What methods and/or tools do you employ to stay safe while using the internet from a public wifi connection?
For further actions, you may consider blocking this person and/or reporting abuse
What methods and/or tools do you employ to stay safe while using the internet from a public wifi connection?
For further actions, you may consider blocking this person and/or reporting abuse
Guilherme Martins -
Federico Fan ☄️ -
Paulo Henrique -
Serhii Vasylenko -
Latest comments (56)
To stay safe is just not using public wifi connection. If you have to just use it for general browsing purpose, not for login with your crendential to any website. Better use your phone data package if available :)
I don't care much for ad hominem, and can't understand why someone would be so incalcitrant about something as simple as a three string install invocation, producing a working, running instance of BIND, and then just a couple of configs like pointing your resolver to that daemon and placing something like
search .
on top in your/etc/resolve.conf
because it really can be that simple to make such a huge difference in the autonomy that you'll enjoy - let alone safety.This is simply what you do, or it was for decades, without even thinking twice. Why that tends to elude many folks completely escapes me - why wouldn't someone do this?
And Diane's suggestion of incorporating Dnsmasq is just a lighter weight version of that.
I simply do not find it plausible that a couple of sysadmins were unable to just whup it out in the course of yawning with half their brain tied behind their back.
These simple basics just aren't given adequate coverage in curriculum during this culture of containerization.
Heck, we've only been using DNS since 1985.
The question that the OP asked was about securing ones communications over public WiFi. It may not be what everyone should do (as one person dismissed), although it is indeed something that everyone should consider.
Here's a little litmus test:
The next time you (the proverbial you, no one in particular here) happen into a large, busy Starbucks, look around for that person, you'll see them. You're looking for someone who is inconspicuously conspicuous (maybe it's the blue mohawk; the safety pin through the nose; the anarchist laptop stickers; the pocket protector and Google glasses), and your spidey sense will tingle.
Now... Look at the room from their perspective...
Now tell me what you think you should be doing for your security :)
VPN and a bunch of browser plugins (Privacy Badger, HTTPS Everywhere, an Adblocker).
I have a DigitalOcean droplet running WireGuard. Costs $5 per month.
I run the WireGuard client on all my devices set to auto connect to it on all SSIDs except my home network.
Pros:
Cons:
I would love to find out more about this style of setup.
I personally use both Torguard and Windscribe VPN services.
This explains the steps pretty well:
ckn.io/blog/2017/11/14/wireguard-v...
Don't.
Https and firewall mostly. Also purevpn just to be extra safe
I Have made my own VPN using the outline and Google Cloud Platform. It works perfectly!
VPN.
with a traditional MITM attack aside from https of the websites you visits, you should install comprehensive internet security solution on your computer and always up to date.
Like a couple of others, I'd like to say "I don't use public wifi" but the fact is that every now and then I have to.
The first thing I do is try to connect on a VPN. If there are any issues, like it not going through at all, I abandon the wifi channel and tell my device to forget the SSID. For instance, Virgin Trains will try to MITM so I'll put up with using intermittent 4G instead.
pokes oar in
Not specifically against Cloudflare, but personally I don't like encouraging anyone to go with the centralised solution. As long as everyone does it because "that company's alright", people will keep seeing it as safe. I see it as comparable to the "why would I use free software when I can pay for something good?" point of view.
Indeed you have! Thanks for pointing that out, I'll bookmark them. :)
There's this neat thing called HTTPS which uses this thing called encryption to set up a private connection between you and the website that no one can eavesdrop.
Hope that comes off as light hearted and not condescending. VPNs used to be the answer when public WiFi meant using HTTP websites but that's no longer the case. HTTPS sets an encrypted tunnel per user, doesn't matter if others are listening on the wire. The only problem is if they are intercepting your traffic which is easier to do on open WiFi but that's a more complicated hijack (search evil twin attacks). Notably, using a VPN is letting someone intercept your traffic so you should opt on not using a VPN unless you need to avoid geo-blocking.
Agree. I only use VPN/Tor when I travel to countries that have censorship. In the EU I am fine with just using HTTPS and browser extensions to block ads and tracking stuff.
Also, I use Little Snitch to block requests to Google Analytics API from third-party software installed on my mac
Because of course it never occured to three Linux professionals in two days that we should read the documentation.
Ahh, the four-letter mantra of the people who don't have any real answers, but love to tell everyone they're wrong. At least that tells me I can leave this conversation — you've announced you have no actual knowledge or insight to share. Thanks for saving everyone the time of taking you seriously. Ta!
@jason No one forced you to follow up with this solution. There are people who actually know what they are talking about and also people who rant about knowing professionals. You're not in the first group apparently.
Gosh, wish I'd known that before I'd gone and run a secure, production-grade development server for six years. I'll be sure to tell those two IT friends of mine they aren't knowing professionals either. They've wasted years of their lives successfully doing a job they apparently can't do.
Deserved sarcasm aside, I merely said that it wasn't a "fix-all". It's a valid solution, but not the only solution, and not necessarily one that magically works in every imaginable scenario. (P.S. My experience with dnsmasq was from about two years ago, not today.)
"RTFM" is never an appropriate response to anyone. My anger is directed at that, and rightly so. There are many people here on DEV who would be crushed by that remark, with its deliberately hateful insinuation of stupidity. "I read the documentation, but I didn't get it. I must not be legitimate." An insinuation you just helped add fuel to.
I came here to say that maybe the topic of setting up your own "central" server could be a good dev.to article!
Amazing. Too bad I actually couldn't accomplish that with two full days of trying to do exactly that for my network, with the help of two professional, experienced Linux ITs no less. "We must have done something wrong," I suppose.
I never said it wasn't valid, but the way you're talking, it should be the only solution.
In any case, thank you for (apparently) retracting your earlier assertion that it couldn't take more than five minutes.
Some comments may only be visible to logged-in visitors. Sign in to view all comments.