If you're using a Google Wi-Fi hotspot in SF, you can download Google Secure Access: It's a free VPN with no details about method (probably SSL) or encryption method (one hopes at least 128-bit Blowfish, but maybe more). Probably not. It looks like Google, for now, is offering this service for download only over its own free Wi-Fi networks, but it might work elsewhere, they suggest. This download-at-hotspot requirement limits distribution because one assumes you have to set up a VPN account or use your Google login. (You can try to download it from this location, too.)
This fuels interest that they'll sponsor or build much more free Wi-Fi--tied in with their fiber optic last-mile postulated plans. I still don't see how free Wi-Fi helps their business model. A tiny bit more Internet access would only provide a tiny bit more ad revenue.
I've exchanged email all morning with a colleague that thinks this spells death to HotSpotVPN, Public VPN, JiWire's SpotLock, and WiTopia's personalVPN. My reaction? This could create a lot more awareness about VPNs, a good thing, and not everyone will want to use Google's service. They're unlikely to provide phone support or fast tech support response, a must when someone's on the road and can't gain access via the VPN. They don't (yet) offer a variety of encryption types or tell us what they're using. Their choice of VPN transport might not appeal to all users.
A call into Google PR to obtain my own personal "no comment" hasn't been returned yet.
Update: Several folks have mailed to point out that this isn't SSL VPN, but it's PPTP, which is the weakest of the three widely used tunneling encryption methods. Further, it allows CHAP, MS-CHAP, and MS-CHAPv2. Both CHAP and MS-CHAP have well-known cracks that can be accomplished through readily available free software. MS-CHAPv2 is better, but the software isn't set up to require it.
A poorly chosen PPTP password can be cracked, too, even with MS-CHAPv2, which is a reason that SSL and IPsec-over-L2TP have been emphasized lately. Even HotSpotVPN.com, which originally offered just PPTP tunnels, enforced strong password selection by assigning a strong password. (HotSpotVPN now offers a variety of strong encryption with an SSL VPN as their main "rental" service.)
I'm pretty sure its SSL
No Mac client yet, according to the site. Don't know if I'd want a vpn that I can only use on their network... Lots of questions, no answers. Any idea on the timing? Lets here from someone using it!
It is pptp not ssl, 128bits only. Speed is capped at about 500 bps.
Actually, it is PPTP, using the standard Windows PPTP client. The only thing special about it is the username and password, which are kept in Google's own client and passed into the Windows client automatically.
Who needs a Mac client when you can simply log in with an Applescript? http://www.kevinstock.com/osx/googlevpn/
As a freeware alternative I use iPig with good success. The software (http://www.iopus.com/ipig) includes the option to set up your *own* VPN server extremly easy. Thus all traffic goes to your
computer and not via the Google machines!
"I still don't see how free Wi-Fi helps their business model."
The future is all about mobile phones. Mobiles to pc's is already 3:1 and by 2010 it'll be 7:1. PC is out, mobile is in. Location based advertisement is the extra business model; Google offers free calls and webservices in exchange for personal data to be used for advertising and marketing. Where customers go, the money follows.
This is DISRUPTIVE as can be...
Capastorm
This is God!! Ok, I'm not crazy. Listen to this. My University has a filter on their internet service here. We have several OC3's on campus, but due to file sharing and bit torrent, it has been slowed down. I am not very familiar with vpn, but I downloaded this, and low and behold, I can access any site, and download anything I want to with bt or any p2p, and it all works!!
I"m using Google VPN anywhere. Not just in SF. I've used it all over Northern Calif at various hotspots. Not sure why its working but it is.