPN traffic, because we don’t store that traffic.
Q: Where are your VPN servers located?
A: Kaspersky VPN uses servers provided by our partner that offer connections via more than 100 virtual locations around the globe. The unlimited version offers the very fastest connection speeds of up to 10 Gbps.
- You can access many virtual locations while using Kaspersky VPN, including the United States, UK, Netherlands, Czech Republic, Canada, Germany, Denmark, Spain, France, Sweden, Ukraine, Singapore, Belgium, Poland, Italy, Switzerland, Austria, Brazil, Japan, and many others.
- The servers are managed by our VPN vendor Pango GmbH and its affiliates, including Pango, located in Switzerland and the United States.
- Users of our unlimited VPN version can choose which location to connect to. For users of free version, a location is assigned automatically.
Q: Does the Adaptive Security feature compromise my privacy?
A: Adaptive Security helps in risky situations. For example, when a user connects to an unsecure Wi-Fi network or opens a website that handles sensitive data (for example a banking or shopping site), the feature suggests enabling encryption.
The user then decides whether they want to accept this suggestion. If they do accept, they give their permission for encryption to be enabled.
To activate Adaptive Security for websites, our app sends anonymous requests to the Kaspersky cloud-based reputation server to get verdicts about websites. After our app receives a verdict for a website, it deletes all data related to the request.
In such instances, we cannot link data to a user’s VPN traffic, because we don’t store that traffic.
Q: How do you ensure data integrity?
A: Via the Kill Switch feature.
- When your connection is interrupted, Kill Switch, which is available in the unlimited version, automatically blocks the device’s access to the internet until the VPN connection is restored. Using Kill Switch eliminates any risks associated with an unprotected connection. Kaspersky VPN notifies users when Kill Switch is activated. Users have the option to disable this feature.
- In the unlimited version of Kaspersky VPN, users can turn on Kill Switch in the settings. When Kill Switch is activated, data is transferred only if the VPN is actively protecting the user’s device.
Q: Do you share data with government agencies?
A: We make every effort to ensure that user data is private. We never provide any government organizations or third parties with access to the company’s infrastructure, including its data infrastructure. We may provide information about user data as well as technical expertise for cybercrime investigations upon request, but no third party can directly or indirectly access our infrastructure or data, and all requests go through a mandatory legal review before being approved, rejected, or challenged. We do this to ensure the security and privacy of our users, as well as to ensure our compliance with applicable laws and regulations. If requests do not pass the legal review, we either reject or challenge them. Please read our Law Enforcement and Government Requests Report to learn about Kaspersky’s policy on dealing with requests from law enforcement and governments worldwide.
Q: How do you keep your VPN service safe for users?
A: We apply secure development lifecycle practices during product development. SDLC is an industry-standard procedure that helps us make our products more secure. Additionally, we adhere to the principles of responsible vulnerability disclosure. We coordinate vulnerability discovery and mitigation with the research community in the event that security flaws are found in Kaspersky VPN.
- Product security in our VPN service is ensured by Kaspersky’s vulnerability management and disclosure program, including our Bug Bounty Program. We also adhere to Ethical Principles in Responsible Vulnerability Disclosure to provide greater transparency on how we cooperate with the research community with regards to handling vulnerabilities.
- So far, we’ve received and closed four reports for minor non-critical security flaws in Kaspersky VPN. The description of those flaws and their mitigation are published on the Kaspersky website.
- We have also audited the Pango infrastructure to make sure they meet the highest standards.
- We continuously monitor the quality of Pango services to ensure they meet and maintain their obligations under a service level agreement (SLA).
- Pango has completed a privacy-focused security assessment of their services.
Q: I still have more questions!
A: Kaspersky Transparency Centers provide our enterprise customers and partners with the opportunity to receive executive briefings on our products, including Kaspersky VPN, as well as our engineering and data management practices.
- We provide our enterprise customers and partners with both remote and physical access to show how our products work — including Kaspersky VPN — and which data management practices are applied. Depending on the type of request you have, we have multiple options available at our Transparency Centers, from lightweight executive briefings to in-depth reviews of software development.
- To request remote or physical access to a Kaspersky Transparency Center, or to learn more about the Kaspersky VPN service, visit the Kaspersky Transparency Center website.