Daily Archives: 2004-02-03

HotSpotVPN

While searching Wi-Fi-FreeSpot today, I found HotSpotVPN which is a VPN solution for “public space wireless security”. This is a paid VPN service targeting public hotspot users:

If you check your email in any public hotspot, anyone with a sniffer can record your username and password and have access to your email account from that moment on. Good sniffers are freely downloadable from the Internet and come pre-installed on many non-windows operating systems. … HotSpotVPN allows you to protect yourself by encrypting your traffic and cloaking your destination.

I think the service advertised is somewhat misleading, but the actual effect on users is probably not a problem. They illustrate a VPN connection which “provides you with a private connection to your end destination”. In reality, they are providing a VPN connection from you (e.g., using a public hotspot) to their servers which then connect (unencrypted) to your destination (e.g., your mail server). In practice this at least solves the problem of local traffic sniffing which is somewhat more likely (and achievable) than sniffing the traffic between HotSpotVPN and your mail server.

For true end-to-end security, you'd need something like SSL or SSH tunneling. When I check my e-mail on a public network, I use an SSL web interface that my ISP provides. I suspect that most casual users of these public hotspots aren't aware of the security implications and the fact that their passwords, etc. can be easily captured over the air.