In today’s increasingly diffuse online world, Virtual Private Networks (VPNs) often serve as foundational building blocks upon which critical digital security is built. By creating secure network tunnels, VPNs allow users to share encrypted information across the public internet with less fear of third-party surveillance. And by providing a protected way to route around firewalls, VPNs also help increase internet access for millions who experience online censorship. Given this, it comes as no surprise that such protocols are heavily relied upon by at-risk populations in repressive environments.
Yet the use of VPNs to combat information controls is by no means worry-free. Existing protocols are routinely targeted by authoritarian governments intent on exploiting commonly known vulnerabilities and massive codebases. Persistent performance issues and periodic unreliability also threaten to reduce the number of effective VPN deployments across the globe. In short, despite using these supposedly “secure” technologies, members of vulnerable communities remain significantly exposed on VPNs.
Until now. The integration of WireGuard—a revolutionarily simple open source VPN—into the Linux kernel is poised to lead the technology into a faster, more secure future with just 4,000 lines of code.
First publicly developed by Jason Donenfeld in 2015, the WireGuard project has steadily grown in acclaim as its state-of-the-art cryptography consistently proved to be easier to set up and securely maintain than existing options like IPsec or OpenVPN. This is due in part to the integration of the OTF-supported Noise Protocol Framework that is also relied on in Signal. Unlike other popular VPN protocols, which can have over 100,000 lines of code that must be monitored and debugged in order to be secure, WireGuard provides security through the most lightweight codebase possible. Less code means fewer options for infiltration, shorter security audits, and increased reliability. Plus, the protocol’s minimalistic approach also makes it easier for users to deploy.
WireGuard’s massive potential to improve internet freedom around the world made it a natural partner for OTF. In 2019, the project received support from OTF’s Internet Freedom Fund to help enhance its code and create an even more secure, accessible, and resilient protocol. The collaboration was a great success. Thanks in-part to OTF support, WireGuard was able to focus on operating system development—allowing the protocol to be merged into the code repository for Linux 5.6. Now that it will be baked into the Linux kernel, WireGuard can truly become a mainstream tool providing near-endless opportunities for new use cases across the most widely used operating systems in the world (both Android and Chrome operating systems are derived directly from the Linux kernel and most websites and servers rely on Linux, along with nearly all cloud infrastructure).
When it comes to the VPNs of tomorrow, WireGuard will be the standard bearer. Its unmatched simplicity, coupled with cutting-edge security, presents a true paradigm shift in the field. In the words of ZDNet, “WireGuard promises to not only be the future of Linux VPNs but of all VPN programs.”
Interested in learning more about WireGuard or installing it on your device? Click here!
Read more about OTF’s involvement with WireGuard here.
—
About the program: The Internet Freedom Fund is OTF’s primary way to support projects and people working on open and accessible technology-centric projects that promote human rights, Internet freedom, open societies, and help advance inclusive and safe access to global communications networks for at-risk users including journalists, human rights defenders, civil society activists, and every-day people living within repressive environments who wish to speak freely online. Through the Fund, OTF strives to uphold and increase capacity for individuals, organizations, and companies who support technology-centered efforts that aim to strengthen Internet freedom and promote human rights by circumventing repressive censorship and surveillance, improving related digital security capabilities, and contributing to the overall health of the Internet. Learn more about the program and apply here.