WireGuard® is a VPN protocol that is rapidly becoming very popular and for good reason. It aims to be much faster as well as simpler, leaner, and more useful than OpenVPN and other protocols used by any number of VPN providers. Some VPN experts refer to WireGuard as “revolutionary.”
VPNs will shield you from hackers, foreign and domestic government spies, ISPs, and everyone else who has no business recording what you haven’t chosen to share. In fact, many governments allow or even require ISPs to record your online activities and make the resultant log files available to the government. Indeed, Big Brother is watching all of us. However, a good VPN will greatly reduce the amount of personal data collected.
VPNs traditionally have added a lot of security and privacy but suffer from one significant downside: most VPNs slow down the network connection(s) because of all the processing overhead created by the VPN software. In contrast, WireGuard is believed to be the fastest of all the popular VPN protocols and is as secure or even more secure as any of the other VPN products. With fewer than 4,000 lines of publicly-visible code, WireGuard is small and simple to audit. It also employs modern cryptography and formally verified constructions.
Quoting the WireGuard support web site at https://www.wireguard.com:
“WireGuard is designed as a general purpose VPN for running on embedded interfaces and super computers alike, fit for many different circumstances. Initially released for the Linux kernel, it is now cross-platform and widely deployable. It is currently under heavy development, but already it might be regarded as the most secure, easiest to use, and simplest VPN solution in the industry.”
However, WireGuard is still under development. Again quoting the WireGuard support web site at https://www.wireguard.com:
“WireGuard is not yet complete. You should not rely on this code. It has not undergone proper degrees of security auditing and the protocol is still subject to change. We’re working toward a stable 1.0 release, but that time has not yet come.”
In other words, the WireGuard developers advise they do not recommend using WireGuard except for testing or in situations where security is not critical.
My personal view of this is that I would trust WireGuard to secure my every-day online activities but would suggest that no one should rely on it for anything that is super sensitive. If you are a drug dealer, an arms dealer, a politician with something to hide, in possession of military secrets, hiding income from the tax collector(s), or need to protect other super secret information sent and received online, you might want to wait until WireGuard version 1.0 is released before switching to it.
For more information about WireGuard, look at Wikipedia at: https://en.wikipedia.org/wiki/WireGuard and especially note the references given at the end of the Wikipedia article.
The WireGuard software is available free of charge. WireGuard aims to be easy to configure and deploy but some significant networking skills are still required if you want to install the free WireGuard software in your own computer(s). The easier methods, and probably the most popular methods, of installing a WireGuard VPN are:
1. Purchase a pre-packaged WireGuard software product from any number of vendors that easily installs in your computer(s). These packaged WireGuard packages are available are generally easy to install and are available for Windows, Macintosh, Linux, Android, and Apple iOS (iPhone, iPad, and iPod touch) products.
2. Purchase a standalone router that has the WireGuard software already installed.
Method #1 is undoubtedly the cheaper solution but method #2 has the advantages of being simpler and of adding VPN connections to all the computing devices in your home or office, including desktop computers, laptop computers, Android and Apple smartphones, tablets, video game consoles including PlayStation 4 and Xbox One, Roku boxes and AppleTVs and other streaming video devices, Amazon Echo (often referred to as Alexa), Google Assistant, alarm systems, and VoIP telephones. Most routers allow support connections by either ethernet cables or by wi-fi.
Even internet-connected thermostats can be connected through the VPN software in a router, although I am not sure if anyone cares about securing their thermostat(s). Still, the capability is there. Because the VPN software is in the router, no software installation is required in any of the attached devices.
Of course, for general use on the internet, you will need to connect to a distant server that has WireGuard software installed. If you possess the required technical skills, you can create your own WireGuard server. Romain Dillet describes how he did that in his article How I made my own WireGuard VPN server at https://techcrunch.com/2018/07/28/how-i-made-my-own-wireguard-vpn-server/.
However, most internet users will probably choose to pay a modest monthly fee to connect to any one of a number of companies offer WireGuard VPN connections, including:
IVPN.NET at https://www.ivpn.net. You can read blog post by IVPN.NET CEO Nick Pestell that describes the service: https://www.ivpn.net/blog/introducing-wireguard-fully-automated
AZIREVPN (in Sweden where the privacy laws are strict) at https://www.azirevpn.com/wireguard.
NOTE: I am using a GL.iNet GL-AR750S-Ext router with WireGuard software installed to connect to AZIREVPN. The setup was simple and I was connected within ten minutes after taking the router out of the box. AZIREVPN also offers software that can install in minutes in Windows, Macintosh, or Linux systems. I later installed AZIREVPN’s VPN software in a Macintosh MacBook Pro for use when traveling and found it was a super-simple installation and configuration. Again, it was completed in less than 10 minutes.
Mullvad at https://mullvad.net/. See https://mullvad.net/en/blog/2018/7/20/42-wireguard-servers-and-several-new-locations/ for information.
TunSafe at https://tunsafe.com/
Future products:
Private Internet Access (often referred to as “PIA”) is experimenting with WireGuard. See https://www.privateinternetaccess.com/blog/2018/01/private-internet-access-proud-supporting-wireguard-project/ for more information.
ProtonMail at https://protonmail.com reportedly is working on a WireGuard product that is currently being tested by a few individuals but is not yet ready to release to the public. Keep an eye on the PrivacyBlog and on https://protonmail.com to learn of future announcements.
You may find other WireGuard VPN providers and undoubtedly more providers will soon be adding WireGuard to their own list of services provided.
Update: I have added Protonmail to the above list of WireGuard VPN providers.
- Windows 10 Logs Your Activities to the Cloud Even When You Tell It Not To
- Encrypted Messaging App Signal Says It Won’t Comply With Australia’s New Backdoor Bill
Categories: VPN (Virtual Private Networking)
3 replies ›
Leave a Reply
This site uses Akismet to reduce spam. Learn how your comment data is processed.
Privacy Blog 
Heard about WireGuard. Seems like going good. Will try it and if it’s good than buy it for backup purpose as i m already using PureVPN nowadays.
LikeLike
I’m using it right now, immediately doubled my speeds, even on double vpns; some users on snbforums were using this on their asus routers and achieving certainly 400+, possibly 600+ megabit speeds.
LikeLike
Plus it should be noted, as mentioned in the white paper, it users perfect forward secrecy by default; no VPN can alter that default functionality as far as I am aware, though most VPNS are not using ‘perfect forward secrecy’ by default in their openvpn clients and often not even in their own proprietary software. They often use only forward secrecy. The PFS key rotation occurs at a super secure steady 120 seconds; or after a predefined amount of data has transferred. White paper claims that you are much less likely to trigger a key rotation based on data usage than the steady 2 minute interval; this is even more secure than my current openvpn setup, which I have custom set to 360 seconds or 6 minutes.
LikeLike