24 hours later...
Edsard here, developer of Veiltower. Our project has now been active on Kickstarter for over 24 hours. To say that it has been overwhelming is a major understatement.
On the one hand we’ve been receiving a lot of praise - particularly from friends, colleagues and business partners who know us - and on the other hand there has been criticism directed at our project from a few people in the information security community.
The criticism was primarily directed at one thing; the ‘100% secure’ statement on our Kickstarter page. Information security officers will always tell you that nothing can be infinitely 100% secure. And that is true. But frankly this is, in my honest opinion, a theoretical debate. For instance ‘PGP’-encrypting technology for e-mail is great, but 99% of people on the planet don’t use it. Why?
If you want to secure yourself as a tech-savvy person you would setup a solution in your home with a strong firewall, strong Wi-Fi encryption, and add into the mix a VPN both on your system at home as on all of your devices. You will configure and maintain them daily, spend the effort and remain vigilant at all the time. Simple. But most of you, and the majority of internet users, neither have the time or the experience to set this up, let alone maintain it.
And that’s what the Veiltower concept is all about. It’s about combining existing and proven methods in a way that’s easy for ‘Average Joe’. The real threat to our security – as stands today – is the complexity of use and the lack of usability. We don’t use ‘PGP’ because it’s perceived as complex.
And that is what I have focused on for the past 12 years; taking something very complex and making it easy to use. For example in 2001 at KPN (biggest Dutch carrier) I created a simple way to connect via ‘GPRS’ – because they understood that without usability nobody would use their service. I introduced automatic carrier detection and Wi-Fi (including automatic authentication to various hotspot providers) into the Vodafone Connection Manager worldwide in 2005 and 2006, although it seemed like it couldn’t be done because Wi-Fi was a ‘competing technology’ to their mobile data offering. In 2009 I created a solution for Best-Buy that would do both GSM and CDMA (2 competing technologies used by AT&T and Verizon) and switch a user from one network to the other, based on the best coverage for that user at that location - without the consumer having to do anything.
Veil Systems is not based around a small group. It’s about a collection of idealistic people from the US, UK, Ukraine, Argentina, The Netherlands, Switzerland, Germany and Russia that came together – all bringing their own expertise – to create Veiltower. Our goal: help stop cyber-crime and protect the people that need protecting.
We received comments about the lack of technical specs on our Kickstarter page. We did this deliberately. In our experience most of you don’t care about the various technical ‘flavours’ which could have been used. EAP-TLS vs. EAP-TTLS vs. EAP-FAST or 256-bit symmetric key vs. 2048-bit asymmetric key or Broadcom vs. Intel chipsets or why 256Mb is enough instead of 512Mb or Debian vs. OpenBSD vs. openSUSE. Every one of them have pro’s and con’s. That creates an infinite debate without end. In the end; it’s a ‘flavour’. You – the people we have built Veiltower for - just want it to work. You just want it to protect you. We knew, well in advance, that with adding a lot of tech specs we would scare you off or run the risk of our story would end up in a technical debate. And that is not what this should be about.
Is Veiltower is finished product that has undergone every possible certification and validation process? No! It’s a prototype that we have developed, tested and that works. Can it be improved? Always! And that’s exactly why we are on Kickstarter. The funding will allow us, as part of our 6 month process, to do the types of improvements, certification and validation tests that the information security community – rightfully – demands from a finished product.
Note: If we don’t achieve our funding goal. Nobody pays anything. And if we achieve our funding goal and we don’t deliver we also refund your money. We have stated this on our Kickstarter page very clearly.
Let’s do this!