When you think even casually of the Internet environment we navigate today it is hard to not consider security as a major theme: this concept captures items so ‘small’ as advertising privacy (i.e., the peculiar way items you search for show up on unrelated accounts) all the way up to enterprise data breaches and higher-level malicious activity. VPN
As our lives and business interactions take place mostly online now, it is paramount to understand ways to secure this space on the individual and collective levels. Rather than arguing for a system of top-down control, it is far better and perhaps an important safeguard of human rights everywhere to ensure that security can be individually accessed with strong encryption by default. More importantly, this tooling should be available to all.
This can be easily accomplished by adopting an appropriate Virtual Private Network (VPN) tool and further, leveraging open-source protocols for the same. A VPN allows you to create a private connection on any public/enterprise/government network that masks your connection from typical malfeasance by hiding your true IP address.
We will consider the importance of VPN technology in our modern world after a brief introduction to the history, adoption, and continued development of these important tools of privacy and security!
Background of VPN:
VPN technology began with the Peer-to-Peer Tunneling Protocol (PPTP) invented at Microsoft in 1996 and increased in sophistication, scale, and variation as a result of the widespread security breaches of the early 2000s – while it may be argued that technological development itself ‘caused’ some of these issues, the VPN became a highly desirable tool and space for considerable innovation regardless. Some things do happen for a reason!
Initial developments were mainly used by government and large enterprises but very quickly, the tools were modified or developed wholly in the public domain for individual use. As this occurred, open-source distributions started to allow computer scientists and engineers to better innovate and avoid expensive interactions with Original Equipment Manufacturer (OEM) vendors and the government.
While many open-source projects exist, we will focus on WireGuard in this entry as it has several attributes that are both desirable and unique in this space. The reason why an open-source tool is preferred is as follows: public auditing and end-user/administrator control are relatively autonomous. Tooling employed by private actors (while effective) limits innovation, creates unnecessary economic imbalances of opportunity, and ultimately limits humanity in the long-term perspective. There is also a higher likelihood of ‘leakage’ and product deficiency as a private solution does not benefit from the probing minds of our ever-growing community of developers or security researchers.
WireGuard – A Solid VPN Solution:
WireGuard is an optimal solution for most individuals, businesses, and even government entities and we will explore this in greater detail below. The main benefits are robust security, inherent external privacy, and ‘fault-tolerant’ networking. It has featured prominently in many consumer VPN products such as NordVPN, ProtonVPN, and others.
VPN deployment and configuration is quite simple with WireGuard – connectivity is merely a matter of exchanging public keys (altogether like Secure Shell) and it should also be noted that this can roam between IP addresses. You do not need to manage connections in the same manner as OpenVPN / IPsec or other solutions. You also don’t need to pay for expensive licensing or worry about cost-creep because WireGuard is open-source and even ongoing development efforts are not profit-driven.
Yet, despite this relative simplicity and ‘openness’ the WireGuard VPN includes extremely robust encryption – please reference the linked whitepaper for context if desired: WireGuard: Next Generation Kernel Network Tunnel. Due to the strength of the underlying encryption, it is all but impossible to breach this and it should be noted that by switching connections/toggling network access inside of 24 hours of use, you can essentially guarantee privacy if you are following other best practices and maintain your own networking equipment. This is of particular importance considering recent knowledge of the widespread use of such tools as NGO’s Pegasus spyware and other developments such as Apple/Android-aligned devices showing increasing vulnerabilities. This isn’t meant to be scare-tactic, so much as letting you the audience know that I care enough about your privacy to be honest about the issues around this. You deserve privacy and ‘feeling’ unsafe online is increasingly aligned with real-world dangers as well – consider the reputational damage even a small breach causes a business or how identity theft impacts an individual.
The way that WireGuard operates in a ‘fault-tolerant’ manner is because of the IP-roaming capability noted above. Many other VPN solutions require relatively static IP addresses and cannot tolerate switching servers, etc. in the same durable manner as WireGuard. You can be up and running on Wi-Fi versus mobile data when switching use or server-to-server in seconds rather than requiring painful minutes of tunnel/connection latency or the dreaded IT service desk request in enterprise environments when dealing with such routine connection-dropping offenders as OpenVPN or IPsec.
Rather than requiring extensive monitoring, configuration, and painful remediation, WireGuard allows the end user a degree of freedom of choice while never compromising underlying security measures. While it may seem crazy, you might have the same security of a well-groomed corporate network on your local coffee shop Wi-Fi or *gasp* at the airport. Best practices around restricting your network usage during international travel remain relevant, but the above scenarios are well within the realm of possibility. So, you could also very well access your bank account or other sensitive logins on a public network in your local fitness center without worrying about an unfriendly ‘visitor’. Consider another scenario: your home network or access at work will be private and prevent spam or targeted advertisements (which rely on IP tracking) that frankly are just creepy at this point.
We will be providing additional commentary on this solution, privacy/networking best practices, and other helpful information soon but hopefully, this serves as a good introduction to both VPNs and the particularly useful WireGuard.
Stay safe online and I hope you enjoyed reading this!
-Kevin Martelon (SMT)