Everyone should have access to a secure connection
Public wi-fi networks aren't secure. One way around that is to use a VPN. Unfortunately, it's an option that few people are taking up. SIDN Fund is looking to change that by supporting Let’s Connect!, an open-source VPN solution. "With Let's Connect!, ISPs can offer their customers affordable secure connections," says SURF's Rogier Spoor, the man behind the initiative.
How did you come up with the idea of Let’s Connect!?
"A few years ago, a colleague left to become XS4ALL's Security Officer, but we stayed in touch. When we met a while later to discuss security, we got to thinking that it was odd that ISPs like SURF and XS4ALL didn't offer VPN services. If you use a public wi-fi network to get on line, you're taking a risk. Anyone within maybe as much as a kilometre can see what you're looking at or even plant a virus on your computer. Using a VPN prevents that. But not enough people are actually using one. It would be good if VPNs were made available to more people. You could, say, have the rail company offering a VPN to compensate for the insecure nature of the on-train wi-fi."
Why do so few providers offer VPNs?
"We wondered that ourselves. So we did some research and found it was mainly about cost. VPNs are expensive. There are various open-source solutions, such as OpenVPN, which work well for small numbers of users. However, if you want to scale up, you're almost obliged to go for a commercial package. Then you're looking at easily $20 a year per user. And that's just for your software licence. You've got the cost of the hardware as well. For many organisations, the cost is simply prohibitive. So we decided to try to come up with an alternative based on OpenVPN. The same quality, but suitable for a large user group."
What's a VPN?
VPN stands for virtual private network. An encrypted, and therefore secure, connection is set up between your device and a VPN server. You can then exchange data with another computer without any fear of anyone else getting hold of the data or contaminating it with a virus.
How did the development work go?
"It was a hard slog, actually. Once we had something that worked, we tested it with users. From their feedback, it was clear that we needed something much more user friendly. That implied an app for each operating system. That's quite an undertaking, because a VPN requires low-level integration, so you can't use a standard development pathway. The development effort was significantly bigger than we originally envisaged. Fortunately, SIDN Fund stepped in to help."
How important was the support from SIDN Fund?
"We received a grant of € 75,000 from SIDN Fund, and we raised a further € 50,000 from other sponsors. Without that money, it would have been difficult, because we had to buy in services from various professionals and businesses. I should add that SIDN Fund's support wasn't only financial. They also gave us some really useful contacts, including an organisation interested in offering Let's Connect! to its customers."
What's the current status of Let’s Connect!?
"We've developed the server and apps for all platforms except iOS, which we hope to have ready towards the end of the year. The server and architecture have been thoroughly tested by Radboud University's Digital Security Group and the Windows app has been audited by Fox IT. The other apps will be audited later this year. So they are very secure. We're now looking at ways of distributing the apps. An independent foundation is probably the way we'll go. The open-source code has been deposited with The Commons Conservancy, a foundation that provides governance for open-source software projects."
Who could use Let’s Connect!?
"Let’s Connect! is attractive to any organisation with a large number of customers or staff, such as an educational institute, a government agency or a large company. Our apps are easy to integrate with identity management systems and big businesses can easily rebrand them. But I think that ISPs, hosting forms and registrars have a lot to gain from using Let’s Connect! as well. With Let's Connect!, they can offer their customers affordable secure connections."
SIDN's mission is connecting people and organisations to promote safe and convenient digital living. SIDN Fund was established in 2014 to support that mission. The foundation works to build a better internet for everyone by providing grants to projects that help to make the internet stronger, promote user empowerment or utilise the internet in innovative ways. By doing so, it contributes to the prosperity and wellbeing of the nation.
Is anyone using Let’s Connect! yet?
"SURF is now offering Let’s Connect! under the name of eduVPN. An educational institute's staff, researchers and students can use eduVPN to connect to the internet securely and access the institution's protected systems. Even if they're in a café or on a train. That's really important, especially if they're handling sensitive research data. The aim is to get eduVPN established as the VPN standard for the education sector. Both here in the Netherlands and elsewhere. XS4ALL is going to be looking at the possibility of offering Let’s Connect! to its customers as well."
Let’s Connect! received the Internet Innovation Award in recognition of its potential social impact. How do you feel about that?
"It's a great compliment, of course. It also vindicates our belief that we've developed something that can make a real difference. Here in the Netherlands, open-source VPN technology lets internet users get on line securely. Elsewhere, it can help people remain invisible to dictatorial regimes. Making the technology generally available therefore has huge potential significance for the internet."