Canadian TV, Computing and Home Theatre Forums banner

41 - 60 of 62 Posts

·
Super Moderator
Joined
·
11,117 Posts
Discussion Starter #41
You could also use uProxy to route traffic through your home Internet connection when you're out of the house and on a public Wi-Fi network.
Thanks for the information guys. Lots of good stuff there.

I guess it comes down to security and/or anonymity. Currently I am less concerned with the scenario ExDilbert described and more concerned with people who want to empty my bank account, max out my credit cards or steal my identity. But I may turn my attention to anonymity down the road.
 

·
Registered
Joined
·
991 Posts
"Routing traffic through your home internet connection" is doable using OpenVPN on DD-WRT but requires some effort and appropriate hardware.
If just running Chrome with certain extensions on both ends can take care of the setup chores - that would be great...
 

·
Registered
Joined
·
8,651 Posts
Unless you use public Wi-Fi hotspots, VPNs will will do little to prevent identity theft. Most of that is done using malware or phishing on users' PCs and by hacking servers that store customers' data. Firewalls, AV software and common sense are the best defense. VPNs should have a firewall on their servers so that can serve as a first line of defense for lightweight devices that don't have one. Home networks usually have a firewall in the internet router.
 

·
Super Moderator
Joined
·
11,117 Posts
Discussion Starter #44
Unless you use public Wi-Fi hotspots
I think just about everyone does. Any wifi other than my own I consider insecure. So the hotels, the airports, my friends etc.
 

·
Registered
Joined
·
8,651 Posts
I've never used a public Wi-Fi hotspot. I would guess that their use is skewed toward people who are on the road a lot.
 

·
Registered
Joined
·
991 Posts
...is done using malware or phishing on users' PCs
Malware, phishing, trojan, etc. has a relatively well understood mechanic: you can control it and have tools for that.
So, you know that an email with "I love you" in the subject line has a zero chance to satisfy your search for love...:)

VPN - and corresponding key exchange, handshake and encryption standards - attempt to make sure
that nobody can read your communication "in transit", where you have no control over it whatsoever.
 

·
Registered
Joined
·
8,651 Posts
Rest assured that if you use Gmail over a VPN, Google will still scan the email and use the information. A VPN only protects the data as far as the VPN server.
 

·
Registered
Joined
·
991 Posts
I have no illusions about what Google does (can do) with my emails.
Even using PGP can't hide metadata of your communication: To, From, CC, Subject...
I actually believe in Schmidt's statement that they in fact know more about me than I do.
And this is part of the reason I think "VPN provider" is an oxymoron: believing some schmuck that he will keep my communication secure. Yeah, right...

Good article about what the latest leaks exposed and how to keep the big picture in your sight
http://www.wired.com/opinion/2013/10/how-to-design-and-defend-against-the-perfect-backdoor/
 

·
Registered
Joined
·
8,651 Posts
The problem with things like weakened security or back doors, as discussed in the article, is that they are discovered by hackers and used by criminals for things like identity theft. Whatever the NSA is doing now (which is cracking almost any current security) will be possible by just about anybody in 5 years. Dedicated cyber criminals will figure it out before then. The best solution for everyone is to provide security without any back doors that is secure against any known attacks. If that slows down the NSA, or any other law enforcement agency, that just means they will need to focus their efforts on real criminals instead of eavesdropping on everyone.
 

·
Registered
Joined
·
991 Posts
The best solution for everyone is to provide security without any back doors that is secure against any known attacks.
That probably was the case some 15 years ago when NSA was finacing Tor development. Not anymore.
Hence, it isn't for everyone...

If there is a silver lining in the latest NSA leaks, it's that math is a tool one can trust even in our "surveilance society". It's still easier to either strongarm a provider to reveal SSL keys or develop an encryption system with a backdoor and make others use it, than simply bruteforce the encryption.
Password crackers with a few high end video cards and specialized software can test some 10 billion passwords per second (against a hash table). NSA with a practically unlimited budget and brain supply can't do much better.

And that is encouraging...
 

·
Registered
Joined
·
8,651 Posts
It's fairly easy to protect against crackers that check 10 billion passwords per second. The answer is simply to use passwords that require 10 quadrillion guesses to crack plus change passwords regularly. There is no protection against weakened algorithms and back doors, especially once they become common knowledge. The basics of 15 years ago still apply, the numbers have just become bigger.
 

·
Registered
Joined
·
306 Posts
Surfeasy
Works very well for me. It's browser-based which may not suit everyone.
Currently VPN's to USA, UK and Brazil - covers my TV needs.

Also would work well as advertised - secure no-trace browsing from any terminal.
 

·
Registered
Joined
·
991 Posts
This NSA fiasco sh!t is really starting to hit the fan...
http://www.theverge.com/2013/12/16/5217352/the-truth-about-nsa-malware-apocalypse-keith-alexander-60-minutes

And this is something I expected the first time I heard "school dropout"...
http://www.theverge.com/2013/12/16/5216212/snowden-gained-nsa-document-access-through-skill-alleged-coworker-says
Now I actually believe he'll stay alive for a while: he knows NSA books like the back of his hand...

I think we all - Canada being "the best friend" - are in a big puddle of you can guess what...

Maybe talking to this crew will help?
http://www.theverge.com/2013/12/16/5217670/obama-to-meet-with-leaders-from-apple-twitter-and-yahoo-tomorrow
Google CEO not invited? Interesting...
 

·
Registered
Joined
·
991 Posts
He ain't CEO...

I can understand Brin not being invited: Russian background, China syndrome, etc.
But Page? There must be risk of him becoming "uncomfortable". Unlike Schmidt.
Cannot see other reasons....

The conflict between tech and politics is really heating up. Here is another sign
http://arstechnica.com/information-technology/2013/12/nsa-surveillance-critic-bruce-schneier-to-leave-post-at-bt/
And the staunches supporters - the judicial system - is not playing along
http://arstechnica.com/tech-policy/2013/12/federal-judge-finds-nsa-spying-unconstitutional/
 
41 - 60 of 62 Posts
Top