Basic online privacy questions
June 3, 2008 9:17 PM   Subscribe

Preventing others from listening to your URLs is only possible without a proxy somewhere outside of the local network. You'd have to connect to that proxy through a VPN to keep the URL secret. Possible, but not practical.

A VPN can also solve the AFP over IP problem. OS X can be a VPN client out of the box - I'm not sure if you need OS X server as an endpoint, though. If you do, the endpoint can also be a router with VPN capabilities. A lot of the current models can do this.

But the better solution for the latter issue is to use WebDAV over SSL instead of AFP, which is a far better solution than AFP for internet file sharing. Technically, this is similar to a .Mac drive. You don't need a VPN in this case.
posted by uncle harold at 9:39 PM on June 3, 2008

Erm... possible *with* a proxy...
posted by uncle harold at 9:40 PM on June 3, 2008

Some wireless access points and routers can be configured for both WEP and WPA. If you can configure your router for both WPA and WEP, you're set. If you can't, the easiest thing to do might be to just spend the $30-$50 to buy one that will do both protocols at the same time. It may be easier than monkeying around with secure browsing proxies, SFTP, etc.
posted by cnc at 10:49 PM on June 3, 2008

For browsing, consider getting a vpn or using tor. These shift the plaintext bits elsewhere, so passwords aren't safe, but you have privacy.

For your friend, I'd check out using ssh instead. You could use sftp, scp, rsync, etc. to transfer files, or just use it as a secure connection for what you're already using.
posted by Pronoiac at 12:52 AM on June 4, 2008

WEP is far from perfect (particularly at 64 bit), but it does provide a limited amount of protection against the average user trying to eavesdrop on your activity - be they your neighbors or anyone in the vicinity. Anyone wishing to snoop on you would have to make a concerted effort to do so and have some basic understanding of network security and software. If you're looking for protection above and beyond that level, see some of the other suggestions mentioned here.

Now, someone can correct me if I'm wrong, but I believe the person who owns/maintains the router may have the ability to log what URLs you (or anyone else on the network) access at any time they choose via router logging tools. I believe this is still the case even when WEP/WPA is enabled, but I'm not completely certain on that.
posted by iamisaid at 2:54 AM on June 4, 2008

WEP is VERY far from perfect. It takes 5s to 5mins or so to break a key using easily downloadable tools. You don't need any more knowledge than googling "WEP crack".

Since everything leaving your network is going through your router, and your router has to know where to send the packets, you're going to need something on the outside forwarding your traffic to its final destination based on something in the (encrypted) payload. You'll need a proxy.
posted by Diz at 5:10 AM on June 4, 2008 [1 favorite]

If you want real security, use an ethernet cable to connect to the router, and/or do all of your online stuff through an SSH proxy using a server that you know to be safe. If you want the illusion of security, use wireless and keep a good firewall running locally (WaterRoof can help boost security on the OS X built-in firewall).

I have access to an SSH server that I maintain. I use WEP at home (damn TiVo wireless adapter requires it) and for the most part I am not too concerned about it. Yes, somebody could crack the security, or could leech my wireless, or etc., but having the security turned on (as minimal as it is) is a deterrent. I mean, honestly - you can open 99% of locked doors in private residences in the US using a simple "key bump", but I still lock my door, and so far nobody has entered my place to steal stuff. The low-hanging fruit gets picked first.

My suggestion? If you're really paranoid about this, check the router. Is it wired + wireless? If so, is there an open ethernet port? If yes, buy your own more-secure router, plug it directly in, set it to act as a hub/repeater rather than a router, and connect to it wirelessly using higher security settings (use a long ethernet cable to separate the routers, and pick a different channel than the other one to help avoid interference). If your roommates aren't Mac people, even better; pick up an Airport or Time Capsule, and tell 'em that you need it because you have a Mac and it can't connect to the "normal" wireless for some obscure reason, damn Apple for being incompatible, thus avoiding having to answer why you don't trust them if they ask.

However, I must add the following: If you really think that your roomies might be snooping in to your web traffic, I think you have a bigger problem than just securing your wireless. Hell, with physical access to your machine, your snooping roommate could do whatever he/she wants. Any semi-Mac savvy person knows how to boot in target disk mode, leaving your system wide open to data theft even without password access (FileVault can encrypt your stuff, sure, but it won't stop anyone from hosing your system to be spiteful, or manually installing a malicious program, etc).
posted by caution live frogs at 6:46 AM on June 4, 2008

Ack. "I have access to an SSH server [...] but I do not bother to log in to it when I use wireless even though I use WEP at home [...]" Forgot to add that bit.
posted by caution live frogs at 6:48 AM on June 4, 2008

If everyone is using the network wirelessly, and no one needs to share files with each other on the local subnet - wouldn't AP/Client Isolation work in this situation? From what I understand, when turning AP/Client Isolation on in your router settings - that will prevent wireless clients from communicating with other. Cafes and hotspots use it to prevent people from hacking into other peoples machines. I'm no network expert, though - so AP or Client Isolation itself may not provide enough security, though it's a start.
posted by quantum eclecticist at 8:40 AM on June 4, 2008

@lorimer
My understanding is that WPA as it's typically setup on a small network (with a pre-shared key) doesn't isolate computers on the LAN from one another. However, if everyone else is using WPA and you're using WEP, then your machine would be isolated from the others.

I believe that iamisaid is right that whoever controls the router can log your web site visits regardless of what encryption method you're using. Proniac is right that Tor is a good solution in this circumstance.
posted by cnc at 9:01 AM on June 4, 2008

« Older Furniture store suggestions in...   |   I'm currently in Astoria, NY, ... Newer »

This thread is closed to new comments.