Protect Your Digital Privacy: WiFi

Coffee houses have a historical caché as the place where revolutions are born, but today they are also one of the easiest places for the authorities or others to eavesdrop on your electronic communications. Broadband wireless, or WiFi, is not only a great convenience but also a gaping security hole. However, a few simple precautions can help plug that hole.

Security Begins at Home

Before we get to the coffee shop, let’s start closer to home. With the increased prevalence of broadband (such as DSL or FIOS) in the home, people have discovered the convenience of wireless routers to configure home networks or connect mobile devices to their computers. In some cases, these routers are shipped with minimal security.

The three forms of security for wireless connections commonly encountered by home computer users today are WEP, WPA, and WPA2, which refer to forms of encryption. At this point, neither WEP nor WPA are considered to be secure, even though they are often the default protocol on home routers. In general, unless there is a compelling need to trade off security for connection to an older device that does not support WPA2, you should configure your router to use WPA2.

This entails locating your home router on your home network with your web browser (usually at http://192.168.1.1.) You need to have the name of the Admin user and the password for your router. If you don’t know them, you can usually look up the default passwords either on the router or on the Internet. For obvious reasons, if you have not changed the password on your router to something other than the default, that is the first thing you should do.

On my Verizon FIOS router, the menu for Wireless Settings lists Wireless Status, Basic Settings, and Advanced Settings. Basic Settings allows you to change the name of your home network, known as the SSID, and to choose whether to make that name publicly visible by broadcasting it. (If you do not broadcast the SSID, you will need to fill it in manually on any device you wish to connect to the network.) It also lets you configure WEP, which is very insecure. If you move to Advanced Settings, you will be able to select WPA2 encryption, which is pretty much the best presently available. You will need to select a “key” for the network, which, like a password, should be complex enough not to be easily guessed but simple enough to be remembered so that you can fill it in on your mobile devices.

On the Road

From a security standpoint, the implications of wireless computing on the road are considerably more serious than computing at home. The primary reason for this is that, generally speaking, you only share your home network with your own computers. On the road, at the Starbucks or the Hilton, you are sharing the wireless network with every other guest logged in to the (generally insecure) network.

At minimum, there are two simple steps you should take to secure your laptop if you are going to use a WiFi network on the road. The first is that you should protect your laptop with a firewall, so that other computers do not have easy access to data or services on your laptop. Most operating systems come with a firewall built in. If you use the built in firewall, the main thing you need to do is make sure it is enabled. For Windows users, there are additional third-party firewalls such as Zone Alarm and Comodo that offer more sophisticated protection.

Even with a good firewall properly installed, configured, and enabled, you are still sharing a network with everyone else on a public WiFi network. Your computer now has some protection, but your transmissions are still vulnerable and can be intercepted by something as simple as a Firefox browser plugin. (As noted in the last installment of this series, browsing over a secure https connection can be some defense.)

One effective defense in his situation is to create your own private network within the WiFi network to which you are connected, which is known as a Virtual Private Network or VPN. The way a VPN works is that you connect through a secure, encrypted connection to a single remote computer, which then connects directly to the Internet through a firewall. That way, the only other computer on your “internal” network is your VPN host, which presumably you trust. In fact, you had better trust your VPN host, because all your communications are routed through it.

Your VPN offers you security, as noted above, and also anonymity. As you browse through the VPN, your identity is masked and you appear on the Internet as your VPN, not as you personally. Be advised, however, that this is a thin disguise when it comes to law enforcement, who will generally be able to obtain logs of all your activity through your VPN if they have sufficient interest.

There is a bewildering array of VPN protocols, from PPTP to IPSec to OpenVPN. A good VPN provider should offer you a choice, so that you can connect with a variety of devices based on which protocol each of them supports. In the case of my iPhone, I connect using PPTP, which is less secure but easy to use and available on the iPhone. For my Linux laptop, I use OpenVPN, which is both very secure and relatively easy to use but not always available on every platform. My personal provider is Ace VPN, but a quick Google search should allow you to shop around for a provider that suits you. One thing to look for before you subscribe is clear instructions on how to install and configure the necessary software.

Tor

An alternative, with some caveats, to a VPN is the Tor Project. Tor is principally designed to allow human rights activists and others to communicate anonymously over the Internet and is promoted by the Electronic Frontier Foundation for that purpose. Tor basically works by encrypting your data and bouncing it around a number of different computers around the world until it emerges from an exit node, which could be a computer anywhere in the world. It is important to note that, unless you are using an encrypted (e.g. https) connection, your data may still be subjected to interception once it emerges from the exit node. Tor also slows transmissions down a bit as they bounce around the world. In addition, you are likely to freak out services such as Gmail and Facebook if you use Tor with them, since they will flag your German or Chinese connection as a hacker attack. In addition, contributing to the project by running a server, as opposed to simply connecting as a client, may invite the scrutiny of your ISP or even violate your ISP’s Terms of Service. Users wishing to contribute to the Tor project should therefore be sure they are fully informed before trying to set up a Tor server.

Historically, people have also been discouraged from using Tor because of its purported difficulty to configure and install, but advances in the software now allow for easy installation so you can quickly get up and running. To get started with Tor, download the Tor Browser Bundle and carefully follow the accompanying installation and configuration instructions for your platform. (Tor is only available for some mobile platforms; iOS users are likely to be out of luck.)

Note: Tor will also warn you against sites or connections that will breach your anonymity or track your usage, such as Google. One effective search engine alternative to Google that promises not to track your searches goes by the unlikely moniker of Duck Duck Go.

Further Reading

• Electronic Frontier Foundation Surveillance Self Defense
• EFF SSD WiFi

Notes

• Disclaimer: Except where noted, these are the observations of a computer user, not a computer expert, based on personal use and experience; you are encouraged to do your own research and, if in doubt, to seek the advice of a professional. The foregoing information is provided “as is” with NO WARRANTY of any kind, including but not limited to merchantability or fitness for a particular purpose. While this information is intended to be helpful, I disclaim any liability, express or implied; if your computer is hacked, cracked, or spontaneously combusts, it is your sole responsibility.