Golden Frog announced a new VPN technology they aptly named Chameleon. The new 256-bit SSL solution is proprietary so no one outside the company knows how it works. Without the chance for security professionals to review the code will users trust Chameleon? GigaOM published an article today pointing out the need for more transparency. Opening up Chameleon for peer review could help weed out any bugs and build trust.
Let’s start by describing what Chameleon is and how it works. According to the Golden Grog site, Chameleon was developed to help users bypass the Great Firewall of China and similar technologies used by other countries to block or throttle VPN based on deep packet inspection. Chameleon scrambles VPN metadata and makes it disappear. They have been beta testing since the Fall and have a customer in Iran using it now.
So will Golden Frog open source Chameleon? I would be very surprised if they do. Not to knock the VyprVPN team as I’m sure a lot of companies would hesitate before opening up their solutions given the cost of research and development. Not to mention the IP value attached to new technology. Still though the landscape has changed over the last year. People are skeptical of security and privacy products for good reason.
Do you think VyprVPN should open source Chameleon and/or give some third-party security experts a chance to review the solution? This is the beginning of a larger discussion around online security products. As this year will bring a series of new products and services to help secure users privacy online. Being able to trust such solutions will be a key in gaining customer acceptance. Open source is one way to help achieve that goal.
