Google WiFi

After reading through the documentation regarding the Google WiFi service my first thought was that I found it highly interesting and speculative that Google would offer such a service. For one thing, there’s infrastructure to pay for, not only would a company have to procure access points, but routers, switches, bridges, and dark fiber. Granted, it has been rumored that Google is buying this dark fiber, which in turn could mean that the service is already ready to go and they’re still working on how they’re going to perform their light off.

When attempting to get to Wifi.Google.com, I get redirected back to Google. A few more tries, and voila, the Google Secure Access: FAQ.

So essentially what we’re hearing is that Google is releasing a secure way to use wireless. After WEP was found insecure and WPA and WPA2 found to be more protective but still not a lockbox like protocol, Google seems to have put their own out.

So, how does this work?
First step, you download the Google Secure Access Installer. This program then creates a VPN profile that will connect to vpn.google.com.

Okay, that’s great, but what’s this mean to me?
Think of it this way, your data is transmitted wirelessly from your network adapter and is received by your access point or router, bridged to 802.3 (wired networking) and after passing through your home router or internet connection if you don’t feel like sharing your connection, hopping from one router to another until it gets to the server to which you have extended a request for information. The information from the server is sent back to your IP, being routed as it hops back from one server to another until it gets back to you.

What’s this tool do for me then?
It takes your data and like any other VPN, encrypts your data through a pipe of sorts (much the same way that SSH works) and transmits it encrypted through the vpn until it gets to the exit point which in this case is vpn.google.com. Quite clever. Who cares if your access point is running WEP or WPA, when you simply encrypt the data and it is decrypted at the end point. The server request is placed, goes out from vpn.google.com and then is encrypted as it passes back through the network to your home where it is transmitted to your wireless network card, passes through the VPN profile and then is decrypted.

Oh neat, so it’s better?
That’s yet to be seen, however with what Google has done in the past I wouldn’t doubt that they’re using some pretty sweet equations to encrypt the data far stronger than what AES, 3DES or BlowFish will provide for. I’m sure that the NSA is loving this too.

Isn’t it nice how Google is doing this for us?
Here’s the troubling point, if they’re acting as the proxy, doesn’t that mean that perhaps they might start tracking what we look at and that we use outside the browser to target marketing, etc. is a little daunting.

All in all, I’m pretty impressed, clever idea, not necessarily a new one, but it’s a free one that I’m sure CheckPoint and others will not be too happy to have to compete with.

Advertisements

2 thoughts on “Google WiFi

  1. That’s one thing I’ve always wondered – why are people so bent on securing the actual WiFi signal, when it’s pretty clear that anything you broadcast over the air is going to be sniffed, and no matter how strong your encryption is, it’s just a matter of time before someone cracks your key, unless you put up some complex key rotation and a RADIUS server. By that point, you may as well just set up your own encrypted VPN.

    But I’ve always felt safe, because whatever I need to do securely, like look at a bank statement or buy a new toy, usually goes through HTTPS wich is already encrypted. I don’t really care if someone is sniffing that Slashdot article I’m downloading.

  2. Sorry guys, but I am missiing the point of all this.

    While it is true that, using a VPN, your data will be encrypted up to where it reaches vpn.google.com (and that includes when it travels over your local wifi link –good !), this data is still going to be deciphered by vpn.google.com, which will then transmit it in clear throught the next hops of the internet, to its end destination. Same applies in reverse to the answer you receive.

    Well, if you think that the chance of your data being hijacked is stronger locally on your wifi link, than it is when the same data circulates unprotected between nodes of the internet, that’s your problem. But my guess is that you have another think coming.

    Let’s remember that a chain is never stronger than its weakest link. There is no point in making your wifi link bullet-proof (assuming it can be done that way or another), while ignoring the more general issue of unciphered packets bouncing round the net…

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s