Bonum Certa Men Certa

Virtual Private Networks (VPNs) Suppress Usage of GNU/Linux and Have Historically Cemented Microsoft's Monopoly (Windows) for No Real Security Gains

posted by Roy Schestowitz on Nov 07, 2023

Is a bunch of bloat (or 'hacks') in the networking stack the best one can do?

Adult gorilla eating

THE awkward subject of VPNs was explored here and even extensively covered at one point in the Sirius series, which isn't over by the way (it is connected to another ongoing series). VPNs are a 'hack', not true security, and any time I installed a VPN at the server side, not just the client side, I was left wondering what the true motivation was. Like firewalling, it makes false assumptions and it does not deal with the real issues, such as back doors or a lack of encrypted (properly, end-to-end) connections.

Proprietary VPNs are the worst; over the years I've encountered or had to deal with nearly a dozen VPNs, with some officially lacking GNU/Linux support or just spewing out some outdated binary file that does not work or barely works. In the Free/libre fold we have bloated hack like OpenVPN or something more elegant such as Wireguard. Some have rightly "earned" their share of condemnation. This complicates upgrades of routers, operating systems, and kernels.

I myself have seen institutions rejecting BSD and GNU/Linux users just by the mere choice of some proprietary VPN. Who made the choice? Who made this decision? And what for? It's easy to 'punish' or massively inconvenience people who choose operating systems without back doors. Later you get people saying stuff like, "I still need to dual boot (or use virtual machines) because.... something VPN..."

Suffice to say, such a requirement for a VPN necessarily means you impose back doors on people, i.e. the very opposite of security.

As one associate noted the other day, VPNs are "bullshit", especially proprietary ones. They are used as not just an additional cost sink but also as a further means to block access (by not supporting) non-Microsoft systems.

20+ years ago I worked at Manchester Computing where I helped university staff, mostly lecturers, gain access to VPNs, sometimes over dial-up. Some of them needed online access to the library from home, bypassing weird paywalls that could instead be replaced by authentication, not IP-based restrictions. What a bizarre and arcane setup, even by standards of that time...

The harder part was helping staff that used GNU/Linux (many technically-proficient professors already did back then) and we were instructed that, if someone used BSD, then they probably already know what they're doing and thus in no need of assistance. So the level of support for non-Windows users was appalling by design. Why even use such VPNs in the first place? They protected nothing. It was expensive snake-oil and it's unclear who brought it into the university (maybe some kickbacks involved).

As an associate of ours explained, any security-conscious network administrator would avoid money-wasting boondoggles like Cisco and use Wireguard or OpenVPN instead. However, that would allow equal access from the GNU/Linux and even the BSDs, in addition to saving money and work. However, the empire builders send money to the vendors instead since the vendors depend on the empire builder for the continued cash flow. Whereas employees might dare to push back on various matters.

Back in the 1990s, VPNs were not used because they were a waste of effort and there was already a better, zero-trust solution built around the kerberization of online services.

"I suspect," the associate noted, "that once Microsoft killed Kerberos and made its integration with Windows impossible, people (aka Microsoft drones) had no choice but to roll out VPNs. Again intentionally choosing bad VPNs had the desirable side effect of blocking non-windows systems."

LDAP/OpenLDAP was used in conjunction with Kerberos, we're told, as combined or used in conjunction they could obviate the need for anything like a VPN. Not only were they another way to undo the "necessity" of VPNs as access walls, they worked across platforms and did not introduce the bloat (which inevitably brings bugs and severe holes with it).

The other day I recalled that clients of Sirius complained about access policies. One person in particular noted that, even when former staff was removed from VPN, the unix user accounts remained on their systems. That was in 2011.

Sirius conflated VPNs with access control. It was not about security or privacy; heck, channeling one's traffic through a company server was a corridor to mass surveillance, even in one's own home. This rendered VPNs a tool or instrument for oppressive surveillance, exactly the opposite of what VPNs are nowadays marketed for.

In short, VPNs are usually not necessary. Those who promote them typically don't know what they're doing. VPNs are 'patchworks'.

If someone is trying to shoehorn some proprietary VPN into your company/employer, be sure to check if there are kickbacks (bribes) involved or some profound conflict of interest.

Other Recent Techrights' Posts

Links 01/03/2024: Navalny Funeral and Media Under Attack
Links for the day
Gemini Links 01/03/2024: Making Art and the Concept of Work Management
Links for the day
Schriftleitergesetz: Hiding the Holocaust with censorship
Reprinted with permission from Daniel Pocock
[Meme] His Lips Moved
Here is your national "news" for today
statCounter: GNU/Linux Exceeded 6% in Asia Last Month (Compared to 4% Just 12 Months Earlier)
numbers may be biased
What the End of Journalism Looks Like
All on the same day
Links 01/03/2024: Microsoft 'Retiring' More Services and Raspberry Pi Celebrates 3rd Birthday (Launched on February 29th, 2012)
Links for the day
Women's Empowerment
Sponsored by Bill Gates
Gemini Links 01/03/2024: Speed Bumps and Analog Stuff
Links for the day
[Meme] Those Greedy EPO Examiners
Says the litigation industry, charging 300 euros an hour per attorney
EPO Discriminates Against Families of Its Own Workers, the Union Explains Legal Basis Upon Which It's Likely Illegal and Must be Challenged
To the Council, the EPO boasts about its wealth (seeking to impress by how much breaking the law "pays off")
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, February 29, 2024
IRC logs for Thursday, February 29, 2024
Links 01/03/2024: Misuse of Surveillance Against UK-Based Journalism, EPO Conflict Now in the Media
Links for the day
Taking a Break From Paid Promotion of the Illegal, Unconstitutional Kangaroo Court for Patents (UPC)
JUVE returns to its 'roots'?
FSFE admits losing funds from bequest by insulting and ignoring Fellowship representative
Reprinted with permission from Daniel Pocock
Gemini Links 29/02/2024: Raspberry Pi Incus Cluster and Aya 0.5.0 Coming Soon
Links for the day
Links 29/02/2024: Layoffs at Apple, Expedia, and Electronic Arts
Links for the day
Gemini Links 29/02/2024: Web Enshittification and Firefox user-agents
Links for the day
Spiked Piece/Censoreed Piece: 'Microsoft Copilot is a gimmick', says top CIO
Issues relate to connectivity and cost
Enrico Zini, Mattia Rizzolo, Plagiarism & Debian
Reprinted with permission from Daniel Pocock
[Meme] Clergy of GNU/Linux (Corporations Like IBM)
Volunteers as powerless "followers" of companies that "harvest" their labour
There Will Be Lots More Apple Layoffs (Already Years in the Making)
The corporate media still tries to shape the narrative to prevent panic or delay market hysteria
Latest SUEPO (Staff Union of EPO) Report For The Hague Reveals EPO Does Not Obey Court Orders, Refuses to Allow Workers to Freely Talk to One Another
working in a place where communication itself is restricted
[Meme] The Oppression Will Continue Until EPO 'Quality' Improves
wonder why EPO morale is so low?
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, February 28, 2024
IRC logs for Wednesday, February 28, 2024
Outreachy, GSoC-mentors & Debian-Private may soon become public records in federal court
Reprinted with permission from Daniel Pocock
Links 28/02/2024: Many War Updates and Censorship
Links for the day
Gemini Links 28/02/2024: Social Control Media Notifications and Gemini Protocol Extended
Links for the day
Links 28/02/2024: Microsoft the Plagiarist is Projecting, Food Sector Adopts Surge Pricing
Links for the day
Helping Microsoft 'Hijack' Developers (to Make Them Work for Microsoft, Not the Competition)
VS Code is proprietary spyware of Microsoft. Jack Wallen keeps promoting its use.
Gemini Links 28/02/2024: Groupthink and the 'Problem' With Linux
Links for the day
Android Rising (Windows Down to All-Time Lows, Internationally)
This month was a bloodbath for Microsoft
HexChat Looks for Successors to Keep IRC Growing
IRC is far from dead
[Meme] Just Make Him Happy
Y U no produce more monopolies?
End of a Long February
top 10 posts
[Meme] The EPO's Relationship With Patent Examiners
Nobody is "safe"
New Pension Scheme (NPS) at the European Patent Office Explained at the General Assembly
Investing in the future, or...
Donald Trump & FSFE Matthias Kirschner election denial
Reprinted with permission from Daniel Pocock
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, February 27, 2024
IRC logs for Tuesday, February 27, 2024