Internet Cafe Security?
November 22, 2005 6:25 PM   Subscribe

About to do a round the world trip and was wondering about browsing security of Internet Cafes.

Travelling for about 7 Weeks from Australia going to Canada, The States, Spain, Berlin, Austria, Prague, Japan + Singapore and will not be bringing the laptop. I was wondering if anyone who had similar experiences had any knowledge of how I can best protect myself from any potential fraud doing online banking or anything at internet cafes and the like. Im thinking keylogging in particular. Obvious solution is dont do it, but I will need to check balances and tranfer funds and stuff, and phone banking may not have the options I need. Whats a traveller to do?

Bonus question: Do most Internet Cafes let you download images from your camera to email away to storage? or Conversely, let me load up my mp3 player with tunes sorted on CD?
posted by LongDrive to Computers & Internet (23 answers total) 3 users marked this as a favorite
The only half-way secure thing I could suggest is to reboot the machine off a read-only USB drive or CD with Damn Small Linux, or Knoppix, or some other live OS on it. Sorry dude, but there already are recorded cases of keyloggers in internet cafes, and there isn't really any practical way around that. I will bet you a brick to London that your bank's terms and conditions for IB use put the blame on you if you use an internet cafe abroad.

Back in the old days, people used credit cards and travellers cheques. I suggest you do the same.
posted by i_am_joe's_spleen at 6:43 PM on November 22, 2005 [1 favorite]

The only solution I can think of is if your online banking offers you the use of a SecureID-type device, where you have a new password every 60 seconds.

Either that, or a pre-printed list of passwords that can only be used once each. (I know offers this)
posted by reverendX at 6:53 PM on November 22, 2005

I would never check sensitive information on publicly accessible terminals. Even if the proprietors are adamant about security, there is always a possibility of an earlier user comprising their setup (they are so many different ways). Even using an alternate OS from a removable drive (which, if the administrators know what they're doing, you will not be able to do) will not protect against hardware-based keyloggers or surveillance equipment.

I know I'm sounding overly paranoid, but it's better to err on the side of caution while your travelling then risk the possibility of losing everything while you're far away from home.

Enjoy your trip! Make sure you call your credit card company prior to leaving or relocating to another country just so they don't inadvertently cancel your card.
posted by purephase at 6:56 PM on November 22, 2005

I wouldn't be too paranoid about it. Get a USB flashdrive, portable firefox and change your passwords frequently, should be enough.
posted by signal at 7:02 PM on November 22, 2005

One solution I've heard of is to use the charmap program that comes w/ Windows to enter passwords. You can "type" them by clicking on the letters and numbers. Then select them and paste them into the password field. You've avoided any keylogger — though now you're exposed to someone looking over your shoulder. Can't win.

The big problem with that idea is that you may only have web access and can't run programs. I've seen this on really locked-down standalone kiosks. In that case, I'm sure it would be fairly easy for someone to whip up a web page version. Just a bit of javascript, a bunch of buttons, and a entry field.
posted by smackfu at 7:24 PM on November 22, 2005

With your own Linux LiveCD you will mostly protect yourself- there will be no memory resident password loggers or other software.

For the next level then, make sure the LiveCD contains an onscreen keyboard so you can click on letters to login to sites- this will bypass any possible keyloggers that may be on the hardware.

After that, use any number of anonymous proxies available on the net. You may even want to integrate a Proxy extension for Firefox that allows you to encrypt your entire session.

To take it even further, if you run Linux at home, use FreeNX on the linux machine to allow you to remote in and get a GUI using NoMachine's NX Client. All your surfing would be from home, and not from the cafe. Plus, combined with an onscreen keyboard program on the home machine, would defeat all known keylogging or sniffing attacks.

Complicated enough for ya?
posted by id at 7:27 PM on November 22, 2005

you could ask a friend that you trust to do your transactions at home for you and just email instructions, without any passwords or account numbers. eg:"Hey Bob, whats the balance on my savings account?" or "hey Bob, transfer $100 into checking/chequeing for me, k?"
posted by blue_beetle at 7:28 PM on November 22, 2005

Not to threadjack, but you don't have an email address in your profile—any chance you could provide me some details (via email if necessary) on your trip?

How much are you expecting it to cost, where will you be staying, how did you plan for it?

I'm very interested in anything you can throw me, since it's something I'd love to do some day.

Meanwhile, I think using the Windows on-screen keyboard for passwords is probably your best bet. Or entering a password in an obfuscated way and then deleting certain characters from it.
posted by disillusioned at 7:45 PM on November 22, 2005

You don't want to bring a laptop, but what about something small and cheap? The NEC MobilePro 790 can be had for less than $150 on ebay, runs a version of win/ce. The whole thing is smaller than a keyboard, but has a nearly full sized keyboard on it. And you could probably plug it into most internet cafes after you buy a pccard ethernet adapter, mitigating the security risks of using someone else's computer for banking and such.

Added bonus, there's a AA adapter, so you can type journal entries during those long flights.
posted by cactus at 8:00 PM on November 22, 2005

oops, ebay link: nec mobilepro 790
posted by cactus at 8:00 PM on November 22, 2005

I wondered if the random internet cafes would even let you boot to a USB key. Some of the more organized cafes lock the system down to keep from having customers infect them with virus. Some of the lower tech places won't have a problem unless the PC is too old.

I ended up taking my Powerbook with me. I could use the wireless hotspots in the big cities and ask the proprietor of the cafe if I could plug into the ethernet network. Never had a problem. My trips were just to Mexico, Canada and some countries in Western Europe though.
posted by birdherder at 8:07 PM on November 22, 2005

I've done lots of trips like this and I really, really, really don't recommend using Internet cafes for ANY financial transaction. Don't buy tickets, don't ever log into your bank account, don't pay your bills. There are two easy ways round it 1. set yourself up with Bill Pay and have the bills paid automatically- guess at things like cellphone bills and tack on an extra $50 2. ask your Mom to pay your bills while you're gone.
posted by fshgrl at 8:56 PM on November 22, 2005

When I was in 'nam they had software keyloggers on 3 machines out of about 10 that I tried.

I ended up doing banking at hotels and the rest (photos / ipod) at cafes.
posted by holloway at 9:58 PM on November 22, 2005

Response by poster: Cactus-

That is an awesome suggestion. Everyone else, thank you so much! Too bad I know absolutely nothing about linux, or else that might have been an option.

In terms of the NEC. Cactus, can I rack your brain, or anyone elses... That price point looks good to me, is there anything else I should be looking at? Really love the double a battery thing, especially as it would die on the Australia leg of the flight. What about wi-fi? Would there be any way to get that? Also, since I am leaving on Saturday, ebay probably wouldnt be an option for me. Anywhere else to pick up these badboys?

Dissillusioned - email me at jeremy at isnotmagazine dot org.

Thanks everyone!!!
posted by LongDrive at 10:01 PM on November 22, 2005

I would never check sensitive information on publicly accessible terminals.

I've done lots of trips like this and I really, really, really don't recommend using Internet cafes for ANY financial transaction.

I'm curious as to why? Have you personally had a bad experience as a direct result of doing something like this?

I live in a fairly rural part of China and have had the opportunity to travel within China quite a bit in the last year. I've never had a problem with a net bar and in fact would agree with those that suggest that you might find the machines locked down too tight to boot from a USB drive. I would suggest sticking to busy net bars who make their living not from stealing peoples ID's but by being a legitimate business.

Consider setting up a Skype account with some money on SkypeOut so you can handle transactions that way.

Bonus Question Answer: While I can't speak to the specific countries on your agenda, yes. It is quite common in both tourist traveled locales as well as small towns to find stores that offer memory card transfers to CD. I usually get a couple and store them seperately in case something happens to one. You might consider mailing one home and keeping one with you.

Keep an eye on your camera memory card when you get home, I actually picked up a virus on my card from one of these places. It was a PC virus and no damage was done to my camera but be aware that it can be a carrier for PC virii.

If your tunes player is a simple USB connection that doesn't require the installation of foreign software you should have no problem. Best bet is a photo transfer place as many net bars will be without CD drives.

The world really is a big friendly place. Enjoy yourself!
posted by geekyguy at 10:03 PM on November 22, 2005

About 60% of the cafes we hit in Britain, Ireland, Italy and Eastern Europe were equipped with USB and the ability to burn CDs. A small minority had an extra charge to do so, or forced you to pay their guy to do it. At worst we had to wander around to a few different places to find somewhere we could do it.

The only place we had real problems (it seemed like no cafe in the whole city would let us burn CDs from our camera) was Bratislava, Slovakia. We ended up using a Kodak shop - and word of warning, that was fucking expensive! (I think about $30, compared to the usual $2-5 of an internet cafe.)

I did email, occasional ticket booking, and once-a-month Visa-paying throughout our trip. This was including in criminal hotspots like Latvia and Croatia. I never had any problems (that I know of) with keyloggers etc (it is now a year later), but I can certainly imagine that I could have been less lucky. In future I think I'll try that chsractermap thing (although a lot of terminals do lock down everything but the browser).
posted by Marquis at 1:27 AM on November 23, 2005

Here's an idea: go to your mefi profile, and add a long string that includes, at some random point, your passwords (maybe not in one go, you could have half a password here, half there).
Then, at said criminal keylogging internet-thingie, just open up the profile and copy the relevant characters and paste into your bank website.
Simple, no? Plus you have an excuse to check MeFi all the time.
posted by signal at 3:35 AM on November 23, 2005

Longdrive, the 790's been discontinued for a little while now. The updated model, the 900, has some nice features like USB, but doesn't have a AA adapter, plus it's *much* more expensive.

I'm sure you could get one shipped to you via UPS off a Buy It Now on ebay that would get to you before Saturday. As far as the AA adapter, froogle turns up a couple of hits for "nec mobilepro AA adapter" at under $40

As far as wifi, yes, several compact flash wifi cards will work with it, I bought mine for under $30 six months ago.

Happy travels!
posted by cactus at 3:36 AM on November 23, 2005

Cheap 'Laptop' Option:The new hottness version of the NEC 790/900 is the Dana (this is a link to the Dana Wireless).

I think the wireless included version goes for $420 US and the non-wireless version is something like $350.

They run Palm OS, so there is a large set of software for 'em, and text editing on them is supposed to be a dream. I have never used one in real life, but I always wanted one for my round-the-world travels.

Using Internet Cafes: I used internet cafes in Thailand, Malaysia, and Korea without trouble in 2005. That's not to say it's safe, just that it's not totally rampant. I would definitely plan to have a set of throwaway passwords and change all accounts to different passwords at different times (and NOT to have a scheme where you have "xxxxxxxxx1" and "xxxxxxxx2" as your passwords. This way loging into your email won't also log a hacker into your bank.

I would not plan on being able to run an OS off of CD or USB drive. Most cafes in the countries you're going to are going to be pretty well run, and they'll all have software on them to lock them down. They won't take kindly to you rebooting machines and working "off the clock." It might work that you could flip the guy behind the counter extra money to look the other way, but I doubt it (and to do so, you might even need to speak a few phrases of the local language...).

Pictures: Pictures is going to be the easy one. Every internet cafe is going to have burning services. Bring the camera + cable, or the card, and leave with a CD. It's simple and easy.

Potential Problems: The US does not have many internet cafes. Especially in not-so-touristed areas. Any city of under 1 million that is not a coastal town frequented by (world) travelers is not going to have a traditional internet cafe. You'll find internet cafes in NYC (but only 2 or 3), SF, Chicago(?), Hawaii, Florida.

For the US, I recommend a different strategy for computer time / CD burning. For internet, There are FedEx Kinko's stores in many cities. These won't be that nice to sit it, have coffee or anything, they're "copy shops." They do rent computers. So do UPS stores, and some of the large office supply stores, like Staples. I would print out the locations of these options before you get to the states. These are often far from the center of town / hostel area. I don't know about hostels in the US, but they might have a single or a couple of machines these days. Hotels often provide internet, but at a $10 / day cost.

For CD's, which Kinko's will also do, but it will cost you more, I'd use a camera store or drug store. Many of these now have kiosks from Kodak or other film companies that will take your card and burn cds.
posted by zpousman at 7:10 AM on November 23, 2005

I have traveled and run into this problem a lot.
Rebooting from a flash drive is not an option in most places and far too complicated.
What I did, was open notepad, or textpad (which has been on all windows machines that I have used), punched in all the keys on the keyboard as they appear:

Then, cut and paste the password one letter at a time into the field on the webpage.
Has worked for me so far, and (please correct me if wrong) but I do not think keyloggers capture cut and paste history.
posted by TheFeatheredMullet at 7:19 AM on November 23, 2005

signal's idea is neat, but really opens you up to someone determined to attack *you* since it gives them an easy dictionary attack. you need to think about what the danger is (for example, can someone read signal's suggestion, and find the web site you do use - presumably not mefi! - via your online identity).

one of my banks has a neat system where i know a phrase, and they present a table on the screen that maps letters to numbers ("randomly"). then i enter the number that corresponds to the phrase. that's a really nice design, since it makes keylogging much weaker. maybe you could choose to bank with someone who has a similar system?
posted by andrew cooke at 7:23 AM on November 23, 2005

"I'm curious as to why? Have you personally had a bad experience as a direct result of doing something like this?"

No, but I have read credible reports in the press of keyloggers being used in internet cafes to snoop internet banking users, including reports from my own country, which resulted in an arrest and conviction for fraud. I also know, because it's my profession, that this is easy to do. Human nature being what it is, it's absolutely certain that some internet cafes in some places will not be safe.

I have personally never been hit by a car, but I still look both ways before I cross.
posted by i_am_joe's_spleen at 10:52 AM on November 23, 2005

In the US & Canada, the lack of Internet cafe's is really, really noticable. But.. you can go to the library! Most have free 'net access, but you probably won't be able to burn a cd.
posted by defcom1 at 1:36 PM on November 23, 2005

« Older My '97 Chevy Blazer smells like burning rubber...   |   Forgive, forget, or revenge? Newer »
This thread is closed to new comments.