User Tools

Site Tools


communication:security

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
communication:security [2017/10/27 00:34]
frater_secessus [Wireless security for nomads]
communication:security [2020/10/11 19:48] (current)
Line 4: Line 4:
   - the data is unencrypted at any point along the route   - the data is unencrypted at any point along the route
  
-**Short version:**  if you are using a secured website (banking, finance, medical, email, etc) it doesn't matter how you get there.  The transmitted data is [[https://en.wikipedia.org/wiki/Transport_Layer_Security|encrypted end-to-end]]:+**Short version:**  if you are using a secured website it doesn't matter how you get there.  The transmitted data is [[https://en.wikipedia.org/wiki/Transport_Layer_Security|encrypted end-to-end]]:
  
 > You could have an airplane write the transmitted data in the sky and it would still be safe.  You could tattoo it on your face and it would be safe.  You could paint it on the side of the empire state building and it would be safe. -- secessus > You could have an airplane write the transmitted data in the sky and it would still be safe.  You could tattoo it on your face and it would be safe.  You could paint it on the side of the empire state building and it would be safe. -- secessus
Line 11: Line 11:
  
 ==== using websites ==== ==== using websites ====
-{{ http://img.mousetrap.net/misc/https.jpg}}Websites are either secure (https:) or unsecure (http:).  Traditionally, the browser indicates with a padlock icon when sites are secure.  You can also click on that area to get security details such as the certifying authority, encryption type and number of bits, etc.+{{ http://img.mousetrap.net/misc/https.jpg}}Websites are either secure (generally prepended with https:) or unsecure (generally http:).  Traditionally, **the browser indicates with a padlock icon when sites are secure**.  You can also click on that area to get security details such as the certifying authority, encryption type and number of bits, etc.
  
 **If the website is secure the information is fully encrypted between your browser and the website**.  There is no reason to worry about that communication being intercepted or "sniffed" as it passes through.  **If the website is secure the information is fully encrypted between your browser and the website**.  There is no reason to worry about that communication being intercepted or "sniffed" as it passes through. 
Line 31: Line 31:
 If the website is secured it doesn't matter if the wifi is open or the mobile data has been compromised (stingrayed) by law enforcement or others.  If the website is secured it doesn't matter if the wifi is open or the mobile data has been compromised (stingrayed) by law enforcement or others. 
  
-If the website is not secured then password **protected wifi or mobile data may protect you from casual onlookers at that first hop**.((ie, at that McDonalds or between your phone and the tower.  Rogue wifi admins or rogue LEOs would still be able to see that traffic))  The rest of the journey is not affected by what happens in the first hop and you shouldn't be transmitting sensitive data to unsecured websites anyhow.+If the website is not secured then password **protected wifi or mobile data may protect you from casual onlookers at that first hop**((ie, at that McDonalds or between your phone and the tower.  Rogue wifi admins or rogue LEOs would still be able to see that traffic)) but that is all. The rest of the journey is not affected by what happens in the first hop and you shouldn't be transmitting sensitive data to unsecured websites anyhow.
  
 It is a fallacy to think open wifi connections present any threat to connections to secured websites. \\ It is a fallacy to think open wifi connections present any threat to connections to secured websites. \\
Line 41: Line 41:
  
 The real value of a VPN is:   The real value of a VPN is:  
-  * hide one's IP address from the world in order to foil geolocation +  * hide one's IP address from the world in order to foil geolocation.  A common example is you want to use a streaming service not available in your country. 
-  * hide traffic from an employer, ISP, or someone else //in the first few hops//.  It does not increase security for people already using secured websites since those are already encrypted.+  * hide one's IP address from the world to complicate identification.  Maybe you are a political dissident, pirate, etc.  Maybe you are just a private person. 
 +  * hide traffic from an employer, ISP, or someone else //in the first few hops//.  Maybe you want to avoid content-related throttling. 
 + 
 + 
 +Those with a *nix shell elsewhere and a bit of skill can use [[https://duckduckgo.com/?q=ssh+tunnelling&ia=web|ssh tunneling]] as a "poor man's VPN" Windows users typically run [[https://duckduckgo.com/?q=ssh+tunnelling+putty&ia=web|putty]].
  
 ==== what about Three Letter Agencies ==== ==== what about Three Letter Agencies ====
communication/security.1509078880.txt.gz · Last modified: 2020/10/11 19:48 (external edit)