Slashdot Mirror
Alphabet's Cybersecurity Group Touts Its New Open Source Private VPN (digitalocean.com)
An anonymous reader writes: Alphabet's cybersecurity division Jigsaw has designed a new open source private VPN aimed at journalists and the people sending them data. "Their work makes them more vulnerable to attack," said Santiago Andrigo, Jigsaw's product manager. "It can get really scary when they're outed and you're passing over information."
Unscrupulous VPN providers can steal your identity, peek in on your data, inject their own ads on non-secure pages, or analyze your browsing habits and sell that information to advertisers, says one Jigsaw official. And you can't know for sure whether you can trust them, no matter what they say in the app store. "Journalists should be aware that their online activities might be subject to surveillance either by government agencies, their internet service providers or a hacker with malicious intent," said Laura Tich, technical evangelist for Code for Africa, a resource for African journalists. "As surveillance becomes ubiquitous in today's world, journalists face an increasing challenge in establishing secure communication in the digital space."
The new private VPN, dubbed "Outline", is specifically designed to be resistant to censorship — because it's harder to detect as a VPN (and therefore is less likely to be blocked). Outline uses an encrypted socks5 proxy that looks like normal internet traffic. Once the user chooses a server location, Outline spins up a DigitalOcean server on Ubuntu, installs Docker, and imports an image of the actual server.
It's been named Outline because in places where internet use may be restricted — it gives you a line out.
Unscrupulous VPN providers can steal your identity, peek in on your data, inject their own ads on non-secure pages, or analyze your browsing habits and sell that information to advertisers, says one Jigsaw official. And you can't know for sure whether you can trust them, no matter what they say in the app store. "Journalists should be aware that their online activities might be subject to surveillance either by government agencies, their internet service providers or a hacker with malicious intent," said Laura Tich, technical evangelist for Code for Africa, a resource for African journalists. "As surveillance becomes ubiquitous in today's world, journalists face an increasing challenge in establishing secure communication in the digital space."
The new private VPN, dubbed "Outline", is specifically designed to be resistant to censorship — because it's harder to detect as a VPN (and therefore is less likely to be blocked). Outline uses an encrypted socks5 proxy that looks like normal internet traffic. Once the user chooses a server location, Outline spins up a DigitalOcean server on Ubuntu, installs Docker, and imports an image of the actual server.
It's been named Outline because in places where internet use may be restricted — it gives you a line out.
Yeah, trust the largest data mining and advertising company in the world to keep your data private... NOT.
"Unscrupulous VPN providers can steal your identity, peek in on your data, inject their own ads on non-secure pages, or analyze your browsing habits and sell that information to advertisers ..."
So, Alphabet is talking about themselves, right?
private virtual private network, eh?
Were that I say, pancakes?
If you have you own (or event shared with other people) server where you can login via SSH, you don't need any other VPN software. Just start ssh session to it with dynamic forwarding and use it as Socks5 proxy.
Any cheap server on Digital Ocean, Amazon or elsewhere would do as long as you reasonable sure that it is located in the country which don't track you.
Of course, openssh has more elaborate VPN soulution built in, but it requires administrative rights on both ends of link. And dynamic port forwarding works by default as long as you have ssh client (putty would do) which supports it, and you can tune proxy settings in your browser.
It sounds like Google has reinvented obfsproxy, which disguises your traffic to look like innocuous requests. People have been plugging obfsproxy into Tor and OpenVPN for years now.
You mean, like Google?
By including this sig, the copyright holders of this work or collection unreservedly place it in the public domain.
When was the point of encryption ever anonymity? The point has always been to transmit data over open channels in a manner that it couldn't be decrypted. The Germans and Allies were doing it all the time during WWII, and interception was expected (if a message couldn't be intercepted, then there would be no need for encryption). One of the failures I see with networks like TOR is the misapplication of encryption for anonymity. Anonymizing data (ie. stripping out metadata) is a separate discipline. The two can certainly be combined, but they are not the same thing.
When I connect to my online banking, I have some expectation that my identity will be known. I'm not relying on the secrecy of the transaction, I'm relying on the inability of a middle man being able to gleen any details of the transaction.
The world's burning. Moped Jesus spotted on I50. Details at 11.
Google, and by extension, Alphabet, joined the US PRISM surveillance program in 2009. https://en.wikipedia.org/wiki/...
Good people go to bed earlier.
Wait, what? I'm a gaijin living in Japan and every single map that I have seen uses the swastika (or manji) to mark temples. I just took a look at Google Maps, and it does the same. Also, the manji faces counter-clockwise, and the Nazi swastika was clockwise (and rotated 45).
Seriously, it would me really angry if they had to drop a centuries old symbol due to tourists' ignorance.
The only real problem with the Swastika is a corrupt German government has failed to rehabilitate the swastika, and in the most arrogant fashion chose it ban it in human context
Um, what exactly do you think Germany could have done post-WW2 to make the Swastika not have negative connotations in western countries?