Everyone loves public wifi, but it also presents significant security problems. As Brian wrote about in 2010, the arrival of tools such as Firesheep means that, without some care, it’s possible for even technically unsophisticated users to gain access to passwords and other data. But sometimes, you’re at a conference, or just at your local coffee shop, and you’d like to be able to use the wifi!
It is possible to manage this problem to some extent by forcing your browser to use https:// connections, rather than http://. But, as Brian wrote then, the best approach is probably a Virtual Private Network, or VPN. VPNs allow you to funnel your internet connections through an organization’s network, thus utilizing its security features to protect your data.
VPNs come with their own tradeoffs, however. You can use your institution’s VPN, probably–but then they can track your data. And if you’re using your own device, possibly for personal reasons (why not?), campus IT might not want you using their resources–and you might not want them seeing what you do! You can subscribe to a VPN service, but they can be expensive, or you can host your own–but that requires some technical sophistication. (I love this recipe, which basically says, “this is really easy to do, as long as everyone involved is using Linux.”)
A recent solution for Mac and iOS users is Cloak, which offers push-button VPN for Macs and the various iOS devices (iPad, iPhone, iPod Touch). I use Cloak on my iPad, and it works pretty much as advertised. When you install the app, it gives you access to a new setting, VPN, which you can toggle on and off exactly the same way you turn any other setting on and off. And that’s it! *All* internet traffic from your iPad is now shunted through the VPN.
You can find out a great deal about how the service works on their “technology deep dive”:
On Mac OS X, Cloak is built on top of OpenVPN, an open-source SSL/TLS VPN implementation.
On iOS (iPhone/iPad/iPod), Cloak integrates with the device’s built-in L2TP+IPSec VPN stack. Our back end uses strongSwan and l2tpns (with minor compatibility improvements) to serve these clients.
Cloak offers three plans: a free one, which lets you use it for 2 hours or 1GB of data per month; an $8/month option, giving you unlimited time and 20GB; and a $15/month option, again with unlimited time and 50GB of data. One nice thing about Cloak is that the free service doesn’t require a credit card to set up the account.
On the one hand, the service is still in public beta, so you might not want to trust your data to them; on the other hand, the beta is robust enough for them to have implemented their paid plans. Also, it should be said upfront that Cloak isn’t for everyone: It’s not designed to let you fiddle extensively with the configuration, nor does it provide you with a ton of information about what’s going on with your traffic on iOS (OS X users can “can run netstat -r(or, better, netstat -rnf inet)” (Explanation of netstat). Cloak is designed to provide a secure VPN that “just works,” and so if you’re not comfortable with that, then this is not going to be the service for you.
Bourgeois Bits, the company that makes Cloak, says Windows and Android versions of the service are forthcoming.
Do you have an easy-to-use VPN setup? Please share in comments!