Dave Peck at WWDC: Making VPN Fun and Easy (for a Change)

Each year at WWDC, TMO interviews a few Apple developers who want to tell their story. The result is usually a number of serious insights into the state of mind of the developer community. In our fifth interview, Dave Hamilton chats with Dave Peck from Cloak.


Dave Hamilton: I’m here at WWDC with Dave Peck from Cloak, getcloak.com.

Dave Peck: Yeah, sadly, cloak.com was not available for less than a quarter of a million dollars. I didn’t have it on hand, so...

TMO: Of course. Well, you know, pocket change.

DP: Exactly.

TMO: You have an interesting product. I don’t even know where to start with it. So where did you start? How did it all happen?

DP: Well, if you’d asked me a year and a half ago, “are you going to be building an easy-to-use VPN app?” I would have probably spilled my milk at you.

So Cloak is a three person company. It’s myself, Peter Sagerson and Nick Robinson. Peter and I are software developers and Nick is the graphic designer and interaction designer. Anyway, we were all doing freelance work in Seattle. There are a ton of coffee shops in Seattle, and we found ourselves getting caffeinated and working at them all the time. We realized we were using all these open wireless networks, completely non-secure, and we were doing sensitive client work. And it was just, "oh, we need one of these VPN things."

So, I looked around, and it looked to me like the state of the art for VPNs, the technology has been around forever right? And there are plenty of services out there, but the state of the art seemed to be this: you go to a site, you have to know what this thing is ahead of time, you have to understand the technology deeply, you go to the site and get, if you’re lucky, you get a configuration file.

If you’re not, you get a page with steps number one through twelve: here’s how you enter in the IP addresses and whatever else you need to configure your VPN. And it just struck me that there was an opportunity to rethink what the experience of using this somewhat arcane but very valuable technology was.

So we went out and in late 2011 we -- Peter, Nick, and I -- just did our first, very early take on it. And enough people started playing with it an liking it that we kinda doubled down on it and that’s what we’ve been doing for the last little while. And we did our big 1.0 launch at Macworld earlier this year. So, yeah, it’s been kind of a fun ride so far.

TMO: Interesting. So the Mac was the first place you wrote it?

DP: Yeah, absolutely. In fact that’s where we needed it most, and even today I would consider the Mac client of Cloak to be sort of our premier client in the sense that it has all the features we think are important. Because normally when you get a VPN, you get a configuration file, maybe download Tunnelblick or if you’re lucky you buy Viscosity or something. But you still have to configure everything.

With us, you go to the website, type in your username and password, then you come to the app, type in the same username and password, and you’re done. You don’t have to think about anything else. But because we freed you from all the fiddly stuff, that means that we can build some features that most tools don’t have.

So for example, we have some very high level features to let you tell us what networks you trust and don’t trust. By default, if you just download Cloak, if you’re on a network that doesn’t have a password, we consider that not safe. And we go ahead and secure your connection automatically. So Cloak automatically detects the network you’re on and secures your connection which is just a really nice, you don’t even have to think about using it to get its benefits. For me, I have it set to trust no wireless networks except for the one at home and the one at the office. We have an office now, it’s weird.

TMO: That’s great.

DP: We’ve built a bunch of other stuff on the Mac client which I really like. But behind the scenes, when you use a VPN, you’re connecting, you’re encrypting all your data on your device and you’re sending up to one of our servers in the cloud. You want that server to be close to you, so we run servers around the globe. We use cloud computing services like Amazon Web Services, Rackspace, Linode, Zerigo, Gandi.net, you name it we’re probably using it.

TMO: So you’ve gone with third parties for all your serving needs?

DP: Yeah, it’s the only way three guys can get service around the globe rapidly. What happens behind the scenes when you connect with Cloak, we do a latency detection. All of this is completely invisible. We basically select a possible set of servers and then we actually ping them a few times to figure out which one is going to give you the lowest latency hit to your connection. And this is totally transparent.

TMO: Geek software for the everyday guy.

DP: I’ve got this [business] card that says, "Cloak is the VPN of your nerdy dreams."

TMO: Because you’ve intentionally hidden the difficult stuff from the user, it’s not easy for the user to realize that the difficult stuff is actually still happening. It’s not just a VPN, it’s doing more, like you said. It’s finding which server to connect to and all of the stuff. That’s very cool.

DP: The other thing that has really bugged me about VPN technology, especially on the Mac platform, when you pop open your laptop lid, say at a coffee shop, there’s a period of time before your VPN gets a chance to secure your connection, where your apps are presumably chattering away, maybe insecurely, over the network. It defeats the purpose. So we have this feature which is only available in Mountain Lion, and I haven’t tried it on Mavericks yet, but I’m gonna try.

TMO: That’s why you’re here.

DP: Yeah, exactly. It’s called OverCloak, and what it does is the moment you flip open your laptop lid, we shut down your network hard. So we manipulate the firewall in Mountain Lion. And we leave just enough of a hole for Cloak itself to go out and secure your connection.

So what that means is you can fully trust your use of a wireless network you know nothing about if you have OverCloak turned on. Actually, in the latest version of Cloak for Mac we shipped it on by default. So it kind of closes that loop. I think it’s a really cool feature and it’s something, as far as I know, nobody else in the industry really does right now. And it’s a really tough feature. Not only because you have to poke that hole in the firewall for Cloak to get out, but if you’re at, say, a Starbuck’s, you’ve probably seen those websites that are captive portals, when after you connect to the Wi-Fi you have to open up your browser.

If we lock down your network, you can’t get to the captive portal login, so we’ve done some backflips to make that work. To the user, you should never see any of this. It should just work. And if you happen to use your web browser while OverCloak is still saying "No, I’m not allowed to let you out," instead of getting an error message you get a nice page that explains why -- sent to you by Cloak that explains like why you can’t use the network right now. We really like that feature.

TMO: That’s cool!

DP: Those are some of the things that make Cloak for Mac unique. Cloak for iOS is kind of like the baby sibling, I guess. The way it works is you download the app, you login, and then you install a VPN profile into your Settings app. And that’s the best way.

TMO: Let me back up a little bit, right, because Cloak for Mac, with everything you’re doing, couldn’t possibly be sold in the App Store.

DP: That’s right. Unfortunately, with Cloak for Mac we actually install a kernel extension. Funny enough, it’s a kernel extension that Apple should be shipping built-in. Maybe they will with Mavericks, I dunno. I’m hoping that they do. In any case, it’s a kernel extension that we have to install. Basically, we’re totally outside the sandbox. And there’s just nothing we can do about that.

TMO: But, then in iOS you have to be in the App Store, there’s no choice.

DP: Yeah, there’s no other way. So the question is how do you do that? When they did iOS 4 a couple of years ago, there was a big push into the enterprise. So they introduced this notion of the configuration profile, which is basically a code-signed bag of settings for your device. So what we do, you download the Cloak app, you press the install settings button, and our server signs a set of VPN settings. So you don’t have to worry about that stuff. We take care of it for you.

TMO: Sure.

DP: And then to turn Cloak on and off to actually secure your connection you gotta go into the Settings app and flip VPN on.

TMO: Right. So you’re doing it in an iOS way. Your app makes it easy for that to happen. You facilitate the setup and process.

DP: Exactly. Basically once you give us your username and password, you’re done again. Like I said on the Mac, one of the things we do when you connect is that we ping to figure out the server with the lowest latency. We can’t do that on iOS, so what we do instead is, we run a special DNS service. So when you talk to Cloak’s DNS service, on iOS, and again this is all hidden from the user ... we had fun building this....

TMO: I bet you have. This is brilliant.

DP: ... When you talk to our DNS server, we do a GeoIP lookup to kind of take a stab at where you are in the world and then we basically do some latency- based routing. So the DNS server decides which of our servers you’re gonna go to. And I think it’s cool. Even if you’re using our transporter feature, which is the thing that lets you say "I only want servers in the US or the UK." Or whatever.

TMO: If you need to narrow it down.

DP: Yeah, if you need to narrow it down. But you’re still narrowing it down to a pool. So we’ve got servers on both coasts of the US and in the center. If you’re in the UK and you ask for a US connection, you’re going to be on the US East Coast and if you’re in Japan and you ask for a connection you’re going to be on the West Coast. Stuff like that makes the experience a little better.

TMO: That way Netflix still works.

DP: Yes. That’s right. We don’t come out and say that.

TMO: No, I know you don’t. But I can say it.

DP: Yes, you can.

TMO: My guess is that you have a small subset of your customers that use if for that purpose.

DP: It’s funny. We build Cloak because we care about online security. But now that I’ve been in the market a little bit — I’m not a business guy, I’m a software guy — I think my understanding of why people use VPNs didn’t match.

TMO: There are people that use VPNs for exactly the purpose that you built this for. And they make up a small fraction of the VPN using population.

DP: Exactly. And I think you’re right, it’s the minority not the majority.

TMO: It totally is.

DP: I used to say that there are four reasons that people use VPNs. One is to stay safe online. That’s really what Cloak was focused on when we built it. The second is to circumvent geo-location issues, which I think is kind of a gray area and frankly it’s a useful tool for that. These days, we’re going to have to break down the barriers eventually.

TMO: Right. Services like Netflix, and I realize it’s not Netflix's choice, it’s the licensing agreements they’ve made outside of Netflix that limits what they can do. But that’s not the customer’s problem.

DP: Right. And obviously we can’t promise that Netflix will work. But it looks to me from experience that they kind of turn a blind eye to all of this.

TMO: Of course they do.

DP: They want more people to sign up.

TMO: They want customers.

DP: It’s interesting. The third thing people seem to want VPNs to do is to BitTorrent with impunity. And we’re not the right service for that. I mean, we’re just so much the wrong service for that. And then…

TMO: Because of technical reasons?

DP: Mostly because we’re using cloud providers that monitor their networks very carefully.

TMO: Aha. Okay.

DP: So if somebody downloads Game of Thrones with BitTorrent on us, we will get a notice from NBC Universal, and we have in the past. I’ve learned a lot about the DMCA, for better or for worse, in the last year or so. So it’s been interesting. And there are services out there that claim to, like there’s one called BTGuard ....

TMO: That’s what they do.

DP: That’s all they do. And they have servers in the United States, and I gotta tell you, I don’t think they’re on the right side of the law. Now I may not like the law, but they’re on the wrong side of it.

TMO: Sure. The moral conversation is separate from the legal one.

DP: Yeah, morally I know exactly where I stand, and I’m with them one hundred percent. But I gotta run a business here.

TMO: Absolutely. And you need your business to be able to be reliable for all the customers who are using it for other reasons.

DP: That’s right. So making sure our network is clean is really important. So given that the server services that we use, if we don’t make sure our network is clean, they will make sure we’re not using them anymore. And so we’ll lose the ability to put servers around the globe. Basically, it won’t work for us. It’s unfortunate. And we wrote a blog post about it recently. Because it’s a really tricky issue right now. So that’s been an interesting learning experience. Nothing I would have even considered when we started building the app.

TMO: I was thinking of all the things you just told me about, how many of them did you even think about in that coffee shop when you decided to make this. Probably almost none.

DP: None of it. No, we definitely leapt before we looked.

TMO: There you go.

DP: It’s the developer way, right? Get your minimum viable product out and then learn about your market, whether there is one or not.

TMO: I think as all small developers should, you built your product to scratch an itch. And other people seem to have the same itch.

DP: It seems like it. I hope so. So far, so good.

TMO: Where other people want to scratch a different, similar itch in the same way.

DP: A related itch. Now that we’ve scratched our itch, if there’s an itch near us that we can help you scratch, that’s legit ....

TMO: How far are we going to take this analogy?

DP: Is that a little awkward? Did I take this too far?

TMO: No, not quite yet.

DP: I think the fourth thing that people hire VPNs to do is that they use them to further their professional criminal agenda online. Which is a problem actually. Fraud is a big issue for any service like ours.

TMO: I can imagine.

DP: That’s been another very interesting learning experience. And luckily we’ve met some people who have a lot more experience than us with stuff like that.

TMO: Those people should be using Tor anyway.

DP: Yeah, you know, if you want to say that there are a lot of VPN services that, they say, keep you anonymous online, it's junk. It’s B.S.

TMO: If I have an account with you there’s no way it’s anonymous.

DP: Yeah, even the ones that take Bitcoins. They’re in the middle. You’re not anonymous. You shouldn’t hire out somebody else to make you anonymous online. And also there’s a serious things that I feel like is deep misinformation. If you change your IP address, right, that somehow you can’t be found. What? If you block caller ID they can’t figure out who’s making the phone call? That’s ridiculous. And a lot of these VPN services kind of sell that bridge, in my opinion.

TMO: Tor does it right.

DP: Yeah, if you want to be anonymous online, use Tor. And by the way, that helps at the network layer, but if you are using a web browser, which I assume you are, you need to go further. You need to make sure your in a private browsing mode, or get a plugin that sandboxes cookies in a nice way.

TMO: Or use the Tor browser bundle.

DP: Or use the Tor browser. Any of those things will keep you way more anonymous online than anything like a VPN. So when people say, "Oh will you hide my IP address?," I say well we’ll give you a different one, but we think of that as just a random technical side effect of trying to keep you safe online. That’s not the main event at all.

TMO: No, it’s good. It’s good. So, before we wrap up, I’m curious, back to the Mac, you’re doing all these crazy things. On iOS you found a way to make it work in the App Store.

DP: As good as we know how.

TMO: Right. And you have to live within Apple’s rules. Did you get any pushback from Apple initially as you were rolling this out, or did they see this as a great little “work-within” as opposed to “work-around”?

DP: I think they felt okay about it. It went through, it sailed through the App Store without too much trouble.

TMO: Good.

DP: Or actually, we did get a rejection, but for totally unrelated reasons.

TMO: Of course.

DP: But we have asked them, I mean the question on our minds, if you’re Cisco or Juniper, you have a very special app in the App Store that breaks the sandbox. So the VPN stack there is built into the app. Speaking nerdily for a second, on the Mac we use SSL-TLS to secure a connection. It’s all built on top of OpenVPN under the hood. But you'll never see that.

TMO: Right. But that’s good to know. And it’s good that you’re transparent about that.

DP: Oh yeah. On iDevices, we use IPsec which is a very different protocol. What we’ve learned in practice is that IPsec is much less robust against network zaniness. It’s very easy to break an IPsec connection.

TMO: Not break into, but just break.

DP: Yeah, just prevent it from forming entirely.

TMO: It’s not insecure, it’s just less reliable.

DP: As far as we know, it’s just as secure.

TMO: Good. I just wanted to get that clear in the interview.

DP: Oh yeah, but the Cisco app and Juniper apps actually use SSL-TLS under the hood. Now there’s an OpenVPN app in the App Store, which is a really hard to use app. In any case, if you’re super nerdy and you want to dive deep, it’s there for you. So they have carved out a few exceptions for people to go a little further. And we don’t know really what the rules there are.

TMO: Maybe worth a visit to the labs this week.

DP: Exactly. I think we’re going to have to say "hi" to them. That’s a conversation we’ve had on and off.

TMO: Cool. I appreciate you taking the time with us. This is awesome stuff.

DP: Thanks for having me on.


Interview by Dave Hamilton, transcription by Julie Kuehl, editing by John Martellaro.