Alphabet's Cybersecurity Group Touts Its New Open Source Private VPN

An anonymous reader writes: Alphabet's cybersecurity division Jigsaw has designed a new open source private VPN aimed at journalists and the people sending them data. "Their work makes them more vulnerable to attack," said Santiago Andrigo, Jigsaw's product manager. "It can get really scary when they're outed and you're passing over information."

Unscrupulous VPN providers can steal your identity, peek in on your data, inject their own ads on non-secure pages, or analyze your browsing habits and sell that information to advertisers, says one Jigsaw official. And you can't know for sure whether you can trust them, no matter what they say in the app store. "Journalists should be aware that their online activities might be subject to surveillance either by government agencies, their internet service providers or a hacker with malicious intent," said Laura Tich, technical evangelist for Code for Africa, a resource for African journalists. "As surveillance becomes ubiquitous in today's world, journalists face an increasing challenge in establishing secure communication in the digital space."

The new private VPN, dubbed "Outline", is specifically designed to be resistant to censorship — because it's harder to detect as a VPN (and therefore is less likely to be blocked). Outline uses an encrypted socks5 proxy that looks like normal internet traffic. Once the user chooses a server location, Outline spins up a DigitalOcean server on Ubuntu, installs Docker, and imports an image of the actual server.

It's been named Outline because in places where internet use may be restricted — it gives you a line out.

Fuck Alphabet.

Yeah, trust the largest data mining and advertising company in the world to keep your data private... NOT.

Re:Fuck Alphabet.

[bill_mcgonigle]

Totally ignore the Snowden slides and all the Valley insiders that say Alphabet has data-sharing agreements with all the intelligence agencies.

No need for VPN software other than SSH.

[Vitus+Wagner]

If you have you own (or event shared with other people) server where you can login via SSH, you don't need any other VPN software. Just start ssh session to it with dynamic forwarding and use it as Socks5 proxy.
Any cheap server on Digital Ocean, Amazon or elsewhere would do as long as you reasonable sure that it is located in the country which don't track you.

Of course, openssh has more elaborate VPN soulution built in, but it requires administrative rights on both ends of link. And dynamic port forwarding works by default as long as you have ssh client (putty would do) which supports it, and you can tune proxy settings in your browser.

Re:What problem exactly?

[MightyMartian]

When was the point of encryption ever anonymity? The point has always been to transmit data over open channels in a manner that it couldn't be decrypted. The Germans and Allies were doing it all the time during WWII, and interception was expected (if a message couldn't be intercepted, then there would be no need for encryption). One of the failures I see with networks like TOR is the misapplication of encryption for anonymity. Anonymizing data (ie. stripping out metadata) is a separate discipline. The two can certainly be combined, but they are not the same thing.

When I connect to my online banking, I have some expectation that my identity will be known. I'm not relying on the secrecy of the transaction, I'm relying on the inability of a middle man being able to gleen any details of the transaction.

Friendly reminder: alphabet is not your friend.

[nimbius]

Google, and by extension, Alphabet, joined the US PRISM surveillance program in 2009. https://en.wikipedia.org/wiki/...