|
I ran across a new security offering this morning -- HotSpotVPN -- when I went to ITConversations to sample the audio version of Larry Lessig's new book "Free Culture".
HotSpotVPN is a subscription-based VPN (virtual private network) server that lets you make a secure PPTP (Point-to-Point Tunneling Protocol) connection from anywhere. This kind of service offering is great for travelers, road warriors, and people who like to hang out at coffee houses and local watering holes to surf or just get a break from the office.
Securing my connection in such situations has been a vexing problem. I've used various combinations of SSH, telnet, VNC, and other software to munge together my own ad hoc security for the past year or so. Doing so took a lot of help (from my friend Brent Ashley) and still didn't provide the level of coverage or convenience I needed. For the most part, I just avoid doing anything remotely sensitive from a public WiFi connection and I change my passwords regularly for any service I have to use.
So the idea of a simple, no-maintenance, easy-to-install, no-software VPN is really appealing. The service offers a one-week trial period so I signed up this morning and ran down to my local Java House to try it out.
Installation is a snap since there is no software, and the instructions at the HotSpotVPN site are excellent. It took me less than a minute to get the VPN connection configured under Win2k and I was up and running. The site also has instructions for Linux and Mac users. After the one-week trial period HotSpotVPN is $8.88/mo via a PayPal subscription, or $88.88 for one year paid in advance. The service can be used from any computer if you have access to the network connection setup.
Completely Secure?Complete is a big word to use in the same sentence with "secure" -- a sentiment HotSpotVPN notes on their website. There really is no such thing, and Microsoft's PPTP protocol is no exception. As security expert Bruce Schneier notes, Microsoft's own implementation of PPTP is buggy as hell. But there are implementations of PPTP for other OS platforms and I'm given to understand they correct many of the holes that Microsoft left open. I can't tell what platform HotSpotVPN runs on, but I'm guessing it's something other than Windoze since the service is hosted by security firm Wifi Consulting -- at least I hope that's the case.
From what I know about such things I'd prefer a VPN using IPsec, which is a public, open VPN standard that wasn't developed by the world's worst security company. But I'm not sure it matters all that much. The main reason to secure your public connections is to keep out the amateur hackers, script kiddies, and general mischief-makers. Die-hard espionage types, the kind you can't really stop anyway, aren't likely to spend their time scamming random packets at generic access points. So the idea is to just put some kind of lock on your door, even if it isn't the best lock available, and get the hackers to move on to some easier pickings.
Since most people in public HotSpots aren't using any security their data will be far more appealing than any type of encrypted data. And in the time an average person spends surfing in one of these places (probably an hour or less) it seems unlikely that a typical mischief-maker will be able to cause much trouble.
AlternativesThis is the first stand-alone VPN offering I've seen, and I think it's a fantastic idea. I expect we'll see similar offerings in the not-too-distant future. At the moment the only alternative I'm aware of is GoToMyPC.com. Way back in 2002 I experimented with GoToMyPC and wrote about my experiences. GoToMyPC offers more than just VPN, and when I used the service the price was $19.95/mo. That was a little pricey for me, since VNC offered the same remote control functionality for free.
But a secure connection has become more important over time. I spend more and more time connected at paid and free WiFi hotspots, and I see that time continuing to increase. $90/year doesn't seem like a bad price to pay to reduce my risk.
|
