Featured

VPNs and Encryption Do Work: A Response

I recently came across another article on TechSling about spying, firewalls and VPN use. I found it to present a very simplistic and dismissive approach to the topics at hand. It also provided no support or back up for the claims presented.

encryption

I’m going to be looking specifically at that article’s most dismissive claim about VPNs by looking at key quotes from a few sources who know a thing or two about security.

The first claim that is difficult to understand about VPNs

If you followed the link you would have come across a phrase saying ‘that the idea that it is impossible to track your web browsing because you are using a VPN service is not true, but it does take some sophisticated monitoring technology that the likes of MI6 in Britain may use.’€

To look at the basics of this: first there is no MI6, it is now known as SIS. Furthermore, the job of government intelligence gathering in an internet context is more the job of the GCHQ than SIS.

When the author states “sophisticated,” that is correct. It takes incredibly complex and expensive equipment to break encryption that strong – and that all adds up to time being taken to actually break anything. To quote a recent Torrent Freak article, a group of people who need to know and make it their business to know what works:

‘€œFrom a technical point of view it’€™s nearly impossible to break the most secure forms of VPN encryption in real time.’€

The quote goes on to read that some older algorithms have been cracked. A modern VPN knows to update their algorithms – sitting still leaves you vulnerable.

A key take away from this is best summed up by security expert Bruce Schneier, writing for Wired. ‘€œWhatever the NSA has up its top-secret sleeves, the mathematics of cryptography will still be the most secure part of any encryption system,” such as the encryption provided by a VPN, “It’€™s very probable that the NSA has newer techniques that remain undiscovered in academia. Even so, such techniques are unlikely to result in a practical attack that can break actual encrypted plaintext.”

Has the NSA actually cracked any encryption?

The claim that the NSA can get into any encryption is simply untrue. What they have done, however, is steal security keys and work with vendors to sabotage their own security.

To summarize it quickly, a tweet from internet security speculator, digital rights campaigner, and writer for Boing Boing, Cory Doctorow says in 140 characters or less:

The NSA can not do real time decryption of 128-bit technology. It can’€™t. The NSA will, however, work with vendors and steal security keys from servers, but it can’€™t crack the 128-bit encryption used by the best VPN providers.

Conclusion on VPN and encryption as a viable security measure

I wanted to quote just one more security expert on the matter of encryption before ending this:

‘Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on.’

The person who said that was Edward Snowden speaking with The Guardian in regards to the NSA’s capabilities, an organization which he famously once worked for.

He goes on to speak about how endpoint security, your computer, is weak. This validates the claim made by the author in the article under discussion about firewalls. They are an endpoint technology that can increase your security further, but can do little once you are past the firewall itself – this is when a VPN service will be your best security measure.

Be the FIRST to Know - Join Our Mailing List!

Subscribe to our mailing list and get interesting stuff and updates to your email inbox.

Thank you for subscribing.

Something went wrong.

Previous ArticleNext Article
Matthew is the writer for the Devumi Blog, the topics up for discussion on this blog are marketing on Twitter, YouTube, SoundCloud and recent Google developments.

7 Comments

  1. I am agree with you but I am still afraid of that. NSA is a powerful organization, and I am barely sure that they can bypass almost any infrastructure. In France for example, you cannot use a security algorithm, before it has to be checked and certified by our government to ensure national security…

  2. I can’t speak for France, but the NSA just doesn’t have the capability to do a live hack of any current algorithm. Older ones, yes, given time they can potentially crack it if you’re a bad enough person and they really want you.

  3. Unfortunately the NSA doesn\’t need to crack the current encryption standards for a VPN not to be completely secure. It\’s likely that they\’ve built backdoors into many of the most popular VPN providers networks. On the upside, the NSA probably isn’t looking for you, so any VPN will greatly increase your security online.

    1. A basic summary of our comment: “It doesn’t work, because likely maybe, and you don’t have to worry.” You know that scene in the third Austin Powers movies where Austin is trying to figure out time travel. “I’ve just gone cross-eyed.” That’s how I feel now.

      To address your comment, I stated numerous times (and even included a quote from another expert) that the NSA can’t do a live crack of current VPN encryption, but that they have indeed stolen security keys and generally acted like people who aren’t government employees. Or they have acted exactly like dishonest government employees, and…I’ve gone cross-eyed again.

  4. The first thing that came to my mind, after reading the title that had “VPN” was web hosting. And i seriously did not know any thing else about it. Good post there, though.
    🙂

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Send this to a friend