Alphabet Inc.’s Jigsaw, a privacy-centric technology incubator started by Google LLC, has stepped up with a new platform named Outline designed to help protect journalists, and information sharing organizations, on the open internet by delivering a way for them to communicate securely.

Initially launched in March, Outline is an independently audited open source product that provides any organization access to their own, privately operated virtual private network or VPN.

Journalism is a profession not without its dangers: Reporters face challenges such as protecting sources from surveillance or must fight against the potential of censorship. Many reporters make use of cryptography and VPNs to protect themselves and their colleagues from these dangers, but not all VPNs are built safely and it’s difficult to audit them and risk varies.

“A VPN protects your Internet traffic from surveillance on the public network, but it does not protect your data from people on the private network you’re using,” the Electronic Frontier Foundation, a privacy advocacy group, wrote on its Surveillance Self Defense site. “If you are using a corporate VPN, then whoever runs the corporate network will see your traffic. If you are using a commercial VPN, whoever runs the service will be able to see your traffic.”

Outline’s platform, about which Google provided an update this week, looks to resolve this problem by putting the VPN service in the hands of its users, including the service and the cryptographic keys that it uses. This means that even if the service is hosted elsewhere, such as by a cloud provider, communication remains private.

Going a step further, Jigsaw had Outline’s source code independently audited by Radically Open Security, a nonprofit computer security consultancy.

“A core element to any VPN’s security is the protocol that the server and clients use to communicate,” said Vinicius Fortuna, software engineer at Jigsaw. “When we looked at the existing protocols, we realized that many of them were easily identifiable by network adversaries looking to spot and block VPN traffic.”

In order to maximize the security of users on the VPN, the researchers who developed Outline chose a specialized cryptographic communication protocol called Shadowsocks. The team chose this protocol because it can be customized to use alternative encryption methods that are not easily identifiable by adversaries, such as oppressive governments, that might seek to undermine or block the VPN.

To make the encryption as resilient as possible, the developers picked the AEAD 256-bit cipher, an Internet Research Task Force encryption standard that provides high security and performance.

Administrators and users of Outline also need not worry about having up-to-date software at all times. To keep the software updated, its encryption strong and potential security flaws at bay, the code is packaged as a Docker image, a unified software container, which can be updated automatically using Watchtower, an automated Docker container update engine.

Even with all of this technical know-how under the hood, Outline is designed to be easy to launch and easy to manage. Organizations can set up their own Outline server in a matter of minutes – no technical knowledge required.

“If security is one of the most critical parts of creating a better VPN, usability is the other,” said Fortuna. “We wanted Outline to offer a consistent, simple user experience across platforms, and for it to be easy for developers around the world to contribute to it.”

Organizations that own and run their own servers can receive the extra benefit of controlling the number of people who have direct access. However, it is also possible to host Outline’s VPN server on most cloud services, many of which offer plans as low as $5 per month.

The Outline Manager, the software that allows administration of the Outline VPN platform, can be downloaded for Windows, MacOS and Linux. The Outline client, which permits a secure connection to the VPN and provides the private communications channel on devices, can be run on Windows, MacOS, Chrome OS, Android and iOS.

“Much of Jigsaw’s work involves defending news organizations from digital threats that try to block access to information,” said Santiago Andrigo, Jigsaw product manager. “We created Outline because news organizations need reliable, private internet access to make information accessible and meaningful for their readers. That’s a mission we share with the news industry. And a more informed world starts with access to information.”

Outline is still an early-stage project and Jigsaw welcomes developer contributions to the code via GitHub. Most recently, in September, the software added localization for 38 languages to the software making it easier to use across the globe. End users and organizations looking for their own VPN system can get more details on Outline’s website.

Image: Jigsaw