Here at Mullvad, we've been spearheading the adoption of WireGuard in the VPN world. Our co-founder Fredrik Strömberg talks about how he first came across this promising VPN protocol and why he believes it's the future.
Since Mullvad's inception in 2008, we have striven to stand at the forefront of VPN technology. This urge is constantly driven by our ideology that freedom of expression and privacy are fundamental to a well-functioning society.
Like any organization, we sometimes find weaknesses in our own software. But over the years, as we've faced challenges, we've also seized opportunities. As a result, we've been either first or early adopters in
- not requiring any personal information from customers
- supporting OpenVPN (among consumer-targeted VPN services)
- providing a custom, open-source VPN app for Windows, macOS, and Linux
- supporting IPv6
- preventing DNS, Teredo, and IPv6 leaks
- accepting anonymous payments with Bitcoin and cash
- supporting traffic obfuscation (through obfsproxy).
Looking back on the development of VPN technology, it is clear that WireGuard has joined the ranks as a game changer.
WireGuard is our wish list
Back in early 2015, we were asked by TorrentFreak which cryptographic primitives we recommend. Our answer: "...ideally we would recommend Ed25519 for certificates, Curve25519 for key exchange (ECDHE), and ChaCha20-Poly1305 for data streams but that suite isn’t supported by OpenVPN."
These are the exact primitives that WireGuard contains, but at that time, they were nothing more than a wish list.
Fast forward to the summer of 2016 when I first stumbled upon WireGuard. After studying its technical whitepaper, I was convinced of its potential. Not long after, in early 2017, we had our first public WireGuard test server up and available for anyone to use. To this day, our integration of WireGuard into Mullvad continues to expand.
Simple, sound, solid
We find WireGuard beneficial for a number of reasons. Its simplistic design in few lines of code makes it easier for sysadmins and developers to integrate it correctly – and harder for them to get it wrong.
WireGuard is also cryptographically opinionated. In other words, it supports only one cryptographic suite and that's it. Supporting multiple suites, so-called "cipher agility," may sound more optimal, but history has shown that this introduces unnecessary complexity and leads to security vulnerabilities. The WireGuard protocol design, however, allows for changing to a new suite should there ever be a problem.
The algorithms that the WireGuard developers chose to use are based on a combination of solid theoretical work, great performance, and sound design. They have no state- and data-dependent variations in timing, thereby reducing the risk of certain cryptographic attacks.
In layman's terms, these algorithms are relatively simple to implement correctly which minimizes the likelihood of security bugs. For these and other reasons, it's no wonder they are becoming increasingly popular and considered by many as state-of-the-art.
Mass adoption is only a matter of time
As part of our continued efforts to spearhead the adoption of this technology, our intention is to make WireGuard our default VPN protocol. We encourage others to do likewise.
Currently, only a small number of services are experimenting with WireGuard. But as awareness of its potential spreads, adoption of WireGuard will grow considerably.
If you're a technical user on Linux, we recommend using WireGuard. As it becomes available on other platforms, we will recommend it for those as well.
We believe that WireGuard is improving not only our own products but also the world as a whole, which is why Mullvad's donation to WireGuard was a no-brainer (you can also donate to WireGuard). But more specifically, WireGuard will move the world one step closer to our own vision – of making mass surveillance ineffective.