I’ve gotten enough family and friends asking about VPNs that I’ve decided it’s time for a blog post about it. I can’t explain how happy I am to hear people asking unprovoked about VPNs. As anyone who’s had a conversation with me at any kind of gathering knows, I care deeply about a free and anonymous internet. I strongly believe that cryptography is the way to achieve this. I read cypherpunks on my honeymoon. I’m invested in cryptocurrency (no, not bitcoin, and yes, including ICOs), and I’m in the process of building a miner. I spent my downtime after leaving SDL learning solidity. That’s how much I care.
With the Snowden leaks it became known that the NSA was surveilling public communications in mass. We often hear the tired trope of “well, I’m not doing anything wrong on the internet, so why would I care?”. And in response to that I’ll trot out the equally tired trope of “perhaps you’re not doing anything wrong under the current regime, but what happens when that regime changes, and they don’t like something you’ve done in the past on the internet?”.
There are more nuanced reasons for the necessity of secure communications online, however. One of which is brought to light by the recent cyber attacks [1,2]. It isn’t secure for all communication to be stored in a centralized manner anywhere, as this leads to the possibility of massive cyber attacks. Both of the above cyber attacks used NSAs own tools. The internet wasn’t originally designed to be centralized, and any centralization of power or data is extremely dangerous.
Another nuanced point will play to your civic duties as a progressive, libertarian, patriot, or whatever you people are calling yourselves nowadays. As it stands now, it is relatively easy for the NSA to target individuals, nefarious or otherwise, because of the nature of their internet traffic. If a user is using a VPN, or tor, or any kind of abnormal encryption, they’re immediately given a jaundiced eye, even if this person is simply browsing reddit. If, however, everyone on the internet decided tomorrow to tunnel all their traffic through tor or a VPN, or use an elliptic curve cryptography instead of TLS, this would create a massive computational haystack with which the NSA would have to search in to even check for the existence of needles.
In a sense we’d all be pretending to carry around bombs in the NSAs eyes, making anyone actually carrying a bomb look less suspicious. And therein lies the quandary. We want the NSA to find bombs, but at what cost? The verdict on whether or not the NSA is effective in their goal is hotly contested [1,2,3,4,…I could go on for days]. I don’t want to stray too far off topic (this was actually intended to be an introduction to this post walking a user through the basic set up of the TunnelBear VPN), but there are numerous discussions pointing out the irrelevance of the NSA’s effectiveness to the moral question of mass surveillance.
But I digress.
I personally believe that the internet was meant to be fully anonymous and fully encrypted. Rather than thinking of it as “we’re all pretending to carry around bombs”, I believe it’s more similar to “we’re all wearing clothes, and anyone not encrypting their traffic is buck ass naked”. Don’t you think that’s a bit suspicious?
And this is why I believe everyone should use tor or VPN for every form of internet communication. It is your civic duty to put on a pair of pants.