Basic online privacy questions
June 3, 2008 9:17 PM   Subscribe

Basic online privacy, from other people using my same network?

I moved into a new place and am sharing the password-protected wireless with my roommates. They're not able to use something more secure than WEP, so we have to assume other neighbors might be on our network too. I need some basic privacy advice, which I'm finding surprisingly hard to google. I'm running Mac OS 10.4.11 and my browser is Firefox.

I think (?) I'm set for email: I'm using SSL for the pop and smtp connections for each of my accounts.

I think (?) I'm set for file access on my own drives: in System Preferences / Sharing, I have everything unchecked and the firewall On.

For browsing, I need a simple way to just prevent my roomates from seeing the URLs I visit, any clear-text form submissions, etc. I'm not doing anything illegal or far out, I just am living with strangers and don't want to share things like my porn viewing or browsing habits.

Finally, my friend in another city has a shared drive on his machine that I can drop things into, running AFP over IP, and I want to be quite sure the things I transfer to him that way are not viewable by my roommates.

Thanks for your help!
posted by lorimer to Computers & Internet (11 answers total) 2 users marked this as a favorite
Preventing others from listening to your URLs is only possible without a proxy somewhere outside of the local network. You'd have to connect to that proxy through a VPN to keep the URL secret. Possible, but not practical.

A VPN can also solve the AFP over IP problem. OS X can be a VPN client out of the box - I'm not sure if you need OS X server as an endpoint, though. If you do, the endpoint can also be a router with VPN capabilities. A lot of the current models can do this.

But the better solution for the latter issue is to use WebDAV over SSL instead of AFP, which is a far better solution than AFP for internet file sharing. Technically, this is similar to a .Mac drive. You don't need a VPN in this case.
posted by uncle harold at 9:39 PM on June 3, 2008

Erm... possible *with* a proxy...
posted by uncle harold at 9:40 PM on June 3, 2008

Some wireless access points and routers can be configured for both WEP and WPA. If you can configure your router for both WPA and WEP, you're set. If you can't, the easiest thing to do might be to just spend the $30-$50 to buy one that will do both protocols at the same time. It may be easier than monkeying around with secure browsing proxies, SFTP, etc.
posted by cnc at 10:49 PM on June 3, 2008

Response by poster: To clarify, I have no control over the router and it has to stay with just WEP -- and I'm concerned about privacy from my roommates (from people who are legitimately on the network like I am).

Unless I'm misunderstanding and your point is that WPA actually provides not just security from outside people trying to use the network, but also computer-to-computer security within the network?
posted by lorimer at 12:01 AM on June 4, 2008

For browsing, consider getting a vpn or using tor. These shift the plaintext bits elsewhere, so passwords aren't safe, but you have privacy.

For your friend, I'd check out using ssh instead. You could use sftp, scp, rsync, etc. to transfer files, or just use it as a secure connection for what you're already using.
posted by Pronoiac at 12:52 AM on June 4, 2008

WEP is far from perfect (particularly at 64 bit), but it does provide a limited amount of protection against the average user trying to eavesdrop on your activity - be they your neighbors or anyone in the vicinity. Anyone wishing to snoop on you would have to make a concerted effort to do so and have some basic understanding of network security and software. If you're looking for protection above and beyond that level, see some of the other suggestions mentioned here.

Now, someone can correct me if I'm wrong, but I believe the person who owns/maintains the router may have the ability to log what URLs you (or anyone else on the network) access at any time they choose via router logging tools. I believe this is still the case even when WEP/WPA is enabled, but I'm not completely certain on that.
posted by iamisaid at 2:54 AM on June 4, 2008

WEP is VERY far from perfect. It takes 5s to 5mins or so to break a key using easily downloadable tools. You don't need any more knowledge than googling "WEP crack".

Since everything leaving your network is going through your router, and your router has to know where to send the packets, you're going to need something on the outside forwarding your traffic to its final destination based on something in the (encrypted) payload. You'll need a proxy.
posted by Diz at 5:10 AM on June 4, 2008 [1 favorite]

If you want real security, use an ethernet cable to connect to the router, and/or do all of your online stuff through an SSH proxy using a server that you know to be safe. If you want the illusion of security, use wireless and keep a good firewall running locally (WaterRoof can help boost security on the OS X built-in firewall).

I have access to an SSH server that I maintain. I use WEP at home (damn TiVo wireless adapter requires it) and for the most part I am not too concerned about it. Yes, somebody could crack the security, or could leech my wireless, or etc., but having the security turned on (as minimal as it is) is a deterrent. I mean, honestly - you can open 99% of locked doors in private residences in the US using a simple "key bump", but I still lock my door, and so far nobody has entered my place to steal stuff. The low-hanging fruit gets picked first.

My suggestion? If you're really paranoid about this, check the router. Is it wired + wireless? If so, is there an open ethernet port? If yes, buy your own more-secure router, plug it directly in, set it to act as a hub/repeater rather than a router, and connect to it wirelessly using higher security settings (use a long ethernet cable to separate the routers, and pick a different channel than the other one to help avoid interference). If your roommates aren't Mac people, even better; pick up an Airport or Time Capsule, and tell 'em that you need it because you have a Mac and it can't connect to the "normal" wireless for some obscure reason, damn Apple for being incompatible, thus avoiding having to answer why you don't trust them if they ask.

However, I must add the following: If you really think that your roomies might be snooping in to your web traffic, I think you have a bigger problem than just securing your wireless. Hell, with physical access to your machine, your snooping roommate could do whatever he/she wants. Any semi-Mac savvy person knows how to boot in target disk mode, leaving your system wide open to data theft even without password access (FileVault can encrypt your stuff, sure, but it won't stop anyone from hosing your system to be spiteful, or manually installing a malicious program, etc).
posted by caution live frogs at 6:46 AM on June 4, 2008

Ack. "I have access to an SSH server [...] but I do not bother to log in to it when I use wireless even though I use WEP at home [...]" Forgot to add that bit.
posted by caution live frogs at 6:48 AM on June 4, 2008

If everyone is using the network wirelessly, and no one needs to share files with each other on the local subnet - wouldn't AP/Client Isolation work in this situation? From what I understand, when turning AP/Client Isolation on in your router settings - that will prevent wireless clients from communicating with other. Cafes and hotspots use it to prevent people from hacking into other peoples machines. I'm no network expert, though - so AP or Client Isolation itself may not provide enough security, though it's a start.
posted by quantum eclecticist at 8:40 AM on June 4, 2008

My understanding is that WPA as it's typically setup on a small network (with a pre-shared key) doesn't isolate computers on the LAN from one another. However, if everyone else is using WPA and you're using WEP, then your machine would be isolated from the others.

I believe that iamisaid is right that whoever controls the router can log your web site visits regardless of what encryption method you're using. Proniac is right that Tor is a good solution in this circumstance.
posted by cnc at 9:01 AM on June 4, 2008

« Older Furniture suggestions in Chicago suburbs   |   Leaving New York, Never Easy... Car hire? Newer »
This thread is closed to new comments.