- Jason A. Donenfeld is the 32-year-old creator of WireGuard, an open source VPN protocol widely regarded as one of the most secure in the world.
- In 2020, it found major success and was incorporated into the popular Linux kernel, as well as on Windows, Mac, iOS and Android operating systems.
- Donenfeld started the project in 2015 and for years built an open source community to support WireGuard.
- He spoke to Business Insider about his path to creating WireGuard, how he sees VPN security, and the overwhelming response the project, which is entirely funded by donations, has received from developers.
- Visit Business Insider’s homepage for more stories.
Jason A. Donenfeld is relentlessly curious about everything from ancient cities to leading cryptography. When he does not develop WireGuard, known as the most secure VPN protocol in the world, the security researcher enjoys the vast network of centuries-old limestone tunnels under Paris.
Donenfeld, 32, originally came to Paris in 2010 after writing a summer concert algorithm and then fully relocated to the city in 2012, working as a vulnerability researcher.
His work to find vulnerabilities for companies has led him to question the security of popular VPN protocols. He thought the dizzying complexity, inflated implementations and often outdated cryptography caused a worrying attack. In 2015, he started developing WireGuard.
WireGuard is an open source VPN protocol that is praised for its high-level security. In the few short years that Donenfeld developed it, WireGuard was adopted by the main operating system Linux, and integrated into Mac and Windows, as well as iOS, Android and others.
Virtual private networks, or VPNs, extend private networks over public networks, which allow data centers across continents to be directly connected to each other. They also let users send and receive data as if their computers or phones were directly connected to private networks.
This can sometimes be misleading. Although businesses as well as individuals believe that they connect securely via a VPN, this is not always the case, in part due to the difficulty of implementing outdated, complex or insecure protocols such as IPSec and OpenVPN.
“When I say that I do not feel comfortable with OpenVPN or IPSec implementations, it speaks from experience, because I have found many errors in this kind of software,” he said.
He said his time spent on systems also let him know how to defend it.
“How you can evade detection in a network can be a very similar problem to how you keep attackers from knowing about your subject,” he said.
Part of WireGuard’s mission is to maintain security in a number of different ways, eliminating all vulnerabilities. It’s fast. It uses in-depth defense techniques, a series of layered mechanisms to protect data and information. And this is cunning; only sends out data when needed and remains invisible when people search for the servers.
Plus, it’s easier to audit. Unlike other VPN protocols, WireGuard has less than 4,000 lines of code, which means that security researchers can review the entire code base in one afternoon for vulnerabilities. And they often do.
‘This is a community project’
Over the past year, WireGuard has been merged into the influential Linux kernel, which has led to widespread acceptance on Windows, macOS, iOS, Android and OpenBSD, in addition to Linux distributions such as Canonical’s Ubuntu, Debian, Oracle Linux, Red Hat’s CentOS and Fedora , and SUSE Linux.
Getting there was not easy. Donenfeld wanted a single, coherent design where he could make every decision carefully and examine every piece. So he spent time developing WireGuard before it was released, he only shared code with a few friends and cryptographers.
“He first contacted me out of the blue when he developed WireGuard and he set up a cryptographic protocol and he wanted my review of it. I suggested few changes, but what he did initially was very good,” he said. “said Jean-Philippe Aumasson. , a cryptographer, author and co-founder of the security company Taurus Group SA.
Donenfeld presented WireGuard at the Kernel Recipes Conference in Mozilla in 2017.
Thanks to Jason A. Donenfeld
But Donenfeld wanted to change something as fundamental as Linux’s cryptographic architecture completely, and he resisted. Linux is hugely popular, and therefore extensive changes can be disruptive. To get where he wanted, he had to start small, with incremental changes, and be busy with others’ ideas and get on board.
“This is how core development is done in general – it’s a community project; you have to reach consensus,” he said. “There’s a big difference between releasing open source code and saying ‘here you go’, and disappearing back into a cave and actually communicating with that world. I chose to communicate really intimately with it, and it means a lot of interaction and figuring out how each facet works. ‘
The process involves collaborating with other developers and researchers, and speaking at conferences, including key recipes at Mozilla’s headquarters in Paris to connect with the developer community during the construction of WireGuard.
“I did not want to compromise on the safety of the intermediate parts. I did not want to make WireGuard dependent on something with underprotection, while I promised to fix it later. It is never acceptable to me. So it was.” a very difficult process to find something that was both evolutionary so that it would be put together but also able to meet the safety ideals.
Donenfeld also wrote an association layer for WireGuard, allowing people to load the code into their own kernels – the lowest depth of an operating system – before sending it upstream. It had the formidable task of writing core code that was compatible with versions and versions of Linux, dating back to 2013. But that meant that by the time Donenfeld was ready to stream WireGuard, people were already using it.
The exchange of ideas
Donenfeld’s background is not the norm in the industry, but his intense curiosity and drive may have worked in his favor.
“There’s a very well-defined pipeline that gets people to get professional cryptography jobs and status in the cryptographic community,” said Thomas Ptacek, a security researcher and principal at Fly.io. “It usually involves obtaining a degree, followed by a graduate degree from a program offered by an extremely well-known cryptographer, and then working long hours outside the university in a research laboratory.”
Donenfeld, on the other hand, earned a degree in mathematics and philosophy from Columbia University in New York after growing up in Cincinnati. While his background is not typical, Donenfeld still managed to set up the first formally verified VPN protocol, which means it has been mathematically proven to be secure.
Donenfeld works mostly on WireGuard from his home, the top floor of an apartment that was apparently converted from several rooms – once rooms intended for servants – that were thrown together. Before the pandemic, he worked from different rooftops and cafes across Paris and brought his Linux laptop with him as he explored the city.
If he does not code, Donenfeld is part of the jazz scene in Paris. He kicks a D’Angelico NYSS-3 guitar and already plays in the city at clubs like Le Caveau des Oubliettes. Lately, he said, he has been listening a lot to John Coltrane and Bill Frisell.
WireGuard is also funded entirely by donations, not typically in the software industry. In appreciation for donors, Donenfeld said he sent out thousands of stickers with WireGuard’s logo, inspired by a stone engraving of the mythological ancient Greek python he saw when he visited a museum in Delphi.
It’s only a few years away, but Donenfeld said he’s received enough donations to work full time on WireGuard and fund other developers working on specific aspects of it, but he said the project is always trying for another year. haal.
“I received job offers from Silicon Valley businesses that would definitely have a more financially rewarding life than being an open source writer,” he said.
If he ever realizes that he does not have the money to work on improving WireGuard, he can always fall back on freelance work in the security industry.
Donenfeld’s goal is to continue developing high quality, professional, free, open source software that can benefit the entire community.
“Open acquisition of something and interaction with the community is really just a great way to improve software, and it makes for a good exchange of ideas,” he said.