Privacy for provider using hotel wifi?

[KerryHutchins]

Sorry if this has been covered but I couldn't find a comparable thread.

Just wondered what security concerns a provider (or client, for that matter) could have in using a hotel's free wifi. Besides exposing your password, just logging onto P411, for example, could give the house dick a clue as to what is happening in room xyz.

Something that crossed my mind.

[Unique_Carpenter]

Staff don't have time to watch the security cameras let alone snoop wireless connected web sites. But of course there's always the needle in a haystack or someone does win the lottery odds.
Besides a lot of hotels do block selected web sites.

But a decent handheld with a nice data plan doesn't need to use the hotel system.

[MarkusH]

Quote:

Originally Posted by KerryHutchins

Sorry if this has been covered but I couldn't find a comparable thread.

Just wondered what security concerns a provider (or client, for that matter) could have in using a hotel's free wifi. Besides exposing your password, just logging onto P411, for example, could give the house dick a clue as to what is happening in room xyz.

Something that crossed my mind.

I would suggest not using the hotel WiFi. Prepaid data plans are about $30 per month. Worth the investment for a provider.

[Noid]

Kaspersky encrypts browsing on untrusted networks.

[ck1942]

Yes, Kaspersky will shield the actual data flow, but merely logging into the hotel wi-fi obviously exposes certain data, such as the distant IP which can always be easily resolved to match that location, assuming that location is not blocked by the hotel's system.

Some will posit that using a VPN (virtual private network) can avoid the issue, but, depending on where the access point is to the VPN, the wi-fi may also prohibit that.

When traveling and hoteling, my personal hobby and banking security arrangement is to activate my cellphone "hot spot" and connect my laptop to that to avoid any hotel wi-fi sniffing either by the hotel carrier or someone in a nearby room trying to hack hotel occupants.

Most smart phones and iPhones have this capability and users with expansive data plans won't get hit with overuse charges.

[Lena Duvall]

Solid!

Quote:

Originally Posted by ck1942

Yes, Kaspersky will shield the actual data flow, but merely logging into the hotel wi-fi obviously exposes certain data, such as the distant IP which can always be easily resolved to match that location, assuming that location is not blocked by the hotel's system.

Some will posit that using a VPN (virtual private network) can avoid the issue, but, depending on where the access point is to the VPN, the wi-fi may also prohibit that.

When traveling and hoteling, my personal hobby and banking security arrangement is to activate my cellphone "hot spot" and connect my laptop to that to avoid any hotel wi-fi sniffing either by the hotel carrier or someone in a nearby room trying to hack hotel occupants.

Most smart phones and iPhones have this capability and users with expansive data plans won't get hit with overuse charges.

[Unique_Carpenter]

Quote:

Originally Posted by ck1942

... activate my cellphone "hot spot" and connect my laptop to that to avoid any hotel wi-fi sniffing either by the hotel carrier or someone in a nearby room trying to hack hotel occupants.

Most smart phones and iPhones have this capability and users with expansive data plans won't get hit with overuse charges.

I agree with Lena. This ^^^^^^

ck's write is an excellent detailed version of my brief mention.
In addition to laptops, pads and other equip. can also connect.
I use Kapersky also and note that they have a version for handhelds.

[fidelito]

Find a tech-saavy (as in a software developer or IT admin) friend you trust and have them set up your own VPN server for you in a cloud server (will cost you about $5 / month on DigitalOcean).

Here's a detailed technical guide to how this can be done: https://arstechnica.com/gadgets/2017...rcial-options/

The hotel wifi, or any public wifi, is not trustworthy. Not only because of the people running it, but because it's easy for anyone nearby with the right tools to hack it and see what you're up to (if it's not encrypted). Cell phone networks are not safe from the government, of course, and available to LE if they really really want to get you for something (don't know how likely it is they would go to such lengths, but it's technically possible).

So my advice is to use your own VPN in a cloud server. You would then trust the cloud provider with your internet traffic, but thus far they arguably have a better track record at keeping their networks safe from prying eyes (would be bad for business otherwise).

This is off-topic, but since you mentioned P411... that service sounds so frightfully insecure. If they are ever compromised, all its users will be in over a barrel big time if their data is ever leaked. I could be wrong and they could have a super-secure service run by ex-NSA hackers or something, but my guess is that they don't. The only secure way to build a service like that is to use end-to-end encryption so that no one can read its data except for the participants. There are technical solutions for that, like keybase.io, but P411 would have to be built on top of that technology.

[ck1942]

Just another point of order.

Cell phones and plans are so darn cheap these days, it might be a lot more secure just to use cell data rather than fret about wi-fi in the aggregate.

[Vivienne Rey]

What about Windscribe?

https://windscribe.com/

[sketchball82]

Just use the onion network to browse. The onion network encrypts your data three fold and each layer of encryption is removed by the next anonymous onion relay. Even the onion relays dont know which lyer they're removing. They dont know if the i coming packet is feom you or a relay, or if the outgoing packet is a destination server or another relay. So even if one server is compromised or a destination server is sniffed, you and your data are not compromised.

Download the onion network browser (TOR) to automatically use this techinique.

The only caution I have is that all trwffic does not use the TOR network, so other software (not the TOR browse and non-TOR plugins for the browser, such as java or flash) can conpromise your data and/or real IP. Just use it for general web traffic.

[ShysterJon]

I keep track of these tech nerd posts in the legal forum in case I ever have insomnia.

[oldbutstillgoing]

Quote:

Originally Posted by fidelito

.otherwise).

This is off-topic, but since you mentioned P411... that service sounds so frightfully insecure. If they are ever compromised, all its users will be in over a barrel big time if their data is ever leaked.

Not true. No RL info that could possibility be used is ever on the server. Some RL info is used to verify the members, client and provider. But once the account is set up, even that is discarded. So if the site were hacked, handles could be seen, any messages, profiles, etc could be seen, but there is no direct way to connect them to any real person. As the server is in Canada, where their service is legal, we have no concerns of US LE being able to get court approved access to the info. And, if they don't log IP's ( though I have no idea if they do or not), then the is almost 0% chance of any real world repercussions from using the site. In theory, someone could hijack the site and log IP addresses but still no actual RL info is kept there.

And contrary to what some may say, just having an IP address does not tell anyone who or even where exactly a person is. For example, I did a look up on my IP address. It did correctly locate me in Texas. Some service said I was in Ft Worth, one actuality came close to my city but missed it. They all knew I was with Time Warner.

Use a mobile device like a tablet or phone and the IP address quickly becomes useless as you move around and it changes.

Now, a hacker with the right tools, does have a good chance of accessing a computer remotely using the IP address. But, if you apply all your updates, have up to date, current antivirus, use a firewall, etc, the odds go way down that a bot will be able to break in your computer. There is no way to keep someone with enough skills out if they really want in, but why would they? What hacker is going to randomly pick an IP address then go to the effort to hack it unless they know there is something to get?

[honeydavis]

Quote:

Originally Posted by KerryHutchins

Sorry if this has been covered but I couldn't find a comparable thread.

Just wondered what security concerns a provider (or client, for that matter) could have in using a hotel's free wifi. Besides exposing your password, just logging onto P411, for example, could give the house dick a clue as to what is happening in room xyz.

Something that crossed my mind.

PM or text me.

[LexusLover]

Quote:

Originally Posted by ck1942

Just another point of order.

And here's another ... deactivate your "wifi" setting on the phone.

And just a general thought from all the cell/internet "gurus" ...

... local agencies "partner" with Homeland Security and have available their assets for real time data gathering ... emails, texting, and voice (now people are actually using the "video" app to be "cool"!).

Good luck with the all those "fool proof" encryption apps.

BTW: Has anyone on here explored the "world" of "fake cell towers"?