How do you keep your stuff private on WiFi networks?

I was talking with a geek who’ll remain unnamed and he was telling me how easy it is for someone to sit at a Starbucks, slurp off the local WiFi, and recreate almost everything you do, often gaining passwords and private conversations. I saw this once at a conference where someone up on stage was showing the audience everything that was going over the WiFi networks. For instance, did you know that if you’re using many common Instant Messengers that those send your information over WiFi in plain text? I could be sitting next to you watching EVERYTHING you are typing across the Internet.

So, what do you do to keep your stuff confidential? Any tips beyond this excellent article in Security Focus on this topic? By the way, both this article and my geek friend recommended Off-the-Record Messenging if you want to hold private IM conversations over public WiFi networks.

UPDATE: I had a post here about Browzar, but there are some concerns about it so I pulled that part of the post to protect people.

92 thoughts on “How do you keep your stuff private on WiFi networks?

  1. Cody..you have skills and what you’re saying is correct, but many people don’t have your technical prowess or desire/time to set that up. Or, if you were jsut responding to Brian from IBM..I agree. Brian, if you have the miltary believing that, I need to buy some IBM stock. :)

    With a “VPN service” (where they’ve already setup the servers, bandwidth, ordering method, and support) anyone can protect their data and identity over any network (hotspot, office, hotel) as well as have secure IM and secure file-sharing. If you want it secured end to end, you just need to both be using the same VPN service and initiate a direct connection if your IM provider isn’t peer to peer. On AIM, it’s an option called direct connect.

  2. Cody..you have skills and what you’re saying is correct, but many people don’t have your technical prowess or desire/time to set that up. Or, if you were jsut responding to Brian from IBM..I agree. Brian, if you have the miltary believing that, I need to buy some IBM stock. :)

    With a “VPN service” (where they’ve already setup the servers, bandwidth, ordering method, and support) anyone can protect their data and identity over any network (hotspot, office, hotel) as well as have secure IM and secure file-sharing. If you want it secured end to end, you just need to both be using the same VPN service and initiate a direct connection if your IM provider isn’t peer to peer. On AIM, it’s an option called direct connect.

  3. I can secure IM with 256-bit AES encryption…using SSH Dynamic Port Fowarding. It’s not that difficult. Plus, you can still use your favorite client, like Gaim.

  4. I can secure IM with 256-bit AES encryption…using SSH Dynamic Port Fowarding. It’s not that difficult. Plus, you can still use your favorite client, like Gaim.

  5. IM is, by nature, open. Basically, there are no foolproof tricks to make IM private, unless the product is designed for that from the ground up. But then it’s not open to all, only authenticated users. IBM makes a product called sametime that does IM and more, securely – It’s used by several branches of the military. We use that in house at IBM.

  6. IM is, by nature, open. Basically, there are no foolproof tricks to make IM private, unless the product is designed for that from the ground up. But then it’s not open to all, only authenticated users. IBM makes a product called sametime that does IM and more, securely – It’s used by several branches of the military. We use that in house at IBM.

  7. Hamachi is great for gamers and for connecting multiple computers in a WAN as if they were on the same LAN. Very neat stuff but it’s not a good choice for wifi security. The two companies mentioned previously, http://www.witopia.net and http://www.hotspotvpn.com, specialize in this and are both good choices. witopia is a lot cheaper for their open vpn-based SSL vpn, which is the same technology hotspotvpn uses for their hsvpn 2, but hotspotvpn offers monthly plans while you have to pay for a year of service with witopia. hsvpn offers a PPTP solution too (which I personally wouldn’t recommend as it’s much weaker security)for a lower price though. witopia also offers a hosted radius solution for protecting your wlan with 802.1x/wpa-enterprise as does boxedwireless.com. wpa-enterprise is much stronger than other means of wifi security but mostly used by businesses. might be overkill for a home user unless you’re quite serious(paranoid?) about security.

  8. Hamachi is great for gamers and for connecting multiple computers in a WAN as if they were on the same LAN. Very neat stuff but it’s not a good choice for wifi security. The two companies mentioned previously, http://www.witopia.net and http://www.hotspotvpn.com, specialize in this and are both good choices. witopia is a lot cheaper for their open vpn-based SSL vpn, which is the same technology hotspotvpn uses for their hsvpn 2, but hotspotvpn offers monthly plans while you have to pay for a year of service with witopia. hsvpn offers a PPTP solution too (which I personally wouldn’t recommend as it’s much weaker security)for a lower price though. witopia also offers a hosted radius solution for protecting your wlan with 802.1x/wpa-enterprise as does boxedwireless.com. wpa-enterprise is much stronger than other means of wifi security but mostly used by businesses. might be overkill for a home user unless you’re quite serious(paranoid?) about security.

  9. LayZ:

    “You seem flip flop between condescending and clueless.”

    As opposed to LayZ, who seems consistent at both!! :D

  10. LayZ:

    “You seem flip flop between condescending and clueless.”

    As opposed to LayZ, who seems consistent at both!! :D

  11. Thanks Scoble,

    Having someone with a lot of blog traffic post a how-do-we-do-this type question is helpful. There’s lots of HOWTOs out there on securing wifi, and most of the good ones have steps like “setup an SSH sever” with the assumption that you’ll already know how to do that. This kind of post tends to attract more user-level advice.

    Oh, and all you haters? L33t dudes, if you think only the ubergeeks read scoble, you are wrong. Does everybody know that wifi isn’t that secure? Yeah, but we don’t all fully understand by how much.

    Remember this: a good part of his reading audience is what used to be called “power users” back in the day. You know, people who figured out how do do stuff with command line DOS when their bosses were terrified of computers. People who hacked wacky excel macros to manipulate data because there were NO free-as-in-beer software environments with pretty highlighting.

    Power users aren’t dumb, they are just _not experts_. Why the *&%# should they be?

    Reality check here:
    Most users, even most power users don’t have a good mental model of how security across a network works. Why?

    1. Because of the craptastic OS that most of us use hides what really goes on.
    2. Because the explanations commonly used are oversimplified and inaccurate.
    3. Because the people who do know usually can’t be bothered to explain in a human-readable way.
    4. Because 60% of what we learn is secure this year is cracked the next.
    5. Vendors.

    Oh, you want me to talk about vendors? Heh. I mean, we’ve been sending plaintext email for 30 years, and when have you seen a webmail provider or a mail client that had pgp enabled by default? I’m not talking about hushmail, I’m asking what about _Yahoo_? What about Outlook Express? Vendors suck at this stuff. Not because they don’t have the engineering chops, but because they are…

    …er… I don’t know why, actually. Ethically challenged?
    Okay, here’s a moral challenge, all you Web 2.0 ers – what have you done today to give your _customers_ more security?

    -r.

  12. Thanks Scoble,

    Having someone with a lot of blog traffic post a how-do-we-do-this type question is helpful. There’s lots of HOWTOs out there on securing wifi, and most of the good ones have steps like “setup an SSH sever” with the assumption that you’ll already know how to do that. This kind of post tends to attract more user-level advice.

    Oh, and all you haters? L33t dudes, if you think only the ubergeeks read scoble, you are wrong. Does everybody know that wifi isn’t that secure? Yeah, but we don’t all fully understand by how much.

    Remember this: a good part of his reading audience is what used to be called “power users” back in the day. You know, people who figured out how do do stuff with command line DOS when their bosses were terrified of computers. People who hacked wacky excel macros to manipulate data because there were NO free-as-in-beer software environments with pretty highlighting.

    Power users aren’t dumb, they are just _not experts_. Why the *&%# should they be?

    Reality check here:
    Most users, even most power users don’t have a good mental model of how security across a network works. Why?

    1. Because of the craptastic OS that most of us use hides what really goes on.
    2. Because the explanations commonly used are oversimplified and inaccurate.
    3. Because the people who do know usually can’t be bothered to explain in a human-readable way.
    4. Because 60% of what we learn is secure this year is cracked the next.
    5. Vendors.

    Oh, you want me to talk about vendors? Heh. I mean, we’ve been sending plaintext email for 30 years, and when have you seen a webmail provider or a mail client that had pgp enabled by default? I’m not talking about hushmail, I’m asking what about _Yahoo_? What about Outlook Express? Vendors suck at this stuff. Not because they don’t have the engineering chops, but because they are…

    …er… I don’t know why, actually. Ethically challenged?
    Okay, here’s a moral challenge, all you Web 2.0 ers – what have you done today to give your _customers_ more security?

    -r.

  13. Rousingly good stuff here. I’m think that I’m beginning to get the post-MS blog strategy…blog about whatever is at the top of TechMeme in order to boost pagerank.

    Seems like it anyway

    Booger

  14. Rousingly good stuff here. I’m think that I’m beginning to get the post-MS blog strategy…blog about whatever is at the top of TechMeme in order to boost pagerank.

    Seems like it anyway

    Booger

  15. “I was talking with a geek who’ll remain unnamed and he was telling me how easy it is for someone to sit at a Starbucks, slurp off the local WiFi, and recreate almost everything you do”

    You mean, like Wireshark, tcpdump/tcpreplay, dsniff, ettercap, Cain and Abel, kismet, and ngrep? What about vulnerability scanners, like Nessus, Retina, and Sara? What about netcat, Hping2, nmap, and Metasploit?

    I really love how Scoble thinks he knows something we don’t. Really, Scoble? You can be attacked at a PUBLIC WIFI spot? You don’t say!

    Seriously, you’re a joke, Scoble. Go back to your Web 2.0.

  16. “I was talking with a geek who’ll remain unnamed and he was telling me how easy it is for someone to sit at a Starbucks, slurp off the local WiFi, and recreate almost everything you do”

    You mean, like Wireshark, tcpdump/tcpreplay, dsniff, ettercap, Cain and Abel, kismet, and ngrep? What about vulnerability scanners, like Nessus, Retina, and Sara? What about netcat, Hping2, nmap, and Metasploit?

    I really love how Scoble thinks he knows something we don’t. Really, Scoble? You can be attacked at a PUBLIC WIFI spot? You don’t say!

    Seriously, you’re a joke, Scoble. Go back to your Web 2.0.

  17. Can anyone recommend an easy-to-use SSH setup for Linux? I’ve got a Mandriva Linux running on a secondary box (I do very little or nothing with it most of the time) and wouldn’t mind at all setting it up to run SSH. I did set my main windows box up to run SSH and I set up a tunnel that way, but I never got it working on Linux. I think one of my problems was figuring out how to configure users for Linux SSH, but a full-on, easy-to-use SSH server setup guide for Linux would be super-helpful (and one for Mandriva extra-helpful). So far I haven’t been able to find one.

  18. Can anyone recommend an easy-to-use SSH setup for Linux? I’ve got a Mandriva Linux running on a secondary box (I do very little or nothing with it most of the time) and wouldn’t mind at all setting it up to run SSH. I did set my main windows box up to run SSH and I set up a tunnel that way, but I never got it working on Linux. I think one of my problems was figuring out how to configure users for Linux SSH, but a full-on, easy-to-use SSH server setup guide for Linux would be super-helpful (and one for Mandriva extra-helpful). So far I haven’t been able to find one.

Comments are closed.