On Sat, Apr 8, 2017 at 8:51 PM, Malcolm Greene profox@bdurham.com wrote:
Wondering if any of you are using a 3rd party VPN service and if so, which services would you recommend or suggest I avoid? My use case: MacBook, iPhone/iPad devices while traveling.
I've had this discussion with a few clients this week.
1. If you're concerned over the _CONTENT_ of what you're sending over the cafe wifi, forcing all interactions to SSL is usually sufficient: HTTPSEverywhere plugin on your browsers, and requiring TLS/SSL on your email send and receive. You'll still be making DNS requests in the clear, so it's no secret where you are browsing. To avoid hijacking, hard-code your DNS to known good sources.
2. If you'd like to keep that info from the first couple of links in your browsing, a VPN is the solution. This encrypts the first hops (in the coffee shop and over their ISP). Note that everything coming out of the VPN is still quite readable, so you'll want to ensure you trust the VPN provider, and aren't planning on leaking any state secrets this way. I've probably read the same reviews as you, but can't make any personal recommendations.
3. For you as a developer/tech, it's a pretty simple process to set up OpenVPN on one of your hosted/development servers, and route all of your work through there. OpenVPN is free as in beer and as in speech, and has clients for Windows, Linux. Mac, Android, OS X. The more networking technology you understand, the better you can configure it, but there's instructions for each platform that can be followed like a cookbook. Since you're using a machine in a data center with likely high-speed backbone connections and aren't over-subscribed like most of the commercial services, you'll probably see little overhead.
4. If you're really, really concerned about what you are connecting to and through, well, maybe you shouldn't be doing it :) But if you must, The Onion Router (TOR) is likely as secure as it gets. Using TOR might be banned by some smarter firewalls, and using fully-encrypted connections might lead the 3-letter agencies to think you've got something to hide.