Digital Sinning

Are there better ways to VPN?

I’m sitting at an airport restaurant committing a digital sin. I’ve logged on to an unsecured free public WiFi network. I sinned because i had to. The digital infrastructure we share makes perfect security a shared aspiration, and when you can’t tether a second device to a phone that’s protected by a VPN, then you’ve got to make do. And when your other device’s VPN doesn’t seem to want to connect through LAX’s free WiFi, and you’ve got to get online, then you’ve got to make do with the Internet you have. (I could write a whole essay about class-based differential access to secure digital technology, and I will probably will.)

Until VPNs, which are pretty good, are replaced by something better, we will still recommend their use That something better will be apps and a security architecture that assumes that we are all digital sinners, that we are all potential malicious actors, and that the only trusted connections are between a user and a device and allowed only when the user requires access to the device or vice versa This article by Neil Weinberg does a good job explaining why companies will migrate to this approach, but the same holds true for those who use VPNs for our personal digital needs. The thrust: VPNs offer perimeter based defenses and it’s become too easy for bad actors to find ways inside the perimeter. Once you’re in, you’re in.

Speaking of perimeters: Ring (eek - Amazon - ) has created a panopticon of surveillance that state actors and wealthy non state actors will almost certainly try to access, just as two reporters from Gizmodo were able to .

Finally, some good news Apples iOS 13.3 update now allows physical security keys to share the dual authentication burden without requiring special app dev work. All FIDO2 compliant keys are supported, and some might require a special connector (Yubico has a key that directly connects to your iPhone or iPad using the Lightning port )

.