Providing provide technical expertise and capabilities to at-risk populations subjected to repressive and authoritarian control.
This project will increase the security and privacy of VPNs and VPN-like technologies.
The majority of censorship circumvention, privacy, and anonymity tools work in ways that are essentially VPN-like under the hood and are based on tunneling connections through an encrypted tunnel by re-routing locally generated packets on the VPN client device. This technology helps take the burden off the user to, e.g., configure their apps to use a local socket-based proxy. While there has been a great deal of research into securing the encryption tunnel for VPNs, we instead consider the endpoints of the tunnel and the low-level packet routing behaviors within the operating system kernels of the VPN client and VPN server. Our goal is to promote a more solid foundation for the security of VPNs from a packet-level perspective through vulnerability research. Our work builds on William Tolley’s OTF-sponsored Internet Controls Fellowship Program project, which led to two CVEs (CVE-2019-9461 and CVE-2019-14899).
Breakpointing Bad is a non-profit founded in 2019 based out of Albuquerque, New Mexico. Our team has over 66 years of combined experience in network security, penetration testing, reverse engineering, malware analysis, developing CTFs for training, IT, and cryptography. The vast majority of these activities have focused on technical security issues motivated by privacy, free speech, and human rights. Our goal is to provide technical expertise and capabilities to at-risk populations subjected to repressive and authoritarian control.