How to protect your privacy while on WiFi ?

Discussion in 'Wireless Internet' started by wylbur37, Sep 10, 2007.

  1. wylbur37

    wylbur37 Guest

    When using the Internet via WiFi at a public place such as a library
    or cafe, it is conceivable that the people running the router
    could be capturing all of your transmissions and therefore
    could be recording your name, account numbers, etc.

    Are there ways to prevent or minimize this hazard?

    For example, would it help to use something like Torpark?

    What would you recommend?
     
    wylbur37, Sep 10, 2007
    #1
    1. Advertisements

  2. wylbur37

    R. McCarty Guest

    Just make sure you only send sensitive data when the "Lock" symbol
    is closed ( If using IE ) which denotes an encrypted transmission using
    https.
     
    R. McCarty, Sep 10, 2007
    #2
    1. Advertisements

  3. My first recommendation is to not use public WiFi networks to send
    personally identifiable data.

    If you do plan on sending private or personal information from a public
    WiFi then make sure you are using a secure protocol such as SSL or
    other. This will insure the data is properly encrypted and only
    readable on the server holding the certificate.
     
    Tom Porterfield, Sep 10, 2007
    #3
  4. wylbur37

    me Guest

    Tunnel your traffic through a secure SOCKS server.
     
    me, Sep 10, 2007
    #4
  5. wylbur37

    Dana Guest

    Do not use public wifi, and if you do, do not send sensitive items over the
    link.
    Seems Torpark will not help on the wireless part at all.
     
    Dana, Sep 10, 2007
    #5
  6. wylbur37

    rms Guest

    When using the Internet via WiFi at a public place such as a library
    Yep. Or in the Evil Twin attack, someone could set up their own AP and
    force your pc to attach to it. There is also 'cookie hijacking', whereby if
    your connection is unencrypted, it is a utility-and-one-click away from
    being hijacked and someone reading all your emails.
    Torpark is now 'Xerobank'
    http://xerobank.com/xB_browser.html
    It looks like you are talking about browsing from other people's machines,
    so this is a good option, but remember there could still be keyloggers and
    such running on those machines to steal information, and you'd never know.
    Keyloggers can be bypassed somewhat by cuttingandpasting from a file on a
    thumbdrive or by using one of the various programs designed to defeat them.

    If on your own machine, I've also been using another free VPN service,
    Anchorfree
    http://anchorfree.com/
    which does add ad banners to some sites, but works fine for me the few times
    I've used it.
    http://www.witopia.net/ is another, there are others.

    rms
     
    rms, Sep 10, 2007
    #6
  7. wylbur37

    HeyBub Guest

    Doesn't matter. If they want to know, they'll know. Consider the following:

    Police: "Did you call regarding a man exponsing himself?"
    Librarian: "Yes, it happened right over there at that public terminal."
    Police: "Do you know who it was or have surveillance tapes?"
    Librarian: "Yes, but you can't see them."
    Police: "Why not?"
    Librarian: "Because we value the privacy of our patrons."
    Police: "(???) Well, what CAN you tell us?"
    Librarian: "That you'll have to have a warrant."
    (pause)
    Police: "We don't need no stinkin' warrant! (hits librarian with stick) Now
    you give it up or I'll beat you so hard, you won't be able to lie down!"
     
    HeyBub, Sep 10, 2007
    #7
  8. wylbur37

    Mark Shroyer Guest

    Using an encrypted SOCKS proxy is a good solution for securing
    individual applications, but it has some limitations. In
    particular: When using SOCKS to protect Web traffic, your HTTP
    requests and responses themselves will be encrypted as per your web
    browser's proxy configuration, but DNS requests generally will not.
    So while nobody on the wireless LAN would be able to directly see
    the pages you're looking at, they could easily tell precisely which
    Web servers you visit unless you take extra care to ensure that the
    browser bypasses the system DNS resolver, querying the SOCKS server
    instead (e.g., the network.proxy.socks_remote_dns setting in
    Firefox).

    Torpark, now known as xB Browser, also provides HTTP traffic
    encryption (over the Tor network, which itself uses a SOCKS
    interface). I'd imagine that it goes the extra step in tunneling
    DNS traffic by default, but I can't speak from personal experience.

    For my part I protect my privacy on untrusted networks with OpenVPN.
    I have a couple OpenVPN instances on my home network's gateway, one
    of which is configured to push a local default route and DNS server
    to clients. So when I connect my laptop to this VPN (using Angelo
    Laub's excellent Tunnelblick front-end for OS X), none of my Web,
    DNS, IM, or email traffic is legible to anybody on the wireless LAN.
    And as an added benefit, I get access to all the file shares and
    other services behind the NAT on my home network.

    If you have a spare old PC lying around and a reasonable amount of
    experience with Unix systems, I highly recommend setting up an
    OpenBSD home router with OpenVPN. Not only do you get a secure
    firewall and VPN solution, but once you have a full-fledged BSD
    server as your network gateway you'll discover no end of handy uses
    for the machine, which simply would not have been possible with a
    Linksys or Netgear from Best Buy.

    If you're interested in running your own VPN, I'd be happy to email
    you the self-reference system configuration manual that I wrote
    while installing my OpenBSD / OpenVPN gateway. (I'm planning to put
    it up on my web page eventually, but I haven't yet had the chance to
    proofread it for spelling and technical errors.) It might sound
    intimidating, but OpenVPN is in fact fantastically simple to set up
    if you have any Unix or Linux experience whatsoever.

    References:
    http://openvpn.net/
    http://www.tunnelblick.net/
    http://www.openbsd.org/
     
    Mark Shroyer, Sep 10, 2007
    #8
  9. wylbur37

    rms Guest

    For my part I protect my privacy on untrusted networks with OpenVPN.

    Great *if you can install a home server*. witopia/anchorfree/etc also
    use the vpn concept (witopia is built on openvpn i think) but you just
    install a simple app on the laptop and use their servers for the tunnel.

    rms
     
    rms, Sep 10, 2007
    #9
  10. wylbur37

    Unruh Guest

    Use ssh.
    But the greater danger is taht they have put trojaned files onto the
    computers. Thus you cannot really trust the puttyssh they installed for
    example, or even the keyboard, since that could be captured.
    If it is your own computer, then use ssh, and do not use web browsers.


     
    Unruh, Sep 11, 2007
    #10
  11. This doesn't really add anything over a simple SSL connection.
    The scenario is using public APs not kiosks. You're using your own
    software and machine.

    As long as you're not foolish enough to disable security warnings, and
    pay attention to them, there's nothing at all dangerous about using
    sensitive Internet services from WiFi access points. It's safer than
    handing your credit card to the flunkie behind the counter when youpay
    for that double mocha latte. Your local library or Starbucks is no more
    or less trustworthy than your ISP, and your home broadband connection
    can be "sniffed" by your neighbors as easily as your wireless
    connection at the AP in many cases.

    That's why end to end encryption exists folks, to make that sniffing an
    exercise in futility. The only thing a onlooker can learn is where you
    do your business, and contrary to what someone posted things like Tor
    not only add a layer of encryption similar to SSL/HTTPS, they also
    remove that piece of information from the equation. An HTTPS connection
    made through the Tor network is 100% secure no matter where you are or
    what you're doing when they're use properly.
    Huh?

    Then how in the heck are you going to actually do anything?
     
    Anonymous Sender, Sep 11, 2007
    #11
  12. wylbur37

    Mark Shroyer Guest

    I think the danger is essentially inversely proportional to the
    distance between your favorite café and the nearest college of
    engineering.
     
    Mark Shroyer, Sep 11, 2007
    #12
  13. Heh! You have a point there for sure. but unless you believe
    engineering students can break strong encryption the SSL/HTTPS
    connection makes the class of people who inhabit your favorite
    public AP irrelevant.
     
    Anonymous Sender, Sep 11, 2007
    #13
  14. Airman Thunderbird, Sep 12, 2007
    #14
  15. wylbur37

    llanalott Guest

    It's public computers you use?

    If it's theirs and they will let you reboot the computer you could use
    live cds with tor.

    Incognito, RocKate, Phantomix, ELE, Anonym.OS .

    These are Linux and BSD.

    Download the ISO, burn to CD, reboot computer. Make sure BIOS is set
    to boot CD before the hard drive.

    Public proxies with encryption. I know of snoopblocker.
     
    llanalott, Sep 12, 2007
    #15
  16. wylbur37

    donnie Guest

    If I am using a library or free AP to book a vacation
    with personal info, credit card etc.
    Would you rec using a 39.99 program along with
    Vista with all the security running.
    Or would Vista with all the security running be
    enough?
    Thanks.
     
    donnie, Sep 13, 2007
    #16
  17. What "39.99 program" are you talking about?

    Any operating system and browser properly configured and maintained is
    enough to secure the connection between you and whatever on line travel
    site you use. Assuming of course that site uses HTTPS/SSL, which all
    reputable sites absolutely do. There's no 39.99 program out there
    that's going to improve on that sort of end to end strong encryption in
    any significant way, and even if it could it's an almost sure bet
    there's something out there that will do an even better job for free. ;)

    Just make sure your security settings aren't broken (you haven't turned
    off warnings about SSL certificates), and pay attention if you're
    visiting Travelocity/Orbitz/whatever and all of a sudden you get a pop
    up about the certificate not matching the site or whatever. Don't just
    click "OK" and keep going.
     
    Anonymous Remailer (austria), Sep 13, 2007
    #17
  18. wylbur37

    rms Guest

    Any operating system and browser properly configured and maintained is
    But they don't. Most popular web email services exit out of https to
    regular http as soon as the login is over, leaving the user fully open to
    cookie hijacking.

    rms
     
    rms, Sep 13, 2007
    #18
  19. We were discussing travel sites and financial transactions in general.
    Injecting poorly configured and/or misused webmail services would seem
    a bit misleading.

    Regardless of that, a big part of "properly" includes using your head.
    Making unencrypted connections to authenticate any mail service is just
    plain silly, and cookie hijacking is as old as cookies themselves. So
    if your web mail provider doesn't offer a hard HTTPS interface that
    encrypts everything, you need to find another provider quick. Yours
    isn't reputable. ;)

    FWIW, Gmail allows "full time" HTTPS along with POP3S adn SMTPS if you
    care to do things the "right way".
     
    Anonymous Remailer (austria), Sep 13, 2007
    #19
  20. Second that. This cookie hijacking thing was blown way out of
    perportion at Blackhat. Ancient history that's only a problem if
    you're in a privacy coma.

    Sad thing is a lot of people are.

    Funny thing is a lot of them were at Blackhat. *shrug*
    If you give a spit about your email you sure as hell aren't messing
    around with Google in the first place.
     
    Anonymous Remailer (austria), Sep 13, 2007
    #20
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.