

Why hasn't any VPN StartUp used the PR Hype of Firesheep to promote itself? - andreasklinger

There should be several already existing VPN StartUps that enable me to tunnel to their gateways, when i am using public WiFi.<p>Shouldn't the Startpage of HN be filled with Promotion and Comparision Blogposts?<p>DIY: Do you know any you would recommend?
======
iuguy
Because it moves the problem away from the local Wifi network to the VPN's
exit point.

If you use a VPN service, don't be surprised if the local equivalent of the
NSA has a sniffer on the termination point. Lots of them do this with Tor,
because lots of them use Tor.

Your best hope as far as VPNs are concerned is to run your own, or an SSH-
based SOCKS proxy. The best thing to do is for sites to use SSL for anything
sensitive.

~~~
andreasklinger
Security until an exitpoint provided by an security company is still better
than Public Wifi.

And (imho) if this is your corebusiness you should be better good in making
sure there are no sniffers at your exit points.

Regarding "own server" - to me this is similar to "own email server". The
amount of people who don't have servers that are more secure than
professionally hosted ones is big enough as a market.

~~~
iuguy
Thanks for your comment. I understand where you're coming from, but that's an
assumption. There's no actual assurance that someone's core business means
that they may be more secure. As for the issue regarding sniffers, in the UK
if the VPN termination is in the UK and they're providing a service, then
under the Regulation of Investigatory Powers bill they may be considered an
ISP, and would therefore be required to keep traffic logs. In other countries
YMMV.

Likewise, if the endpoint is being used for malicious activity targeted
against the critical national infrastructure of country foo, the provider is
not necessarily going to have the option to become aware of the interception
of their exit traffic.

With your own server it may or may not be more secure, and may or may not be
intercepted at the endpoint, but providing you can reasonably configure it the
only person that would attract state-level interception (over and above other
local connections) would be you.

~~~
andreasklinger
Understand your point of view. Still. We trust companies doing Email, Storage,
etc etc

I am not "scared" of people who are able to do "state-level interception".

People on the Airport or in Coffee Places with Firesheep annoy me.

------
bobf
I've considered doing a VPN startup before; however, it seems that the market
is pretty small and margins are low. Your customer base is basically: number
of people who are concerned about privacy AND frequently use insecure WiFi AND
don't already have an existing VPN to use.

~~~
lsc
from what I have seen (I provide VPS, not VPN, but some of my customers buy
the VPS just so they can set up a VPN) what you are really providing is US
internet.

Bandwidth, cpu, etc... is all but free. your big costs would be handling the
abuse desk.

Now, depending on how efficiently you handle the abuse desk, your margins
could be pretty good.

On the other hand, your fee per user would have to be pretty low. The people
who live in countries with restrictive firewalls tend to be /really/ cheap.
but, if you can keep your abuse costs down, the cost of servicing a particular
user is almost zero.

~~~
bobf
I would have actually paid a small fee for that sort of service from a non-US
based provider recently, to avoid MLB blackout restrictions on their online
playoff coverage. (Except a free proxy in China was easy enough to find.)

------
mayank
Because the problem is trivially solvable if the companies in question bump
all traffic to SSL, which they hopefully will do en masse now.

~~~
andreasklinger
Sorry to troll but to me this sounds like "If all companies who didn't care
about security enough in first place start caring about security"

I would like to take control that's the reason i am so bullish on this.

------
lsc
because that doesn't solve the problem.

there are all sorts of choke points between your vpn provider's output and
your destination server where unencrypted packets can be read, and many of
them are not guarded well. BGP even is not particularly secure. You should
treat an unencrypted packet as less secure than a post card.

------
YooLi
Because it has only been 1 day?

~~~
andreasklinger
But the problem exists since years doesnt it?

