Show HN: Responding to NSA spying with a simple consumer VPN service
The NSA metadata gathering and passive monitoring is quite upsetting, and we don't have much confidence in legal changes happening quickly, so we put together a really simple consumer VPN service. We're still cleaning up the UI and making the install process easier, but it should work for people now.
Yes, it's based in the US, but there's a big difference between "will turn over data proactively" and "will push back on requests to the fullest extent of the law". Since we don't fall under CALEA, there's no requirement for us to have any monitoring infrastructure.
We're focusing on the mobile experience for iOS and Android -- the best combination of platform security but also difficult to "roll your own" service.
Would greatly appreciate HN's feedback on concept and implementation; still under active development. Posting some free signup codes in the comments to try it out.
https://privacy.cryptoseal.com/
75 comments
[ 2.9 ms ] story [ 142 ms ] threadOr how is your product easier to use?
We have some differentiating security features vs. all existing VPN systems coming; this is just a show hn to get feedback.
We've mainly worked on the corp VPN as a service (which does internal monitoring/filtering/IDS/etc.), but at $100/mo, it's not really an option for consumers. Due to all the NSA stuff, people were asking for a consumer option.
You can use OpenVPN, which is pretty robust (SSL-based) on any platform where it's supported. We're working on an SSL VPN option for mobile.
The PPTP and L2TP vulnerabilities aren't purely passive attacks, so they're not likely to be used by NSA for general users. They are a risk for individual targeted users.
The Soviet soldier was almost always outclassed on a 1:1 basis by the German soldier in WWII, but the Wehrmacht and Luftwaffe combined still were unable to defeat the U.S.S.R.
PRISM is somewhat ambiguous -- maybe it's a huge secret program where they get blanket access to big sites directly, maybe it's just a UI layer for managing subpoena or warrant results.
Protecting your metadata is one thing where a VPN works pretty well. There are still some more advanced attacks (looking at the encrypted traffic flows on lightly loaded links, you can infer what site/activity one is doing, even without decrypting, unless you pad all communications).
EDIT: nevermind, VPNs do offer obfuscation of "metadata", i.e. your IP address, which I guess is what you were saying.
I wonder if you could create a VPN/Tor-like network that automatically picks "exit nodes" closest to the destination to avoid taps... (or even better, avoiding known tapped routes)
End to end is mostly the right solution, but I'd like to see message/object based encryption (conf and signing) rather than just transport encryption, too.
(other metadata includes DNS resolution, and of course all the other protocols and things which aren't encrypted -- it's not JUST an issue of hiding your IP)
Yes, we do that. We have some internal traffic balancing and mixing, we will probably put more detail to that before the end of the year.
We are looking at the options for VPN-to-Tor as well, however there are some performance challenges to overcome.
I also love the fact that they have servers outside of the US, makes it a little bit harder for the US government to spy on you.
It would be ironic if the NSA fiasco ended up accomplishing half of the NSA's mission (protecting domestic networks) by getting everyone to improve security and encrypt-by-default, at the cost of making the NSA's SIGINT mission vastly more difficult.
1) What platforms do you care about? Do you mainly need service from one fixed location, or from home/office network plus mobile?
2) How close does it need to get to the endpoints? We have 4 exit nodes right now; we'd probably need ~50+ to be very close to most services. There's still a portion which is "in the clear" (although, use https...), but it becomes very impractical for NSA or especially others to passively tap all those locations (since they wouldn't be IXes necessarily, and intra-colo links don't get routed through buildings like ATT 611 Folsom St.
For the last 2 weeks I've been taking actions that attempt to pull-back my public footprint and re-exert control over my privacy (admittedly illusory) to a point where I feel more comfortable. One of the biggest "oh crap" moments was when I realized my phone is powered by software derived from a Google product.
Windows desktop should be straight forward enough to connect.
Personal Linux server farm with services that are open to the general Internet, but for outbound traffic not related to something I serve, my servers are at the mercy of the security of the feed I have.
As far as how close it has to be to an exit, I'm completely indifferent. There are trade-offs that I'm willing to accept (in some cases, extreme) as I record over 20 years of habitual internet behavior.
The issue is that "TCP in TCP" can lead to weird interactions where you delay one packet, wait for retransmit, etc., and essentially a single packet lost can eat up a second or two.
In general I'd always try UDP, and if it doesn't work, fall back to TCP.
They're equivalent security -- it's just network performance.
A (current and historical) performance monitor, uptime monitor is a great idea.
We currently monitor 60+ sites from the Alexa Top 500 for load time and loss so we can use the data for capacity planning and fault isolation.
It might be because of consumer grade router[1] have low computing power, but the speed is so low that I highly doubt it. Yes I have tried multiple VPN providers.
I have yet to find a VPN provider that can provide all of the following:
- Guarantee Bandwidth
- Take Privacy Seriously[2]
- Support consumer grade router (with DD-WRT or alternative)
- Do not cost more than my actual internet connection
[1] ASUS RT-N16
[2] http://torrentfreak.com/vpn-services-that-take-your-anonymit...
Testing various consumer routers with VPN for performance is on my todo list. I know the WRT54GL is probably fairly antiquated at this point, but I have some newer DD-WRT supported routers like the WNDR3700 to try.
Maybe it is hardware as mention in other replies. I haven't done testing with different hardware.
A fair amount of that has to do with how little CPU is available on your router device, I suspect no manufacturer will support a device that can do a lot of crypto and still be in the consumer price range.
That said, I could ship you a device right now that'll do 100Mbps of encrypted traffic all day long, but it doesn't have wifi and its about $500...
I imagine something like this would take place:
SSL does not happen in the kernel. So you need to send a payload to the kernel to encrypt, you get back the ciphertext, wrap it in your packet (add some headers) and then push this data once more to the kernel, which sends it out over the network for you.
Receiving ciphertext would go along similar lines.
That's probably not very efficient. Contrast this with full disk encryption using dm_crypt (linux). No shuffling back and forth of data. Userspace only really needs to handle the plaintext (and not even directly, but through the FS layer, which is also in the kernel).
So maybe it may just not be worthwile to expose the interface to userspace on reasonably powerful platforms? Anything above a tiny MIPS or old 486?
The VIA padlock crypto accelerator is (or was at some point) exposed to userspace and OpenSSL could take advantage of it. I wonder how much of a performance increase that yielded, considering the issue I noted above.
Also, hardware accelerators typically only support a couple of modes and key sizes. That's fine for full disk encryption, but in a networked world you need more flexibility.
It yielded 100Mbps+ SCP's with zero system CPU usage, very very handy. I've used a few older SSL accelerators and they were good for about 1Gbps or so. IMHO AES-NI makes these things obsolete, and with that going into the new Intel Atom cores, I think thats likely going to drop a lot of the competition out.
Should rock for NASes too. Right now only certain i3/i5 NAS seem to do AES acceleration, so the cheapest are around $2k bare from QNAP or $999 from iXSystems.
For anyone interessed, https://github.com/Nyr/openvpn-install makes installing OpenVPN a breeze. For VPS deals, http://www.lowendbox.com/ and http://vpsboard.com/.
https://github.com/apenwarr/sshuttle
What VPN providers claims is that they do not store logs/ip addresses and they have no way of knowing what traffic comes from client.
I've just purchased an Asus RT-N66U to run an OpenVPN client so that I can encrypt the traffic from all computers, and as I don't do file-sharing I've focused on choosing a provider obsessed by privacy rather than piracy. IVPN looks like it, but I haven't yet tried it so don't yet know how it will perform.
I've been using one of these, bought with Bitcoin, via Coinbase, set up with a Hushmail account, for a while now. It works great. Bandwidth is diminished somewhat, but not enough to be a problem for normal browsing or other totally legal activities.
edit: I'm tired, just noticed you linked to essentially the same TF article I did. Anyway, the service I've been using works with Tomato and DD-WRT (on some routers), is affordable, and is on of the recommended services for taking privacy seriously. They don't guarantee bandwidth, but in practice, there hasn't been a problem so far.
I've been a ViprVPN customer before. I had a question or perhaps it was an issue I called them about and the person I was communicating with told me what VPN server I last connected to and when I connected. Sure, to do any kind of troubleshooting, this would have been necessary and important information. But I was concerned enough about the unsolicited disclosure that I cancelled the service immediately.
DuckDuckGo can claim a reasonably high interest in protecting my privacy because they simply do not collect data that the big search engine does. Collecting and storing this data would make them a target for undisclosed, unchallengeable, and unwarranted surveillance. This has enormous appeal to me.
Having said that, have you guys discussed (loosely) what data you will be collecting?
For a $5-10/mo VPN, we're probably going to handle most problems by "open a new account, here's a service credit", so we don't actually need to debug much. We have a vested interest in collecting the minimum information possible so there's no point in subpoenaing it from us.
We're working on some things which will make it compelling to switch. We put it up now because a lot of people don't have VPNs today -- so hopefully adding another provider convinces some additional people they could use a VPN.
The privacy VPN itself currently does zero logging. The best practices seem to be either zero logging or very short retention logging. We'll commit to one of those (but most likely zero logging) soon (working on a very clear and plain language ToS). All the stuff we'd handle with logging is instead done by going out to top-500 sites (or anything reported to us as not working), rather than monitoring use.
We don't currently do "anonymization" so web browsing can be an issue. We're looking at that with some kind of opt-in proxy.
What does that mean exactly?
We have looked at various ways to solve this, but generally the easiest thing breaks a bunch of other "stuff". We'd like to not break stuff, but still be private. We have a couple strategies but haven't deployed them yet.
https://panopticlick.eff.org/browser-uniqueness.pdf
One of the major issues that has been raised recently is, essentially, trust. Especially in the market that you'd be targeting -- individuals that no longer trust various online services.
You can say that you will fight requests as much as possible under law, but how is that different from what Google, Facebook, and others claim to do?
The NYTimes just published an article claiming that Skype was backdoored by the NSA in cooperation with a small team of Skype developers, in secret, back in 2011. For the sort of people that are concerned by that sort of news, how are you going to convince them that you're different?
For now I'd like to think we're more trustworthy than a large/general purpose company because we have a lot less to lose in fighting (and much more to gain).