Tom Hanan
2015-01-13 16:55:16 UTC
I agree with Hans and others That,
VPNs only provide end to end security for connections that originate and
terminate securely. Practically speaking 98% of VPN connections do not
meet that requirement and the other 2% are "vulnerable" to advanced
hackers and Governments.
Which brings me to restate the obvious.
"From an open wireless perspective VPN can be an effective way of
masking internet usage behaviors by openwireless users that might cause
an ISP to take action against the individual or organization providing
the Open Wireless access."
No one should however be under the misguided assumption that a VPN will
protect their data from Advanced Government sponsored or Civilian VPN
hacking, however ISP (At least in the US) are prohibited by law from
cracking VPN encryption. Instead they simply provide the VPN traffic
logs to law enforcement (Like the NSA) which are subsequently used to
expose the encrypted VPN Traffic. This information is not subsequently
provided to the ISP in any form that would allow them to justify taking
action against an open wireless provider.
Thus even a crappy VPN can obscure open wireless traffic from your ISP!
But don't be foolish enough to think it will do much more than that!
I personally think VPN should be built into the Open Wireless broadband
standard. I do however believe that we should consider the significant
impact that would have on internet of things devices which typically
implement nano IP stacks and process them with processors as slow as 8mhz!
To that end I would like to start a discussion on a Nano resource VPN
stack for low bandwidth "Internet of things" devices that is not focused
on perfect VPN security but instead its ability to "Legally" mask
traffic from ISP. That simple distinction should lower the VPN
performance bar considerably! It may even prove usefull for boradband
devices as well since it could also be designed to minimize the VPN
server side performance requirements enough to provide the VPN service
for free to people who stand up an open wirelss compatible router.
As a hint I would ask people to look carefully at the HTTPS protocols
standard and notice that their are only a few very small holes that a
nano VPN would need to plug in order to mask HTTPS traffic from the ISP.
The harder problem would then be to create a nano VPN for UDP packets
that are common in (V)OIP and (SMS)OIP protocols. Which we may or may
not want to support with a nano VPN for internet of things devices. The
real problem with the UDP packets is that they are typically where the
vast majority of the open VPN bandwidth would happen.
Mandatory VPN & Possibly other methods should therefore continue to
receive a great deal of attention until we can provide a reliable
solution to a real barrier to wide adoption of open wireless connections
on consumer and small business routers.
Kind Regards,
Tom
---
This email has been checked for viruses by Avast antivirus software.
http://www.avast.com
VPNs only provide end to end security for connections that originate and
terminate securely. Practically speaking 98% of VPN connections do not
meet that requirement and the other 2% are "vulnerable" to advanced
hackers and Governments.
Which brings me to restate the obvious.
"From an open wireless perspective VPN can be an effective way of
masking internet usage behaviors by openwireless users that might cause
an ISP to take action against the individual or organization providing
the Open Wireless access."
No one should however be under the misguided assumption that a VPN will
protect their data from Advanced Government sponsored or Civilian VPN
hacking, however ISP (At least in the US) are prohibited by law from
cracking VPN encryption. Instead they simply provide the VPN traffic
logs to law enforcement (Like the NSA) which are subsequently used to
expose the encrypted VPN Traffic. This information is not subsequently
provided to the ISP in any form that would allow them to justify taking
action against an open wireless provider.
Thus even a crappy VPN can obscure open wireless traffic from your ISP!
But don't be foolish enough to think it will do much more than that!
I personally think VPN should be built into the Open Wireless broadband
standard. I do however believe that we should consider the significant
impact that would have on internet of things devices which typically
implement nano IP stacks and process them with processors as slow as 8mhz!
To that end I would like to start a discussion on a Nano resource VPN
stack for low bandwidth "Internet of things" devices that is not focused
on perfect VPN security but instead its ability to "Legally" mask
traffic from ISP. That simple distinction should lower the VPN
performance bar considerably! It may even prove usefull for boradband
devices as well since it could also be designed to minimize the VPN
server side performance requirements enough to provide the VPN service
for free to people who stand up an open wirelss compatible router.
As a hint I would ask people to look carefully at the HTTPS protocols
standard and notice that their are only a few very small holes that a
nano VPN would need to plug in order to mask HTTPS traffic from the ISP.
The harder problem would then be to create a nano VPN for UDP packets
that are common in (V)OIP and (SMS)OIP protocols. Which we may or may
not want to support with a nano VPN for internet of things devices. The
real problem with the UDP packets is that they are typically where the
vast majority of the open VPN bandwidth would happen.
Mandatory VPN & Possibly other methods should therefore continue to
receive a great deal of attention until we can provide a reliable
solution to a real barrier to wide adoption of open wireless connections
on consumer and small business routers.
Kind Regards,
Tom
---
This email has been checked for viruses by Avast antivirus software.
http://www.avast.com