Expert Round Up: What is the Future of the Personal VPN?

It is the age of the internet, and one thing’s for sure – we’ve never been more plugged in than we are today. Forget laptops and tablets, these days even our watches are ‘smart’, and everything we say is ‘recorded for quality and training purposes’.

Managing online privacy and security has become something of a nightmare for the average Joe, and as technology gets more convenient and accessible, it also gets more invasive. Our apps connect and transmit our data automatically, our contacts sync, our photos import – everything happens with a simple agreement to terms and conditions, and before you even know what’s happening, your information is being shared, uploaded, and logged.

It happens so often, most of us don’t even think about it, but our data and personal information is constantly being shared and transmitted. Cybercrime has seized the opportunity and has risen quickly to capitalize on the abundant information that is often so poorly protected. Public networks have become notorious for inviting hackers to prey on unprotected connections.

The Battle Between Privacy and National Security

More challenging still is the legal tug of war that rages between national security concerns and user privacy. As more terrorist groups take to social media and email to communicate and coordinate, governments everywhere are justifying laws that allow them to override basic privacy and conduct surveillance and data logging.

It’s a tough issue, and the lines get blurry when public safety enters the mix. Is it worth it to compromise our privacy in the interests of national security? Can we trust government to protect our data and not use it in an immoral or unethical way? Where is the line? Where does it stop?

Regardless of where you stand on the issue, many users are becoming more and more aware that nothing they do online is truly private anymore, and many are looking for solutions. There are lots of email encryption services, and of course antivirus software, but a lot of users are beginning to look to VPNs to guarantee their privacy.

What is a VPN?

VPN stands for virtual private network, and it’s a service that is offered by a lot of companies that have sprung up on the internet in recent years. This software protects your internet connection, and also gives you access to geo restricted content. Here’s how it works:

1. You sign up for a service plan with a company and download their software.
2. Once installed, choose a server location from their network and connect.
3. Your IP address is hidden, and you’re given the one associated with the server you’ve chosen.
4. Your data is fully encrypted and routed through the server you’ve chosen.

VPNs are widely used to access blocked websites and services like Hulu and Pandora, which are limited in where they’re available. However, with IP address blocking and data encryption, many also argue that these services are critical in protecting our privacy from government surveillance and cybercrime.

So which is it? Are VPNs truly effective at protecting our anonymity online? In this changing world focused on the internet of everything, what is the future of the personal VPN? Can we count on them to protect us?

We asked a panel of cyber security experts exactly that. Here’s what they had to say.

Here’s what we asked them:

What is the future of Personal VPN’s ?

Shu – My Security World

Shu is a technologist with a security background, who is always looking to learn and share information on internet privacy and security in her blog. She believes firmly in protecting  kids and teens from the threats in the online world. “I put my phone away during dinners & social events as I still prefer real connections.”

________________________________________________________________________________________________________________________

“Use of personal VPNs are on the rise as consumers attempt to thwart geographical locks on content consumption or to access banned sites (e.g Facebook/Twitter in China).

However, unless consumers know which VPNs they are connected to and how effective those are in protecting their browsing privacy if the government discovers the server, they may potentially get in big trouble. There really is nothing private online. Even Tor users, which is essentially a big VPN network, leave a trace behind. We have already seen examples of increased government surveillance of individuals who attempt to “hide” their online activities, even if they have legal/legitimate intentions.”

Jonathan Hochman – Hochman Consultants

 Jonathan is the founder of Hochman Consultants, with over 25 years of experience in his field, and two computer science degrees from Yale. He is chairman of SEMNE and a founder of    CodeGuard, and has been a speaker at several conferences and events. His company specializes in search marketing and web development services.

____________________________________________________________________________________________________________________

“I’m not a big fan of VPNs because I don’t think they guarantee anonymity. When going online you have to assume that people are recording your every move, and don’t count on any anonymity to save you. Your VPN provider could be served a subpoena, or be bought out, or corrupted.

Worse, if you happen to get a keystroke logger on your system, nothing you do is going to be confidential at all. Have you reviewed and verified every line of code on your system? Of course not. So how do you know there isn’t spyware right on your desktop. Whether you use VPN, PGP or something else, if your keystrokes are logged or your video is intercepted, you’ve got no privacy whatsoever.

Essentially, if I want to steal your data, intercepting your network traffic isn’t the easiest way to do it. It’s much easier to phish you, put some malware on your system, and use your keyboard and screen to get whatever I want. Moreover, if you use an ordinary ISP, they do log your traffic, but most (e.g. Comcast) only keep the logs for 6 months. Unless somebody is really on the ball and starts a legal process quickly, those logs will be gone before they can lay hands on them.”

Matthew Pascucci – Frontline Sentinel

Matthew Pascucci is a Security Architect, Privacy Advocate and Security Blogger. He holds multiple information security certificates and has been given the opportunity to write and speak about cyber security for the past decade. He’s the founder of www.frontlinesentinel.com and be contacted via his blog, on Twitter @matthewpascucci, or via email matthewpascucci@protonmail.ch.

________________________________________________________________________________________________________________________

“The government is in the business of collecting data for surveillance, not just small amounts of data either, but everything they can get their hands on. In past this was the exception, if there was a need to retrieve data, which there always is, they would go through the proper channels to acquire said data.

Nowadays the constant stream of data being poured into government silos for surveillance has become a business model. Collect everything and sort it out later.

For those that value their privacy and liberty on the internet, using a personal VPN is a smart move. It’s not up to the government to collectively capture everyone’s every move on the internet. Just because there are some bad eggs on the internet, doesn’t mean that we all suffer for their actions in an approach that will do more harm for our nation in the future. We know that governments say they’re doing this for our protection – that it’s for our own good that surveillance is on us like an ever watching eye, but what if, down the line, the government doesn’t have our best interest at heart?

What if that data, say fifteen years from now, is used to abuse the liberty they told us they were protecting? These are the things we need to think about now before not using a personal VPN. The Stasi used government surveillance that spiraled out of control against their nation. This isn’t something that happened in the dark ages, this occurred twenty five years ago, and many people have overlooked this already. How quickly we forget the past, and how freely we give up privacy under the guise of additional protection.

There’s also a big difference between law enforcement working on a case and having big brother with unfettered access to everything you’ve ever done on the internet. We’re not using personal VPNs to hide things from the government; we’re doing it for our personal privacy. There’s a big difference between privacy and secrecy. With privacy you have something that you want to share with potentially a few people, with secrecy you want to make sure no one knows it. We’re looking for privacy here, not so much secrecy.

With all this being said, using a personal VPN to encrypt your internet traffic will become something you’ll want for your own protection in the years to come. It’s not that we’re anti-government by using a VPN to protect our data; it’s that we’re pro-privacy. We’re entitled to the privacy of our data and by protecting yourself here could guard against future abuse of unwarranted surveillance of a nation state that might have overstepped their boundaries.”

John E. Dunn – TechWorld/Computerworld UK

John is one of the co-founders of TechWorld, and currently serves as the Security Editor for TechWorld and Computerworld UK. You can find his work in the TechWorld blog The War on Error.

____________________________________________________________________________________________________________________

“There is a huge untapped opportunity for VPNs as privacy services for Internet users who would prefer to opt out of business and state surveillance,  or just achieve more security when away from home.

The problem right now is that the main providers who claim to offer this aren’t that well known beyond specialist circles and there is no UK presence or investment to speak of. Performance will always be an important feature for VPNs, but the future of subscription VPNs lies in developing and explaining privacy and security, especially for mobile devices.”

Andrew Hay – DataGravity

Andrew is the CISO at DataGravity, a data storage company. Formerly, he was the Director of Research at OpenDNS, and the Director of Applied Security Research and Chief Evangelist at CloudPassage, Inc. Andrew has been interviewed and featured in articles by Forbes, PCWorld, Bloomberg, and several other major publications and security blogs.

__________________________________________________________________________________________________________________

“I believe personal VPNs, though becoming more commonplace, are still beyond the technical reach of the average individual. In order for personal VPNs to become the way we connect by default, developers must make the process as transparent as possible to its end users. That will help ramp up adoption but eventually, the large concern of users will drift towards the privacy of their respective browsing habits and history. That, unfortunately, may adversely affect adoption, or at least renewals, unless a transparent privacy and data usage policy is made publicly available for all to see – and understand.”

Xavier Mertens – /dev/random

Xavier Mertens is a freelance security consultant.    His job focuses mainly on protecting his    customers’ assets by applying “offensive”  (pentesting) as well as “defensive” security (incident handling, log management,SIEM, security visualisation). Xavier holds several certifications (GCIH, CISSP, CISA, CEH). In parallel to his daily job, Xavier is a SANS ISC handler, a security blogger, and co-organizer of the BruCON security conference.

__________________________________________________________________________________________________________________

“In earlier times, VPNs were used only in corporate environments or by “techies”. The primary goal was to access sensitive resources from public networks.

Then, when the Snowden era started, more and more people decided to use VPNs to protect their privacy. Finally, VPNs are used to allow access to geographically restricted content (think about Netflix which provides different content based on the country).

In my opinion, VPN usage will continue to grow because people are more and more concerned by their privacy. Today, VPN clients are available on any platform (including mobile devices) and do not require any technical skills! You don’t need to understand IPSEC or PPTP anymore, just click on a “connect” button.

The fact that services are not the same across different countries will also encourage the use of VPNs. People just want to use the services that they need. That’s just the human behaviour: Try to block people, they will find alternatives to evade controls!”

Simon Crosby – Bromium

Simon is the co-founder and CTO of Bromium, a cyber security company based out of California. He has previously worked at XenSource as a CTO, and with Intel as a principle engineer, and has also led research with the University of Cambridge in the UK on network performance and control. He is also listed as one of InfoWorld’s Top 25 CTOs.

______________________________________________________________________________________________________________________

“The value of VPNs is being called into question everywhere. Personal VPNs offer a way for consumers to tunnel through the Internet to a different country or network, and pop out using a supposedly anonymous IP address – to “hide” online. VPNs also enforce encryption between the user and the exit point, hiding your activity from an attacker with access to your local network.

This sounds like a great boon to privacy, and even freedom of speech. Or an easy way to get access to free content in another country, such as the BBC streamed content in the UK. But there are challenges: Content providers unsurprisingly dislike illegitimate access, and do what they can to detect and block VPNs. It’s a game of cat-and-mouse that leaves users in limbo.

And there’s concern on the part of law enforcement that hackers can use VPNs to mask their identities. Censors in countries where network access is monitored also fight to block access. And it is likely that all major VPN providers have been back-doored or hacked by governments or attackers. The privacy and freedom of speech benefits of a VPN service may well be a chimera.

In response, the Tor community has set out to deliver a private VPN-like service based on a decentralized routing network and an open source, secure browser. Even then, a determined nation-state attack that has access to a substantial Internet infrastructure can defeat the system.

Finally, there’s a huge shift in user consumption of encrypted, anonymized communication. Simply being anonymous on the Internet is probably of less value than ensuring that direct app-to-service traffic is unbreakable. Emerging apps offer end-to-end encryption that is forward secret (for example signal from Open Whisper Systems) – offering the very best security to consumers, bundled in an app. The loss of trust in traditional consumer VPNs, combined with changes in consumer consumption from simple browsing to mobile app use, seems to imply that consumer VPNs will eventually go the way of the Dodo.”

Ronald Woerner – Cyber Security Center

Ron has over 25 years of experience in information technology and cyber security. He’s currently the  director of Cyber Security Studies at  Bellevue University, and has a long list of  awards and certifications under his belt, along with both a BS and MS, and is a Certified Ethical Hacker.

_________________________________________________________________________________________________________________

“My thoughts on the future of personal VPNs are pretty simple: great concept that won’t become mainstream until it’s transparent to end users.  Most people won’t take action about their security unless and until they are personally affected.  Personal VPNs are an extra step that many won’t take.”

Carl Herberger – Radware

Carl is Vice President of Security Solutions at Radware, a company specializing in application delivery and cyber security solutions. He has been a frequent guest on Fox Business News, CNN, and Bloomberg Broadcast News, among others, and has a long professional history in the cyber security industry.

__________________________________________________________________________________________________________________

“For those of us who consider Privacy and communication to be discrete, then a VPN is a key necessary tool – especially when dealing with mobile devices. Personally, I step away from the free VPNs and into more feature rich, but modestly priced VPNs for my personal and business use. Although not all are created equal, these tools generally offer their users the ability to be free from online and government snooping, blocking of adware, and geo-location anonymity.”

James Villarubia – Uniken

James is the Product Manager for Relative ID, a cyber security platform put out by Uniken. Formerly, he worked as a web developer, and a technician for the White House.

_____________________________________________________________________________________________________________________

“Today, between content providers and your browser, it’s pretty much the Wild West. If it’s not state/corporate Balkanization of access, it’s the withering of net neutrality standards, or packet sniffing in coffee shops.

Personal VPNs have provided a valuable service to combat these trends and vulnerabilities and have come down significantly in cost to boot in the last 5 years. But the strength of these VPNs depends on the security of the endpoint hardware and the protocols upon which they establish secure channels and obscure their source.

In order for VPNs to survive the next decade, they need to look to new secure protocols (not HTTPS) and tight coupling with endpoint hardware. Even worse, as long as governments continue to undermine encryption standards and fight better protocols, the value of these consumer level VPNs will also be continually undermined.”

Vanita Pandey – ThreatMetrix

Vanita is the Senior Director of Product Marketing at ThreatMetrix, a cyber security company specializing in digital identity verification.

________________________________________________________________________________________________________________

“VPNs have become more than simply a secure way for remote employees to connect to a company’s servers. Personal VPNs like ‘hide my ass’, AirVPN and VyprVPN are increasingly being used by savvy consumers to maintain online privacy as well as access content in a secure way. These VPNs also enable people to hide their location, and this is used to access streaming videos and content or applications from a geography where these are restricted.

Sometimes, the users are travelers with legitimate needs, like consumers traveling to countries where certain applications and social networks are restricted, and they use these VPNs to access their accounts. However, most often these are users trying to bypass restrictions from their own countries. Also, sophisticated internet users are using these tools for online privacy and to protect against surveillance and monitoring.

While the use of VPN is currently seen in a negative light, businesses are increasingly using additional information to make a decision on a transaction. In a global connected world, user experience is very crucial, and a potential decline of a good user may have a huge impact on customer engagement. Cybercriminals are trying to benefit from this dilemma that businesses face. They are increasingly using these tools, along with stolen consumer PII (personally identifiable information) data to appear legitimate and attack businesses.

We work closely with some of the leading companies in the world to help them make real-time decisions to differentiate trusted customers from cybercriminals. By providing information on the end users’ true digital identities, we help businesses take a layered approach to identify good customers even though they are using a VPN.

We expect the use of these VPNs to continue to increase as more tools are being made available and consumers and fraudsters alike are realizing the potential benefits of using them. We will see businesses taking a context-based approach to identifying good customers.”

Cameron Camp – We Live Security

Cameron Camp is an author and malware researcher at We Live Security, a Certified Information Security Systems Professional, and a Red Hat Certified System Administrator. He has been featured on several sites, where he gives his expert opinion on a variety of cyber security topics.

______________________________________________________________________________________________________________

“VPNs have historically been really technical to set up, so the barriers of entry for more widespread use was (and still is in certain contexts) very high. That said, the needed software is free and freely available, so if someone could make it work simply, they might be able to attract more personal VPN users.

One way would be to market a small cheap pre-configured router that had the option to hit a button (or through software on your computer turning the router function on) that turned it into VPN mode. There have been some crowdfunding initiatives to this effect that have garnered decent support.

Once (and if) the technical aspects can be simplified, it would provide a powerful deterrent to governmental (or other parties) snooping, steeply escalating the effort required to slurp up and decode information along the network “intersections” between different computers around the world.”

Brad Duncan – Malware Traffic Analysis

Brad is the owner of the blog Malware Traffic Analysis, and is a security researcher for Rackspace. He specializes in threat research, intrusion detection, and network traffic analysis.

____________________________________________________________________________________________________________________

“I don’t forecast any huge growth in the use of personal VPNs,  At least in that, I don’t really see a big change in people using them.  The technical skill of the average user is relatively low.  You shouldn’t expect to see any wide-scale adoption until companies like Apple or Microsoft start baking it into their operating systems.”

Dr. Chase Cunningham – The Armor Blog

Dr. Cunningham is the Head of Threat  Research and Development for Armor, a  company specializing in cyber security and  cloud services for businesses. Chase has an  extensive and diverse background in the  industry, including previous work with the  US Joint Cryptologic Analysis Course in Pensacola.

His primary role with Armor is to analyze cybercriminal tactics, and evolve and innovate new techniques for handling them. Chase is also the co-author of the children’s comic series, The Cynja – a project designed to get kids mindful and thinking about their online privacy earlier in life.

_____________________________________________________________________________________________________________

“Personal VPNs and VPN services are a great thing, if you are a person…They are not a good thing if you are a company or government entity that is trying to secure or lock down your cyber perimeter. I personally use my own VPN service at home to do things and keep my data at least a bit more secure, but the very fact that I as a home user can set up a secure tunnel to essentially anywhere and any service that I desire and that traffic is cloaked by my VPN is a trouble area for monitoring purposes.

Any cybercrime operator or script kiddie who wants to add an extra layer of security to their nefarious activities need only pay a few dollars and instantly they have a much more secure tunnel to use, they don’t have to be a technology wizard to do this, as long as they can click a button their have access to a VPN.

This will help proliferate cybercrime and will ultimately make prosecution and capture increasingly more difficult for those that are trying to combat cybercrime. Personal VPNs will continue to become much wider in use, which will help make those users more secure…but that’s a bad thing for law enforcement and intelligence agencies.”

Sanjay Katkar – QuickHeal Blog

Sanjay is the Managing Director and CTO of  QuickHeal, an IT security solutions provider. He’s  received several awards for his work in the field,  and holds both a bachelor’s and master’s degree  in computer science.

____________________________________________________________________________________________________________________

“Personal VPN does hold potential for a good future. People really want to prevent anyone from eavesdropping on their online activities when they are connected to WiFi networks. At the same time, nobody likes the online advertisers to keep tracking you. At the same time I will say that personal VPN awareness among the users is very low and it will take some time to bring this awareness among people for personal VPN to really pick up.”

Bram Fudzulani – SkyBand

Bram is the HotSpots manager at SkyBand, a cyber-security evangelist, technologist and advocate for internet safety, and is a fellow for the Internet Corporation for Assigned Names and Numbers.

______________________________________________________________________________________________________________

“The future of personal vpn in my personal view seems to be the only best possible solution especially in those countries where the issue of content blocking is on the rise. In Africa for example there’s a growing concern over the issue with the most recent one being the Uganda case where the government blocked all social websites during the election day this week, and most of the CSOs could only rely on personal vnp service to report about the election activities.

So while more countries are not adhering to this growing human right violation issue the use of personal vpn is the future of the safer and anonymous browsing.”

Jim Nitterauer – AppRiver.com

Jim is the Senior Systems Administrator for AppRiver, a company that offers technical services specifically designed for businesses. Prior to that, he served as President and CEO of GridSouth Networks, and is is also founder and President of Creative Data Systems Limited Inc. Jim has a bachelor of science degree in biology, and a master of science in microbiology and biochemistry from Ursinus College and the University of Alabama, respectively.

_____________________________________________________________________________
“Right now, VPN technology is solid, but I don’t think the urgency exists in most people’s mind to force them to learn a new process and build the habits necessary to utilize personal VPNs. Once the desire for privacy and protection while browsing gets to the right level and the browsing experience while on a VPN becomes better, things will change.”

The Verdict: Your Privacy is at Stake

It’s clear from our panel of experts that the efficacy and reliability of VPNs as a means of privacy and accessibility is up for debate, but one thing’s for sure – their rise to popularity is growing on the heels of a global threat to our online privacy and security.

As governments continue to push more and more for invasive data policies, users and private companies alike are having to fight tooth and nail to keep a stake on the privacy of their online activity, and VPNs could very well be at the forefront of that effort.

Every day, technologies improve and VPNs become more and more user-friendly. It’s possible that what was once an unknown to the average user could soon be staple software on devices around the world, but in the end, it all depends on us and what the market demands.

So it’s up to you really – just how concerned are you with the privacy of your data?