Slashdot Mirror
Alphabet's Cybersecurity Group Touts Its New Open Source Private VPN (digitalocean.com)
An anonymous reader writes: Alphabet's cybersecurity division Jigsaw has designed a new open source private VPN aimed at journalists and the people sending them data. "Their work makes them more vulnerable to attack," said Santiago Andrigo, Jigsaw's product manager. "It can get really scary when they're outed and you're passing over information."
Unscrupulous VPN providers can steal your identity, peek in on your data, inject their own ads on non-secure pages, or analyze your browsing habits and sell that information to advertisers, says one Jigsaw official. And you can't know for sure whether you can trust them, no matter what they say in the app store. "Journalists should be aware that their online activities might be subject to surveillance either by government agencies, their internet service providers or a hacker with malicious intent," said Laura Tich, technical evangelist for Code for Africa, a resource for African journalists. "As surveillance becomes ubiquitous in today's world, journalists face an increasing challenge in establishing secure communication in the digital space."
The new private VPN, dubbed "Outline", is specifically designed to be resistant to censorship — because it's harder to detect as a VPN (and therefore is less likely to be blocked). Outline uses an encrypted socks5 proxy that looks like normal internet traffic. Once the user chooses a server location, Outline spins up a DigitalOcean server on Ubuntu, installs Docker, and imports an image of the actual server.
It's been named Outline because in places where internet use may be restricted — it gives you a line out.
Unscrupulous VPN providers can steal your identity, peek in on your data, inject their own ads on non-secure pages, or analyze your browsing habits and sell that information to advertisers, says one Jigsaw official. And you can't know for sure whether you can trust them, no matter what they say in the app store. "Journalists should be aware that their online activities might be subject to surveillance either by government agencies, their internet service providers or a hacker with malicious intent," said Laura Tich, technical evangelist for Code for Africa, a resource for African journalists. "As surveillance becomes ubiquitous in today's world, journalists face an increasing challenge in establishing secure communication in the digital space."
The new private VPN, dubbed "Outline", is specifically designed to be resistant to censorship — because it's harder to detect as a VPN (and therefore is less likely to be blocked). Outline uses an encrypted socks5 proxy that looks like normal internet traffic. Once the user chooses a server location, Outline spins up a DigitalOcean server on Ubuntu, installs Docker, and imports an image of the actual server.
It's been named Outline because in places where internet use may be restricted — it gives you a line out.
Yeah, trust the largest data mining and advertising company in the world to keep your data private... NOT.
hey, its native advertising!
"Unscrupulous VPN providers can steal your identity, peek in on your data, inject their own ads on non-secure pages, or analyze your browsing habits and sell that information to advertisers ..."
So, Alphabet is talking about themselves, right?
It's only "private" if you define "private" as "strip-mine every detail of your life and send it to Google so they can sell it to anyone and everyone (while helping the Chinese totalitarians to stomp down their population)"
Sorry, not my definition of "private".
And, no, I don't fucking trust their evil asses.
But don't worry, the communications are encrypted.
Is this a joke?
private virtual private network, eh?
Were that I say, pancakes?
Re: "Now users can create their own personal VPN to their own personal server" -- Defeats one of the main features of a VPN, i.e. anonymity. The whole point of VPNs & TOR is to bury sensitive information in a haystack of other encrypted traffic to make it harder to find. Also, if national security agencies are tracking journalists, they'll do it with targeted techniques, rendering VPNs & TOR ineffective. I'll wait till I hear about this from independent security experts about what real world problems it actually solves or not.
So it's secure because you say so?
Actually I just realized if this swastika post keeps appearing on every slashdot post like it has been lately, slashdot could technically be banned in Germany.
"Maybe if they keep seeing Private, they'll think it provides privacy."
A google vpn? How stupid do they think people are?
The data kraken offering to keep our communication and maybe even identity a secret?
Thanks, but I'm waiting for the NSA to announce a joint-venture with the FSB, Mossad and China, to get my VPN from!
If you have you own (or event shared with other people) server where you can login via SSH, you don't need any other VPN software. Just start ssh session to it with dynamic forwarding and use it as Socks5 proxy.
Any cheap server on Digital Ocean, Amazon or elsewhere would do as long as you reasonable sure that it is located in the country which don't track you.
Of course, openssh has more elaborate VPN soulution built in, but it requires administrative rights on both ends of link. And dynamic port forwarding works by default as long as you have ssh client (putty would do) which supports it, and you can tune proxy settings in your browser.
Since when does germany have bans in place that prohibit religious freedoms? :-D
See subject: APK Hosts File Engine 3.0++ 64-bit for Linux/BSD h t t p : / / a p k . i t - m a t e . c o . u k / A P K H o s t s F i l e E n g i n e F o r L i n u x . z i p
Yields more security/speed/reliability/anonymity vs. any 1 solution (99% of threats use hostnames vs. IP address most firewalls use) more efficiently/FASTER + NATIVELY 4 less!
Vs. "Bolt on 'MoAr' illogic-logic" slowing u hosts speed u up 2 ways: Adblocks + Hardcode fav. sites u spend most time @ vs. competition loaded w/ security bugs (DNS/AntiVir) + overheads slowing u (messagepass 'souled-out' to advertisers easily detected & blocked addons + firewall filtering drivers) & their complexity leads to exploit!
* ONLY 1 of its kind in GUI 4 Linux/BSD & supports port filters!
APK
P.S.=> Protects vs. all speculative execution exploits + scripts/trackers (faster vs. NoScript @ kernelmode level)/ads/DNS request tracking + redirect poisoned or downed DNS/botnets/malware/malcript/email malicious payloads... apk
The Nazi swastika is markedly different to the Buddhist use of the symbol. The Nazis rotated it precisely to be different to the religious symbol.
It sounds like Google has reinvented obfsproxy, which disguises your traffic to look like innocuous requests. People have been plugging obfsproxy into Tor and OpenVPN for years now.
The company that serves as Google's own private intelligence agency with their own version of a Directorate of Operations? Sorry, I'll pass.
You mean, like Google?
By including this sig, the copyright holders of this work or collection unreservedly place it in the public domain.
Use a low-level tunnel. E.g. set your OS's route through a OpenVPN tun or tap device, and make the firewall block everything, except OpenVPN to that one destination, for all devices. Then add another more exceptions for going throught VPN device, so things can actually connect.
Even better: If you have a home server (e.g. a single-board computer), have THAT one do the routing/firewalling, so your computer(s) only get the VPN on their Ethernet line. (For wifi, of course you should use EAP-TLS with your own CA and ChaCha20/Poly1305/Curve25519 encryption.)
Alphabet owns Google. Surely this VPN will be private!
Google, and by extension, Alphabet, joined the US PRISM surveillance program in 2009. https://en.wikipedia.org/wiki/...
Good people go to bed earlier.
Let me guess, they replaced it with a big red dot on a white background?
Seven puppies were harmed during the making of this post.
Unencrypted headers?
Because the port can trivially be changed. (And there's parametric port knocking, where the kind of knock determines the port.)
And with properly configured SSH, all packets, even the very first one, are fully encrypted with an individual symmetric key, and the actual handshake happens inside of there.
I agree, that of course there are better solutions.
But: You're doing it wrong. Repeat after me: A VPN is not an anonymization solution!
gweihir KNOWS u IMPERSONATE me https://it.slashdot.org/commen... c6gunner proves it https://linux.slashdot.org/com... he forgot to SUBMIT as AC & using his registered 'lusrname' instead (because he tried to mock me both BEFORE & after I FAIRLY challenged him to show he's done better work - he had ZERO).
& NO WAY I'd "cry" like you "playing victim ne'er-do-wells" on /. (TROLL /.ers, not all) OR post on hosts offtopic.
YOU HELPED ME https://science.slashdot.org/c... (& you quit trying to make me look bad trying to "tell lies" on hosts as "ME" IN YOUR IMPERSONATIONS of me e.g. https://tech.slashdot.org/comm... as regards Intel speculative execution attack? Hosts PREVENT 'EM)
APK
P.S.=> I KNOW the 2nd to last link above's KILLING YOU - YOU ACTUALLY HELPED ME getting me to see if hosts stop more than portsmash (& Meltdown + Spectre too) & "lo & behold" - hosts WORK on 'em - U LOSE... apk
So-called Buddhist nations (though that one's more Shinto than Buddhist) aren't known for being particularly Buddhist.
Excellent troll is excellent.
The Nazis rotated it precisely to be different to the religious symbol.
No, they didn't; you're just repeating nonsense someone once told you without bothering to check it. The swastika has been used by various religions in many different styles, and in both orientations.
If anyone can come in, they are, by definition, not private.
only for christians.. muslims can rape women and it's ok.
Installed it on my amazon free aws tier. Traveling abroad to where im sure vpns are blocked. Hope it works.
I must say its pretty simple to setup and use. I wish openvpn was like this.
It doesnt allow you to access local network servers (ie 192.168.1.1) like openvpn does
I wish openvpn was this easy to setup
Didn't it originate in India ?
Wikipedia says this:
The swastika is a geometrical figure and an ancient religious icon from the cultures of Eurasia, where it has been and remains a symbol of divinity and spirituality in Indian religions.
A lot of them are. It's just that that actual Buddhism practice is mostly stuck in the monasteries. Most people only go to the temples mostly to wish for something rather than seek enlightenment or guidance.
I bought myself ARM-based router board, that runs a full Gentoo Linux on it, and does basically all home services. From a file sharing VM with its own VPN, over a file server that also is my phone's sync "cloud", and fakes being Google, over being my own name server, my own CA, my own home automation (including artificial time zones with gradual adaptation, simulated climate and time of year), my own E-Mail and XMPP server, to pretty much everything you can imagine. Of course in separate "VMs". (I mean application firewalling, via Rule Set Based Access Control. A VM, by itself, is not a security solution.)
I do it mainly for exercise and fun purposes, and it grew slowly over several years. But if having your own infrastructure is your thing, it’s amazingly satisfying. :) .. At least you can get *some* updates on what's currently known to be insecure.
The only hard part, is to always keep up with the latest developments. Because unfortunately, Gentoo maintainers tell you fuck-all.
The best part: With my own CA, I can trivially MITM all connections of software or sites I’m using. Like games or Google.
The only real problem with the Swastika is a corrupt German government has failed to rehabilitate the swastika, and in the most arrogant fashion chose it ban it in human context, the Germans raped it and then banned it because it was raped, very nicely done Germany and you should be deeply ashamed.
For journalists to be secure, you maintain separate devices. One that connects to the internet and one that does not, you do the work on the one that never connects to the internet, it's network devices powered off completely or preferably missing and you sneaker net it, carry data to it, scan that data, never autorun and then load the data, to output you save the data to a USB memory stick and carry it over to the device that is connected to the internet and load and upload. So the secure unit is a desktop with a big screen and network connections and the connected unit, what ever notebook you like. To travel buy a cheap notebook, that you can scap at the end of the journey, store all data to USB stick and mail home, do not carry it home or encrypt and upload. Only ever decrypt on the unconnected desk top.
All it takes is a security letter to undo any external security, want it secure, do it internally. Google most definitely can not be trusted, absolutely not. They are first and foremost an advertising company, their core role is lying for others, that is the core function, everything else is bait to serve that function ie they will target type 2 diabetics with candy advertisements for example, shamelessly, ideal target group, likely to generate news sales, well at least for the medium term and then who cares.
Chaos - everything, everywhere, everywhen
Wait, what? I'm a gaijin living in Japan and every single map that I have seen uses the swastika (or manji) to mark temples. I just took a look at Google Maps, and it does the same. Also, the manji faces counter-clockwise, and the Nazi swastika was clockwise (and rotated 45).
Seriously, it would me really angry if they had to drop a centuries old symbol due to tourists' ignorance.
"Unscrupulous VPN providers can steal your identity, peek in on your data, inject their own ads on non-secure pages, or analyze your browsing habits and sell that information to advertisers ..."
Each use case is a little different. Someone in an oppressive country might be trying to get access to much needed news. Another just wants to stream Netflix without AT&T or Verizon from throttling their feed. While yet another wants to remain anonymous for less than honorable reasons. Each case needs their VPN to protect them from different types of intrusion. No one VPN will cover every use case. That's why I do my research at That One Privacy Site I don't know if the information there is all legit but it is mighty thorough. Everything from is the VPN located in a 5 eyes nation down to the ethics of whether they prevent SPAM.
"A person is smart. People are dumb, panicky dangerous animals and you know it." - K
I retested this today, just to confirm what I already know. China and their Great Firewall have been able to automatically detect and block Shadowsocks for a long time. The concept of wrapping a VPN client and server into a nice UI is very good, but you'll need much much more than this to accomplish your goal. Seriously, am I very disappointed with Google/Alphabet - you have the resources and ability to change the internet, but you won't do it because privacy would break your business model. Eric Schmidt, Larry Page, Sergey Brin - you should be ashamed.
If I was China for example or Iran, I'd probably just block off DigitalOcean and I'll effectively block "Outline" too. This is weird. It's not combating censorship in any meaningful way.
The actual ideal is elegance, efficiency and emergence!
That means the ratio of how complicated it is, versus how *powerful* it is!
E.g. Notepad is extremely simple, but also extremely featureless So its level is extremely low. It is extremely cumbersome.
And VIM and Emacs, while extremely featureful, are also extremely complicated. Which ruins their level too.
Ideally, it should be as simple to use as Notepad, but as powerful as Emacs. That would be a high level.
(An example would be programs that have a console, where your actions in the GUI are also actions in the CLI, and vice versa. They allow you to just do something, then select some console history, and make it a button with a shortcut and parameters. A visual function. That is very powerful, but also very elegant and simple. The Godot game engine would be another case, thanks to its very generic concepts that you only need to learn once, and can apply *everywhere*.)
But that requires brains. And many people are pathetically mentally overwhelmed by this. So they just dumbed things down. And to give it a name, they dumbed the concepts of efficiency, emergence and elegance *themselves* down, by dropping the power part, and gave it a new name: "KISS".
Henceforth acting like pure simplicity is a "good" thing.
When anyone with a working brain can plainly see, that the simplest and hence supposedly most ideal interface would b something like a plain and completely featureless rock. Which would obviously also be completely useless. Showing the absurdity of the fallacy behind glorifying simplicity over everything.
Ergo: Simplicity without power is lazy and hence harmful and hence stupid. Therefore, KISS is considered harmful. ... It's an idiotic anti-pattern.
The only real problem with the Swastika is a corrupt German government has failed to rehabilitate the swastika, and in the most arrogant fashion chose it ban it in human context
Um, what exactly do you think Germany could have done post-WW2 to make the Swastika not have negative connotations in western countries?
The CIA just had a communications debacle exposed concerning its information assets in various countries worldwide, causing a roll up of those assets, even the deaths of dozens of those assets at the hands of their countries' security apparatuses. This sounds like something they could use after some modifications.
E Proelio Veritas.
Hahaha, this is like using Chinas VPN.
Google is off the rails. Diversify your information cache and do not trust any if there services if you care about privacy or the ability to control your own information.
Um, what exactly do you think Germany could have done post-WW2 to make the Swastika not have negative connotations in western countries?
Paint it pink or rainbow colors.