3 Comments

Summary:

Golden Frog says Chameleon scrambles VPN metadata, making it harder for firewalls to spot that the traffic is VPN-protected. The protocol is proprietary, though, making its trustworthiness hard to evaluate.

Virtual private network (VPN) provider Golden Frog says it has come up with a new proprietary protocol for masking VPN traffic, in order to bypass blocks in places like China.

VPNs are quite good at providing privacy, but not generally anonymity – those who run systems such as the Great Firewall of China are quite adept at using deep packet inspection to spot whose traffic is VPN-protected. The new Chameleon protocol, for use by premium customers of Golden Frog’s VyprVPN service, is supposed to thwart such efforts in an easy-to-set-up way.

“The protocol scrambles any of the [VPN] metadata and makes it disappear,” Golden Frog president Sunday Yokubaitis told me. “We’ve had it in beta since the Fall. We have a customer in Iran that’s getting through now – it has a variety of uses for business and getting through when you’re travelling.”

Unfortunately, Yokubaitis wasn’t keen on sharing much in the way of detail about how Chameleon works, apart from that it “randomizes” metadata properties for the traffic and is based on 256-bit SSL, because the protocol is proprietary.

I pointed out that this may make it a hard sell given the current climate of post-Snowden distrust in security mechanisms – open source is no panacea, but it does at least give professionals the chance to poke around and see what’s what. Yokubaitis acknowledged this concern – “transparency creates trust and we understand that” – but said the firm still wasn’t sure whether it would open Chameleon up to inspection or not.

On the plus side, Golden Frog says it manages its own global network of servers, it doesn’t keep traffic logs, and it’s incorporated in Switzerland, a jurisdiction with very strong privacy laws. The company itself is located in Austin, Texas, along with other Yokubaitis family businesses such as data center outfit Data Foundry.

UPDATE (29 January): Golden Frog has sent me the following note to provide a bit more detail on Chameleon’s functioning:

“Chameleon scrambles OpenVPN packet metadata to ensure it’s not recognizable via deep packet inspection, while still keeping it fast and lightweight. The Chameleon technology uses the unmodified OpenVPN 256-bit protocol for the underlying data encryption. The result is that VyprVPN users are able to bypass restrictive networks put in place by governments, corporations and ISPs to achieve an open internet experience without sacrificing the proven security for which OpenVPN has long been known.”

  1. “and it’s incorporated in Switzerland”
    This is not Caimans Islands ?

    Reply Share
  2. “Switzerland, a jurisdiction with very strong privacy laws.”: You (GigaOM) keep saying things like this about Switzerland. I’d really welcome a post or two spelling out just what it means. I’ve done some reading (e.g., http://www.dataprotection.ch/en/home.asp), but I’m sure you could say more, and I’m confident I’m not the only GigaOM reader who’d be interested.

    Reply Share
  3. I would stay away from this for many reasons.. Proprietary is not as safe as open source. Clever people could try to reverse engineer chameleon and exploit it.

    Also on Golden Frogs page shows they keep 90 days of logs, and as for Swiss having very strong privacy laws — didn’t they hand over swiss bank account information to the USA Feds when pressured?

    Reply Share