Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Google Privacy Networking

Alphabet's Cybersecurity Group Touts Its New Open Source Private VPN (digitalocean.com) 106

An anonymous reader writes: Alphabet's cybersecurity division Jigsaw has designed a new open source private VPN aimed at journalists and the people sending them data. "Their work makes them more vulnerable to attack," said Santiago Andrigo, Jigsaw's product manager. "It can get really scary when they're outed and you're passing over information."

Unscrupulous VPN providers can steal your identity, peek in on your data, inject their own ads on non-secure pages, or analyze your browsing habits and sell that information to advertisers, says one Jigsaw official. And you can't know for sure whether you can trust them, no matter what they say in the app store. "Journalists should be aware that their online activities might be subject to surveillance either by government agencies, their internet service providers or a hacker with malicious intent," said Laura Tich, technical evangelist for Code for Africa, a resource for African journalists. "As surveillance becomes ubiquitous in today's world, journalists face an increasing challenge in establishing secure communication in the digital space."

The new private VPN, dubbed "Outline", is specifically designed to be resistant to censorship — because it's harder to detect as a VPN (and therefore is less likely to be blocked). Outline uses an encrypted socks5 proxy that looks like normal internet traffic. Once the user chooses a server location, Outline spins up a DigitalOcean server on Ubuntu, installs Docker, and imports an image of the actual server.

It's been named Outline because in places where internet use may be restricted — it gives you a line out.

This discussion has been archived. No new comments can be posted.

Alphabet's Cybersecurity Group Touts Its New Open Source Private VPN

Comments Filter:
  • Fuck Alphabet. (Score:5, Insightful)

    by Anonymous Coward on Sunday November 25, 2018 @12:39PM (#57697238)

    Yeah, trust the largest data mining and advertising company in the world to keep your data private... NOT.

    • by bill_mcgonigle ( 4333 ) * on Sunday November 25, 2018 @01:35PM (#57697458) Homepage Journal

      Totally ignore the Snowden slides and all the Valley insiders that say Alphabet has data-sharing agreements with all the intelligence agencies.

    • by Dunbal ( 464142 ) *
      Hey if you're going to let youserlf be thrown under the bus by your VPN, you might as well let US do it! -- Alphabet
  • by Anonymous Coward

    "Unscrupulous VPN providers can steal your identity, peek in on your data, inject their own ads on non-secure pages, or analyze your browsing habits and sell that information to advertisers ..."

    So, Alphabet is talking about themselves, right?

  • by belg4mit ( 152620 ) on Sunday November 25, 2018 @12:50PM (#57697284) Homepage

    private virtual private network, eh?

    • Not normally a pendantic replier, but in this case it's a private VPN as opposed to a commercial one or a corporate one. You spin it up for a purpose, talking to one source maybe, and not for everyone to use at the same time.

      • Personal or non-commercial seem like better modifiers than a second private in that case: personal virtual private network.

  • by Anonymous Coward

    Re: "Now users can create their own personal VPN to their own personal server" -- Defeats one of the main features of a VPN, i.e. anonymity. The whole point of VPNs & TOR is to bury sensitive information in a haystack of other encrypted traffic to make it harder to find. Also, if national security agencies are tracking journalists, they'll do it with targeted techniques, rendering VPNs & TOR ineffective. I'll wait till I hear about this from independent security experts about what real world problem

    • by MightyMartian ( 840721 ) on Sunday November 25, 2018 @01:46PM (#57697514) Journal

      When was the point of encryption ever anonymity? The point has always been to transmit data over open channels in a manner that it couldn't be decrypted. The Germans and Allies were doing it all the time during WWII, and interception was expected (if a message couldn't be intercepted, then there would be no need for encryption). One of the failures I see with networks like TOR is the misapplication of encryption for anonymity. Anonymizing data (ie. stripping out metadata) is a separate discipline. The two can certainly be combined, but they are not the same thing.

      When I connect to my online banking, I have some expectation that my identity will be known. I'm not relying on the secrecy of the transaction, I'm relying on the inability of a middle man being able to gleen any details of the transaction.

      • The purpose of traditional VPN is that you want to connect to a private network, and secure that connection by encrypting the traffic. However, the purpose of a lot of "VPN" services is actually to make it harder for someone to monitor or block your communications. Without a VPN, your ISP (or someone else) can potentially see what sites and services you're accessing even if the traffic itself is encrypted, and the services can easily keep track of the source address. The VPN service isn't necessarily eno

        • Yes, but what my banking app doesn't do is hide that an IP address provisioned to me connected to a bank web server. The whole point of SSL is to obscure with a high degree of rigor what exactly it was I was doing connecting to the bank.

          Encryption systems are designed for that purpose, and in reality as hard as encryption is, it's much easier than anonymizing data. Even encrypted data can leave some tell tale signs. Padding out data, burying it other data, all can be used to further hide the nature of a tra

      • by ediron2 ( 246908 )

        Banking is just one use case. It's not remotely like cypherpunk activity. And the point of cryptography actually boils down to 3 traits: privacy, authentication, and integrity.

        When is anonymity a desired feature? Off the cuff: Cyperpunks, whistleblowing, dissidents, espionage, communication between guerrilla cells, snowden, wikileaks, the pentagon papers, deep throat, the panama papers, insurrections against despots, insurrections against good rulers, affairs, snitching on affairs, snitches in general, i

    • To promote real anonymity Jigsaw/Digital Ocean should:

      [1] Make it just as easy to set up a private obfs4 TOR bridge.
      [2] Permit payment for Digital Ocean accounts by cryptocurrency, ideally Monero.
  • "Maybe if they keep seeing Private, they'll think it provides privacy."

  • by Anonymous Coward

    The data kraken offering to keep our communication and maybe even identity a secret?
    Thanks, but I'm waiting for the NSA to announce a joint-venture with the FSB, Mossad and China, to get my VPN from!

    • by Dunbal ( 464142 ) *
      They never said secret. They said private. In the same way that airport business class lounges are private to pretty much anyone with a credit card.
  • by Vitus Wagner ( 5911 ) <vitus@wagner.pp.ru> on Sunday November 25, 2018 @01:11PM (#57697354) Homepage Journal

    If you have you own (or event shared with other people) server where you can login via SSH, you don't need any other VPN software. Just start ssh session to it with dynamic forwarding and use it as Socks5 proxy.
    Any cheap server on Digital Ocean, Amazon or elsewhere would do as long as you reasonable sure that it is located in the country which don't track you.

    Of course, openssh has more elaborate VPN soulution built in, but it requires administrative rights on both ends of link. And dynamic port forwarding works by default as long as you have ssh client (putty would do) which supports it, and you can tune proxy settings in your browser.

    • by pz ( 113803 )

      My personal favorite spin on ssh is sshtunnel. I'm not affiliated with the project, just a very satisfied user. As long as I have ssh access to my server, I can get anywhere on the net, no matter where I might be sitting at the moment.

    • SSH is convenient but there is a fair amount of overhead so browsing can be slow.
    • by ottdmk ( 1376807 )
      Isn't running a tcp connection over another tcp connection kinda painful, performance-wise? I don't run a VPN at home (don't have a reason to, personally) but I do maintain an OpenVPN server on my home FreeBSD desktop. Comes in quite handy, and learning how to configure it has been a lot of fun. I mostly use it to secure my tablet when I'm using open wi-fi somewhere. Sure, it doubles the bandwidth going through my home connection but hey, I'm lucky enough to have an unlimited bandwidth account, so why not?
  • by PhrostyMcByte ( 589271 ) <phrosty@gmail.com> on Sunday November 25, 2018 @01:20PM (#57697400) Homepage
    It sounds like Google has reinvented obfsproxy, which disguises your traffic to look like innocuous requests. People have been plugging obfsproxy into Tor and OpenVPN for years now.
    • by Anonymous Coward

      Except this feeds mountains of metadata to Alphabet's maw.

  • by mamba-mamba ( 445365 ) on Sunday November 25, 2018 @01:31PM (#57697442)

    Unscrupulous VPN providers can steal your identity, peek in on your data, inject their own ads on non-secure pages, or analyze your browsing habits and sell that information to advertisers...

    You mean, like Google?

  • Comment removed (Score:5, Informative)

    by account_deleted ( 4530225 ) on Sunday November 25, 2018 @01:46PM (#57697516)
    Comment removed based on user account deletion
  • "Unscrupulous VPN providers can steal your identity, peek in on your data, inject their own ads on non-secure pages, or analyze your browsing habits and sell that information to advertisers ..."

    Each use case is a little different. Someone in an oppressive country might be trying to get access to much needed news. Another just wants to stream Netflix without AT&T or Verizon from throttling their feed. While yet another wants to remain anonymous for less than honorable reasons. Each case needs their VPN to protect them from different types of intrusion. No one VPN will cover every use case. That's why I do my research at That One Privacy Site [thatoneprivacysite.net] I don't know if the information there is all legit bu

  • I retested this today, just to confirm what I already know. China and their Great Firewall have been able to automatically detect and block Shadowsocks for a long time. The concept of wrapping a VPN client and server into a nice UI is very good, but you'll need much much more than this to accomplish your goal. Seriously, am I very disappointed with Google/Alphabet - you have the resources and ability to change the internet, but you won't do it because privacy would break your business model. Eric Schmid

  • The CIA just had a communications debacle exposed concerning its information assets in various countries worldwide, causing a roll up of those assets, even the deaths of dozens of those assets at the hands of their countries' security apparatuses. This sounds like something they could use after some modifications.

This is clearly another case of too many mad scientists, and not enough hunchbacks.

Working...