[OpenWireless Tech] Mandatory VPN's to prevent ISP consequences of providing OpenWireless access

Tom Hanan tom.hanan at switchcomputing.com
Tue Jan 13 08:55:16 PST 2015 

I agree with Hans and others That,

VPNs only provide end to end security for connections that originate and 
terminate securely. Practically speaking 98% of VPN connections do not 
meet that requirement and the other 2% are "vulnerable" to advanced 
hackers and Governments.

Which brings me to restate the obvious.

"From an open wireless perspective VPN can be an effective way of 
masking internet usage behaviors by openwireless users that might cause 
an ISP to take action against the individual or organization providing 
the Open Wireless access."

No one should however be under the misguided assumption that a VPN will 
protect their data from Advanced Government sponsored or Civilian VPN 
hacking, however ISP (At least in the US) are prohibited by law from 
cracking VPN encryption. Instead they simply provide the VPN traffic 
logs to law enforcement (Like the NSA) which are subsequently used to 
expose the encrypted VPN Traffic. This information is not subsequently 
provided to the ISP in any form that would allow them to justify taking 
action against an open wireless provider.

Thus even a crappy VPN can obscure open wireless traffic from your ISP!
But don't be foolish enough to think it will do much more than that!

I personally think VPN should be built into the Open Wireless broadband 
standard. I do however believe that we should consider the significant 
impact that would have on internet of things devices which typically 
implement nano IP stacks and process them with processors as slow as 8mhz!

To that end I would like to start a discussion on a Nano resource VPN 
stack for low bandwidth "Internet of things" devices that is not focused 
on perfect VPN security but instead its ability to "Legally" mask 
traffic from ISP. That simple distinction should lower the VPN 
performance bar considerably! It may even prove usefull for boradband 
devices as well since it could also be designed to minimize the VPN 
server side performance requirements enough to provide the VPN service 
for free to people who stand up an open wirelss compatible router.

As a hint I would ask people to look carefully at the HTTPS protocols 
standard and notice that their are only a few very small holes that a 
nano VPN would need to plug in order to mask HTTPS traffic from the ISP. 
The harder problem would then be to create a nano VPN for UDP packets 
that are common in (V)OIP and (SMS)OIP protocols. Which we may or may 
not want to support with a nano VPN for internet of things devices. The 
real problem with the UDP packets is that they are typically where the 
vast majority of the open VPN bandwidth would happen.

Mandatory VPN & Possibly other methods should therefore continue to 
receive a great deal of attention until we can provide a reliable 
solution to a real barrier to wide adoption of open wireless connections 
on consumer and small business routers.



Kind Regards,
Tom

---
This email has been checked for viruses by Avast antivirus software.
http://www.avast.com

More information about the Tech mailing list