Feature Request: VPN Service for 1Browser

aplnubaplnub
edited May 2013 in iOS

A thought for Agile. I would pay for a secure connection when I travel or connect to public wi-fi to check my e,ail, etc.

I know this is a long shot but it seems it would be a great complimentary service for 1Browser.

Comments

  • MikeTMikeT Agile Samurai

    Team Member

    Hi @aplnub,

    The best thing to do is to get a VPN service to protect your entire iOS devices, not just 1Password. Try Cloak, they're a great VPN service that you can use on your iOS devices.

    When you use their service, any data coming in and out of your iOS device will be through the secure channel, including 1Password's data which is already encrypted before it sends out anything.

    As such, there is no reason for us to bundle anything in 1Password.

  • Regarding Cloak and since it has been advertised on the blog..

    Maybe I am missing the point , but any VPN service that I do not host myself I am trusting the people running the VPN with all my traffic? No?

    I mean HTTPS offers some protection but a MITM attack would be much easier on a VPN such as cloak no? So basically why would I use such a service. I would be putting my online hands in 3 guys...who I know nothing about!

  • DavePeckDavePeck
    edited June 2013

    Hi @poyntesm,

    I'm Dave, one of the three guys who runs Cloak.

    It's a complex question with a complex set of answers.

    First, to the basic question -- "Why should I trust you?" -- we've written a quite extensive answer. I think it's a good one, so I'll just point you to it on our blog: Why trust matters when choosing a VPN.

    As to the question about the MITM attack: that's not strictly true. If your traffic is already HTTPS, and you send it through our network, there's no way (short of forging certificates -- presumably a cryptographically impossible feat) that we could get ourselves in the middle. For your HTTP traffic: without a tool like Cloak you're effectively broadcasting what you're doing to everyone on every wireless network you use; with a tool like Cloak, you're trusting us with your data, and no one else. And, unlike all those unknown people on all those networks you use, we're a known quantity: a small business designed to protect your privacy and earn your trust.

    Let me know if you have any more questions. We have a lot of information on our site about this.

    Cheers,
    Dave

  • Dave, thanks for posting. I plan on using your service going forward on public wifi and outside the country be aide every resort seems to always hack a friends account.

    I suggested Agile get in the business because I TRUST them. If they recommend you, I trust you. Agile just dies things right.

    Also, I had friends in Mexico thus past week at a resort, they used cloak after getting their Facebook hacked.

  • Hi @DavePeck ... firstly thanks for taking the time to respond to my post.

    Thanks also for the link to the blog post. I would suggest that this trust is key to use of a VPN service. I did look for some content to answer my queries on the support side of your site. Specifically I started @ https://www.getcloak.com/support/ and read the basics. I did find it later in the savvy VPN user section... however I would say it should be in the basics. Just a comment.

    It provided some answers but really not enough. Some of the type of details would be what logging do you do to support your service. How are the logs managed/kept? Who an access them? What processes are in place to ensure no un-authorised usage of logs take place. is there any ISO standards you guys follow etc.

    I am sure you are aware people use VPN's for geolocation reasons ;) for users with this usage primarily in mind the public http traffic is not a normal concern. In fact VPN usage then introduces a new risk. So rather than decrease a risk its the opposite. I would like to see maybe some comments that help to reduce my concern in that area.

    I should say I would never use a service to perform any legally sensitive actions, however at the same time I want privacy when using the service and would like to see some technical details to why I can trust you. Like the 1P keychain is public it would be great if some technical details you use to operate the service are public.

    Also if you were ever asked by courts to provide information how you handle it etc.. Sorry if I sound paranoid.

    Esmond

  • Somehow missed https://www.getcloak.com/policies/ ... this is good start for me :)

  • Hi @poyntesm -- glad you found our policies. The policies themselves, and this blog post we wrote when we updated them, should provide total insight into what we do, etc. If there's anything missing, let us know and we'll add it to the policies page in our next revision.

    And there's nothing wrong about being paranoid. We respect a healthy paranoia. ;-)

This discussion has been closed.