Despite its long history, VPN technology has gained newfound importance in recent months, with regimes around the world using the pandemic to disguise surveillance initiatives and censorious new web regulations.
In territories with stringent internet laws, VPNs have played a critical role in unlocking online resources and fighting misinformation. And elsewhere, they have become an invaluable tool for anyone looking to keep their online activity private.
TechRadar Pro spoke to Sebastian Schaub, founder of VPN service hide.me, to hear more about the technology’s role in safeguarding privacy and human rights and where the VPN industry is heading next.
WireGuard is still making plenty of headlines. Where do you see its future alongside other protocols?
We believe there will be increased adoption of WireGuard as a protocol, which is a good thing for the industry and more importantly consumers. Despite being young in comparison to more established protocols like IPsec, WireGuard is having a positive impact. What is also promising for the future ahead is an active developer community that is making moves forward here too.
In a recent blog, you wrote: ‘We strongly believe that encryption is the very foundation of the internet’. Talk us through why this matters so much.
VPNs play an ever more important role because of two key areas: privacy and the protection of human rights. We have always said this isn’t a privilege; it’s a basic human right. In the online world we live in, freedom is hugely important.
And here is why this matters. Data leads to social cooling and big data is supercharging this effect. As our data is turned into millions of different scores and statistics, it limits our desire to exercise free speech. Social cooling is subtle, like global warming and it creeps up slowly but surely. VPN and encryption in general is disrupting the big data industry/companies and people should know about this as the public awareness is still very low on this subject. Now is the time to act, more than ever.
Without encryption, governments have unlimited power to automatically analyze all data. VPNs are only a small part of the equation and a tool everyone should use.
VPNs are favored by consumers and businesses alike, but most recently with PulseVPN we saw another example of how they can be hacked by bad actors. Any thoughts on the topic of security?
The work of Google Project Zero shows that there are vulnerabilities even in the best maintained applications. The question is not if a product can be hacked but how to minimize the negative effects.
PulseVPN is a closed source software, so it is only audited by a small number of developers. In comparison to that, we only rely on open source software that stood the test of time and mass adoption, like OpenVPN or IKEv2 IPsec or WireGuard, which have been audited multiple times by independent third parties and the source code is openly accessible. Yet open source software does not automatically mean it is secure, if no one is using or searching for vulnerabilities in it.
Big corporations usually have a slow response time to patch vulnerabilities, which creates a favorable environment to exploit them. Responsible disclosure guidelines and bug bounty programs have been adopted to mitigate and improve the overall security landscape.
Why has the industry been so slow to act with regards to adopting a no-log policy?
No-log was often associated with something only criminals would benefit from, which is entirely wrong. The consumer demand for such policies shows the necessity to minimize data collection at every level. The fact that VPNs are adopting it just proves there is a general demand for privacy centric services that do not collect or monetise user data.
Recently there have been several high profile data breaches, despite the best assurances of companies to keep data safe. Sometimes it takes time to realise the obvious conclusion.
Since you founded hide.me in 2012 you’ve seen first-hand just how much the industry has evolved. What would you say has been the biggest change since then?
In 2012, the demand for encryption was low and consumer VPNs were at best a niche product. Then a major event happened, which changed everything. In 2013, Edward Snowden shed light on a global surveillance industry and accelerated the rollout of encryption. It showed people that protecting their freedoms online mattered and that they needed to take control themselves.
Today, almost every website supports an encrypted connection, there are plenty of end-to-end encrypted messengers and the focus has entirely shifted to the need of secure communications. Needless to say that VPNs are a part of this revolution and thanks to its many use cases, everyone knows what a VPN is and why you should use one.
Hide.me is closing in on 20 million users worldwide. What does the future for the company look like?
That’s a huge milestone to reach but our focus as always is to continue growing and improving our product without making compromises on our users’ privacy. This principle is at the heart of everything we do. We will continue to focus on VPN features that our competitors don’t offer, improve the user experience for our customers and are constantly listening to their feedback.
What does the future of VPN look like?
Consumer bandwidth increases and IPv6 will be widely available soon. Many VPNs are not prepared for that, as they only support IPv4 and block IPv6. Hide.me supports IPv6 natively on all locations and we’ll roll out 10G servers over the next few years to meet the demand.
We believe the adoption and usage of VPNs will grow even more – the exponential growth the industry has experienced shows no sign of slowing.
In the next 10 years, we will need to spread a more mature and nuanced perception of data and privacy. They say that data is the new oil and it’s damaging us all the same (not in the same ways though). It’s our responsibility as a VPN company to preach how online privacy is our right and a must and we have a right to be imperfect and free about it, not to worry where our data will end and what will come out of it.
What are your views on audits? Is it a good way of separating the more visible players from the others?
Audits are generally welcomed as they build trust, but are no silver bullet because any claim only provides a momentary picture. A provider can easily delete or disable logging and turn it on after the audit again. Nevertheless an audited provider is more trustworthy than ones without. Long term operating records, whether the provider handed data over to authorities or had a data breach in the past, are more useful to look at – it allows consumers to analyze which provider to trust.