Should We VPN All Connections?
from the sounds-good-to-me dept
I've been having this discussion with people for nearly two years now, wondering why more people aren't aware of the general dangers of data traveling across a wireless network. While there are plenty of stories about security problems with WiFi, they tend to focus on the wrong thing. The real issue is that anyone else on the same network can easily access any data traveling through the network that isn't encrypted. The most basic solution to this is to use a VPN - and now some are predicting that VPN use is going to spread so that it isn't just for corporate computers logging on from outside the corporate network but for all data transmissions between computers. I think this is a great idea, and am honestly quite surprised that there haven't been more efforts to offer personal VPN products to encrypt all data flows. Right now, if you don't have a corporate VPN or don't want to set up a VPN yourself (no fun task), you're left with few reasonable options for the everyday user. Boingo, the WiFi aggregator offers a VPN service on top of their WiFi subscription plan, but that only makes sense if you're traveling and using Boingo WiFi hotspots on a regular basis. There's also HotSpotVPN, which is a great idea - but at nearly $9/month probably too costly for your average non-business user. I'm surprised that (as far as I know) no one else has come out with a basic VPN offering for the home user. It seems like the sort of thing that a Symantec or a ZoneAlarm (or even a Microsoft) would want to offer. Better yet, why wouldn't an ISP offer it? All your data is already going through their machines, so why not VPN the connection?Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
No Subject Given
Key distribution is the problem.
[ link to this | view in thread ]
IPSec, IPv6 and Key Distro
I'm of the opinion that the feature of IPSec with the most potential is this Opportunistic Encryption method, although my reading of it is very light. It seems that, if the DNS records can be maintained to where we almost trust their integrity, we can publish our keys as DNS entries per-machine, and have connections to those machines pass encrypted.
Yeah, in all we're looking at a 12-20% higher traffic numbers and processors that are way more overworked than before (all hail that malformed hunchback of an idea, the TCP Offload Engine!), but it's not just the desire to hide my MSN family chats from Echelon's prying eyes that makes me want to secure stuff. That dream where more affluent versions of ourselves are ordering pizza via the 6"x6" handheld touchy-pad device, using our credit card from the hot tub, that's a nice dream, and I want to LIVE that dream, damn it.
This 'add ssl to everything that moves' mentality is a half-measure at best, and we really need to get IPSec going full-time in order to realize the goal of where all of our traffic is harder-than-trivial to sniff. Opportunistic Encryption is, from what little I know, a half-step toward a real solution, if we can achieve the minor victory of getting pubkeys into a trustable form of DNS.
(and I mean something more than what DJB promotes)
[ link to this | view in thread ]
No Subject Given
[ link to this | view in thread ]
HotSpotVPN
[ link to this | view in thread ]
Re: HotSpotVPN
I've emailed back and forth with him to the point that I trust him, but you should do your own homework.
As for how long they've been in business, they launched earlier this year (around March, I believe).
[ link to this | view in thread ]
Average Joe
[ link to this | view in thread ]
Re: Average Joe
[ link to this | view in thread ]
Opportunistic Encryption
With a little effort (just an additional DNS record) instant VPN level encryption can then be achieved. Note - I do not even think it's a panacea, but this significantly raises the bar for routine sniffing and bruteforcing.
[ link to this | view in thread ]
[ link to this | view in thread ]