VPNs should use Public-Key Cryptography instead of long codes

Version 0.9

A few years ago there was a lot of hype around Mullvad VPN, particularly on Hacker News. Whenever I saw an article posted where the comments subsequently extolled the virtue of the service, I had to check profiles to gauge the integrity of the poster.

VPN services have a spotty history due to internal policies, technical oversights, and shady corporate structures. They are tasked with allowing people to masquerade as if they were in another location and among a large crowd of other users, so you will see them competing on “no logging,” security audits, and various methods of payment.¹

When security researchers have something to say online, I pay attention. Like anything else, you cannot take what they say at face value but strongly consider it as truth, especially when you had no basis for whatever the topic may be. Long ago I used algo until wireguard became a favorite tunneling method of that crowd. Below is a list of esteemed security researchers and the VPN service each recommends.

table 1.1: list of security researcher vpn recommendations

I wouldn’t say I bought into the hype. In the absence of any security researcher recommending it, I decided to give it a try. Signup involves receiving a long code which you use to generate up to 5 profiles. You can use their client or install the wireguard (etc.) profile yourself. I did both methods and managed my profiles from time to time using my long code. I had thought I settled on just two profiles: one for mobile, and one for desktop, deleting a couple while playing around with it. To my surprise, I logged in and saw a total of 4 profiles. I deleted two I didn’t recognize, made sure it was the case, and continued testing it out. A week or two later I logged in and saw a total of 3 profiles.

What was going on here? Was there a bug generating profiles? Was someone else’s profile being generated under my account? The account, after all, is just a string. If I had some malware on my computer you’d think credit card information stored in the browser is more valuable than a $5 VPN service. There is little information about the nature of the company: how many employees do they have, what process do they have in place, is this access code encrypted using bcrypt with sufficient rounds or plaintext in their database? You can imagine a number of scenarios if this access code is in plaintext. It’d be a huge security risk. Even if it were encrypted, at some point is isn’t, which makes it a de facto risk.

I’m a fan of Problem-Solution blog posts. Instead of sounding like I’m complaining, I’ll present it as “this isn’t quite right” and “how it could be better.”² It seems obvious that instead of some long string that’s assigned to you, they issue you a private key. This way, you can simply generate a new private key on your own system and sign over the corresponding public key with your old private key so the company knows you’ve authorized a new key. Anyone remotely technical could do this. For those non-technical, the company’s app, presumably open source and audited, could do it.