DPI Missionary Prayer Letters

Do I need secure online communications?

Why do we need Virtual Private Networks (VPN's)?

Why is DPI's VPN Service Different (what is IPSec)?

Does using VPN encryption technology make me a target of suspicion?

How safe is IPSEC VPN technology?

Banks and most secure email systems trust HTTPS and SSL VPN's. Why shouldn't I?

How much does it cost?

How safe is IPSEC VPN technology?

DPI and its partners are continually monitoring the hacking and inspection technologies by attending both the underground hacking community and the leading security conferences each year.

DPI and its partners also talk to security engineers from companies who make the inspection technology and ask them “Can you look at information if a person is using IPSEC VPN technology?” To date, the answer is the same: “No.” (The most recent response to this question was at a security conference in spring 2008.)

The designers of these spying technologies can see that someone is using encryption technology, but they can’t see what’s inside the encryption tunnel. They can see where you’re connecting from and where the VPN connects to. In DPI’s partner's case, it is a huge data center from which DPI's parnter buys space in Cincinnati, and it is used by all kinds of other companies as well.

All VPN's exchanges public encryption/decryption keys (like a decoding password) between your computer and the VPN company before creating an encrypted tunnel. In the case of the PPTP, L2TP, HTTPS or SSL VPN's, this code is not encrypted. So a MITM can intercept the encryption keys used to encrypt your data, which then gives it access to all the information you’re sending and receiving.

DPI’s VPN service uses IPSEC VPN technology which uses a pre-shared key to encrypt the public keys that are transferred each time you get on the Internet. These public keys are first encrypted and decrypted by a pre-shared key on each side of the tunnel, and the pre-shared key is never sent over the Internet. Because MITM computers don’t have the pre-shared key, they can never intercept the public key and compromise the encrypted tunnel.

It is theoretically possible for an authorized agency to apply all of their computing power into decrypting your tunnel or keys. Most authorized agency's measure their computing power in “acres of computers,” so if they apply five acres of super computers towards trying to read your emails, it would probably only take a few minutes. However, five acres of computing power costs an enormous amount of money to operate, and it’s highly unlikely that an agency would consider doing that to target a single person. Instead, they might knock on your door and invite you for a cup of coffee and and a conversation.

The goal of using DPI’s VPN service is to keep you from becoming a target of inspection based on the content of your internet communications (email, IM, chat, web browsers etc).