Prominent torrent activist website TorrentFreak has published a very interesting article, in which it asks leading VPN providers their views on Edward Snowden’s NSA and PRISM revelations, and on how they impact them.
As this is a subject very close to our hearts, we thought it appropriate to make some observations and share some of our thoughts on issues raised in the article.
Does encryption work?
We discuss this very issue ourselves (in quite some detail) in articles here and here, and broadly agree with the consensus views of the VPN providers – that PPTP should be avoided like the plague if privacy and security matter one jot to you, and that OpenVPN is by far the best way to go. That iPredator diverges from this consensus, advocating ‘OpenSSL with ECDHE + AES and without RC4’ instead is interesting, but the fact that the company was using PPTP as its sole protocol as late as 2009 somewhat undermines its authority on the subject for us.
We also have our doubts about TorGuard’s assertion that ‘there is no known method that even comes close to breaking 128bit Blowfish encryption’. It is true that we have in the past argued that 128-bit encryption is more than sufficient (and that it would currently take around 1 billion years to brute force crack), the recent Snowden revelations about the scale of the NSA decryption efforts make us itch for stronger encryption. In addition to this Bruce Schneier, the creator of Blowfish (wich is known to be susceptible to attacks on reflectively weak keys) recommended moving away from it as back as 2007, stating that ‘at this point, though, I’m amazed it’s still being used. If people ask, I recommend Twofish instead.’
Which bring us onto another important point, and one highlighted recently by Silent Circle, the company which shut down its Silent Mail service because in the wake of Lavabit’s closure it felt that it could no longer guarantee its customers’ privacy. The encryption standards mentioned by the VPN providers (AES and RSA) in the article are NIST certified. To quote from our earlier article,
‘The thing about these standards however, is that they were developed and certified by the United States National Institute of Standards and Technology (NIST). In the wake of Edward Snowden’s evidence that the NSA has been deliberately weakening and manipulating encryption standards for years, and the fact that NIST has admitted to working closely with the NSA in the development of its cyphers, many have begun to question the integrity of its algorithms.
Although NIST has been quick to deny any wrong doing (‘NIST would not deliberately weaken a cryptographic standard’), and has invited public participation in a number of upcoming proposed encryption related standards in a move designed to bolster public confidence, the New York Times has accused the NSA of circumventing the NIST approved encryption standards by either introducing undetectable backdoors, or subverting the public development process to weaken the algorithms.
This distrust was further bolstered on September 17, when RSA Security (a division of EMC) privately told customers to stop using an encryption algorithm that reportedly contains a flaw engineered by the National Security Agency.’
We would love to see to VPN providers move away from NIST certified cyphers, and instead follow Silent Circle’s lead in adopting TwoFish (or possibly ThreeFish) rather than AES (or Blowfish), and the Skein hash function rather than the commonly used RSA-1 and RSA-2 . As yet, however, we are not aware of any VPN provider talking about this, let alone implementing such changes, which is a shame.
Nevertheless, the broad point holds true – OpenVPN with good encryption remains secure against NSA intrusion. As Edward Snowden himself put it,
‘Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on. Unfortunately, endpoint security is so terrifically weak that NSA can frequently find ways around it.’
National Security Letters
Our thoughts on this section of the article are probably best presented as a set of semi-random observations:
- That PIA’s ‘entire admin/development team are committed to remain outside of the US’, and that founder Andrew Lee claims to have ‘relinquish[ed]… access to the PIA systems/networks’ sounds very impressive. However, given the absolute determination and resources the NSA has put into ensuring that nobody has any privacy, that they would have left such a large and well known US based privacy protectin company untouched beggars disbelief. Furthermore, that PIA strives so hard to deny such a thing has happened (which surely it must), only serves undermine our trust in the rest of the statements PIA makes
- The argument (made by US VPN companies) that non US VPN companies are just as likely to either be monitored by equally invasive national security agencies, or are just as susceptible to federal agents when they ‘come knocking’ is disingenuous. The UK excepted, non US national security organisations do not have anything like the resources or global reach that the NSA has. Furthermore, while powerful, the NSA cannot simply issue National Security Letters to non-US companies, who are likely to put up a much greater fight when there is no legal framework forcing them to comply
- Nobody who knows anything about the subject would ever recommend UK providers either
- As a reader observed in the comments section, VikingVPNs idea about simply asking VPN companies whether they have been compromised by the NSA simply does not work, because while it may not be possible to compel a company to lie, they may still choose to do so (when choosing not to may well destroy the company and everyone involved’s livelihood, the incentive to do so is very high). As ToreentFreak reader Menameo noted, ‘remember Google & Apple & Microsoft et al and their spirited denials of PRISM?’
VPN remains one of the most effective means of maintaining your privacy when online, and properly implemented strong OpenVPN encryption is still a big problem for would-be snoopers (including the NSA), although do we think it is time for VPN providers to ditch NIST certified protocols.
While it is true that simply being a non-US company in no way guarantees that it has not (or will not be) compromised by the NSA (or GHCQ etc.), it does remove a company from the NSA’s direct sphere of influence, and likely gives it legal options to fall back on that a US company does not have. Conversely, we should take it as more or less a given that US based providers (particularly larger ones) have either already been compromised are liable to be in the near future.
Of course, most VPN users are doing little of interest to the likes of the NSA, but those of us who care about the principle of the right to privacy, and do not wish to be part of the new ‘Big Brother’ world order, would be best giving US based providers a wide birth.
Update 17 April 2014: It has just come to my attention that a highly critical (and very rude) response to this was posted on the VikingVPN blog, claiming that this article ‘contains errors and inaccuracies.’ I in turn, feel this response blatantly misrepresents the article’s contents, and feel that recent events have vindicated my suspicions about NIST certification.
I have written a full response to the VikingVPN article, available here.