Hi, all. I just got the MVP of my new app out the door and I'd love to get your feedback on it!
If you'd like to give it a go, drop me an email [davepeck at getcloak.com] and I'll send you a special Hacker News invite code. (Or you can just sign up on the Cloak home page.)
Cloak is a personal VPN, only (1) it's super easy to set up and get going, and (2) we terminate in the cloud [AWS], which means we can scale dynamically to meet load and can pick a data center near you to decrease the latency. Under the hood, Cloak is built on top of the OpenVPN stack.
You've got a good marketing page/site for it so far, good work keeping the Mac-like look and feel. Having never paid for such a service your prices seem perfectly reasonable to me for what it provides. Great luck, guys!
Thanks very much. We put the pages together pretty quickly (MVP!), but I'm constantly in awe of how fast Nick (our designer) makes things look... solid.
Some services/companies/websites are blocking Amazon's IP addresses because of abuse. This means that using your VPN I may not be able to access certain websites or services.
This is a compelling idea, but how do users know whether or not they can trust your service? You would have access to all unencrypted internet traffic from your users while the app is active.
One component is trusting that the software does what it says it does. We're engaged with some reputable security consultants to ensure that we're delivering what we promise. We'll have (lots) more to say about that in the coming weeks and months.
The second component of trust is being a trustworthy, transparent company. Building that kind of trust takes time and presence in the industry and the community. We've tried to strike the right balance with our initial MVP website (see the features page at https://www.getcloak.com/about/features/) but we know we have a long road ahead of us. Let us know how we did.
In some sense, our problem of trust is no different than any other VPN, security, or service provider that deals with sensitive data. Trust is difficult and we'll work hard to earn it.
I like your site, but I'm unsure how this would be better than simply using the built-in VPN stuff. I have paid VPN account configured and I use it when on public wifi.
Also, I can share my VPN account with my mobile devices -- can I do this with Cloak? I don't think OpenVPN is iOS compatible.
What built-in stuff do you use (and who is your VPN provider)? While OSX is far better than most at making configuration of secure connections easy, we think there is still a long way to go. Cloak requires nothing but your username and password -- no alphabet soup anywhere.
(We also think our price/performance is substantially better than the average provider.)
Snow Leopard has included built-in VPN support (IPsec and L2TP, no OpenVPN). And it is very easy to configure, admins can export VPN configuration to a file and distribute it to end users. Install the VPN profile is just a double click away. After configured there is a icon in the menubar to connect/disconnect, very much like your app.
I used it to connect to my university's VPN server (a Cisco Concentrator 3000). Works even better than the proprietary Cisco client.
Yes, I've used this stuff before. It's great. It's also not specifically tied to a scalable service, or directly integrated with billing and quota management, etc. We think there's room for both things depending on circumstance.
Living in Japan, I am familiar with a number of people who might try to use your software to make it appear as though they are coming from the United States, so that they could access Hulu or similar websites which are blocked abroad.
I know that, with AWS, you can choose a data center in Asia, so I suppose this type of action will not necessary work with Cloak. I am just interested if you have a policy for dealing with such behavior? It might represent a drain on bandwidth, for example.
There are a lot of shady looking (to me, at least) VPN providers that make a big deal about how you can pretend you're in another country, etc. To me, that's code word for "you can do bad stuff with us." We're not interested in that -- we think that security should be easy for everyone -- and so, yes, we get to decide where your back-end is located. There are other abuse issues unrelated to location that we've taken pains to prevent, too.
As someone who travels abroad half of the year I was thinking the same thing. I really miss having access to so many great services just because I'm outside the country at that moment in time.
I try to avoid public proxies because they seem so shady, but I would purchase from a reputable company like this if it meant I could explicitly select a center located in the US.
It seems to me that the largest problem with this type of service, however it's dressed up, is on the VPN endpoint. We could argue forever about which transport is easier/has more security/etc - but if the VPN endpoint is not extremely secure, resistant to subpoena, etc - then it's not all that useful over a regular homebrew vpn.
It depends on your needs. If you have the tools and skillset to set up and maintain your own endpoint, and you're willing to spend the time to do so (or you believe you can only trust it if you do so) then no VPN provider like us makes sense. We think there are a lot of people who don't fit into this category.
(Also: it's on our roadmap to let users create arbitrary secure networks with Cloak [aka connect multiple clients together rather than run through our endpoint.] It's not exactly the first thing on our roadmap, but we'll get there ;-)
I've seen so many of these VPN-for-rent services that this is becoming an obligatory reply. But I don't see anyone saying "ssh" on the comments yet, so:
Except it wouldn't be OpenCloak... it'd be OpenCloakForPeopleWhoHaveShellAccountsOnServersSomewhere, which is much less useful to your average -- but security-conscious -- user.
Sidestep is a pretty-ish (OS X only) UI for SSH tunnelling - it can be set to auto-activate whenever it detects you're on an unsecured wifi network - like your local coffee shop.
We've heard this from several people and are investigating what a reasonable model would be. (Bandwidth is the key driver of our costs.)
I would say that our current (beta) pricing is stake-in-the-ground, so anything you can tell us about how often and how much you'd use this would be very helpful.
Quick question about your implementation. Do you generate a key for each user using PKI, or is there a shared key for all users? I had a previous VPN provider that used a shared key for each user, which was a security issue.
This isn't entirely constructive, but I like your design. It's close to some of the stuff I've been building lately, and gives me a few ideas for my next design project.
If you'd like to give it a go, drop me an email [davepeck at getcloak.com] and I'll send you a special Hacker News invite code. (Or you can just sign up on the Cloak home page.)
Cloak is a personal VPN, only (1) it's super easy to set up and get going, and (2) we terminate in the cloud [AWS], which means we can scale dynamically to meet load and can pick a data center near you to decrease the latency. Under the hood, Cloak is built on top of the OpenVPN stack.
Cheers, and thanks for checking it out!