Sunday, November 16, 2014

Secure Communications

Like you, I was devastated to learn of the NSA (and associated services) finding there way into protocols and toolchains and algorithms that I've trusted for years. I was recently pointed to an open source project that gives me hope around securing my wire communications again; Streisand.

The underlying connection stack that sits between you (your laptop, your mobile phone, your iPad, your whatever-IP/DNS-enabled device) and the network at large is increasingly exposed to wrongdoers. As talented software/hardware developers increase in numbers, and toolsets/frameworks explode, pulling together toolkits to steal/re-route your network traffic/information (e.g. credit cards/passwords) gets easier by the day.

Streisand is an open-source project that, relatively easily, allows you to setup the backbone of secure communications, using a variety of encryption technologies/tools/protocols. Coupled with a cloud instance provider, and a open source VPN client, you can protect your IP traffic all the way down to the wire via a virtual network somewhere, completely disassociated with your personal identity. You can inspect every line of code yourself in each package, so only you are to blame if you leave a pesky buffer overrun in the mix for exploitation. You can use your own tokens/keys, so you don't have to worry about malicious/overused/weak tokens/keys being used to encrypt/decrypt your traffic.

As the debate around net neutrality continues, trusting ISPs to do what you expect with your IP traffic gets harder and harder. Obfuscating that traffic gives me at least *some* control. I also like knowing that no matter what country/hotel/coffee shop/office building/etc I'm in, no-one else can decipher my communications over the wire.

There are a variety of "cloud services" that offer your own preconfigured VPN server in the cloud, but using someone else's service kind of defeats the point.

No comments: