Product Concept Proton Zero‑Trust Gateway

Vision

Proton already protects outbound traffic through its VPN, giving users privacy and security when they connect to the internet. The next logical step is to give them the same level of confidence for inbound connections—letting them expose services (websites, APIs, SSH, RDP, IoT endpoints, etc.) without ever having to open ports or configure complex NAT rules. A “Zero‑Trust Gateway” would sit at the edge of a user’s network, authenticate every request, enforce fine‑grained policies, and only forward traffic that meets those policies to the private host.

Core Pillars

• Identity‑First Access – Every inbound request must present a verifiable identity before any traffic reaches the user’s device. Integration with existing Proton accounts (including Proton Pass for MFA, Proton ID for SSO, and optional third‑party IdPs) ensures that only authorized users can connect. The gateway can also support short‑lived access tokens, QR‑code scans, or email‑based approvals for ad‑hoc sharing.

• Encrypted Tunnel‑to‑Tunnel – Once a request is authenticated, the gateway establishes an end‑to‑end encrypted tunnel directly to the user’s Proton VPN client. From the perspective of the public internet, the service appears to be hosted behind Proton’s globally distributed edge nodes, while the actual payload travels over the same privacy‑preserving infrastructure used for outbound VPN traffic.

• Policy Engine – Users define per‑service policies that combine:

  • Who (specific Proton users, groups, or external identities)
  • When (time‑bound windows, geofencing)
  • How (allowed methods, rate limits, logging requirements) The engine evaluates each request in real time, rejecting anything that falls outside the defined parameters.

User Experience Flow

• Publish a Service – From the Proton dashboard or mobile app, the user selects “Expose Service,” chooses a local port or container, and assigns a friendly sub‑domain under *.protongateway.io. They then attach an access policy (e.g., “Only my team members” or “Anyone with a one‑time link”).

• Share the Endpoint – The generated URL can be shared directly, embedded in an invitation email, or turned into a QR code. If the policy requires approval, the recipient receives a secure request that they can approve with their
  Proton Pass MFA.

• Connect Securely – When a remote client accesses the URL, the edge node authenticates the request, establishes the encrypted tunnel, and forwards traffic to the user’s device over the existing Proton VPN tunnel. To the remote client, the service feels like a normal HTTPS endpoint; to the user, no inbound ports are opened.

Strategic Fit for Proton

• Differentiation – While many VPN providers focus solely on outbound privacy, a Zero‑Trust Gateway positions Proton as a full‑stack privacy platform, covering both directions of traffic.

• Synergy with Existing Products – Leverages Proton VPN’s global edge network, Proton Pass for MFA, and Proton Identity for SSO, creating cross‑product stickiness.

• Enterprise Appeal – Remote teams, developers, and small businesses can expose internal tools (git servers, dashboards, dev environments) without compromising perimeter security—a clear value proposition for Proton

Business and Proton Visionary plans.

• Revenue Opportunity – Offer as part of Proton Plus/Professional tiers, with tiered limits on concurrent exposed services, bandwidth, and advanced policy features (e.g., geo‑blocking, custom TLS certificates).

Potential Challenges & Mitigations

• Performance Overhead – Adding an extra hop could increase latency. Mitigate by deploying edge nodes in key regions and using protocol‑level optimizations (QUIC, HTTP/3) for low‑latency paths.
• Abuse Prevention – Open endpoints could be misused for illicit content. Enforce strict abuse monitoring, require verified Proton accounts for publishing, and provide rapid takedown mechanisms.
• Complex Policy UI – Users unfamiliar with Zero‑Trust concepts might find policy creation daunting. Provide guided templates (“Team Only”, “Public Read‑Only”, “One‑Time Guest”) and contextual help within the dashboard.