With my newly started series about the Dark web (which will still continue) I had an idea about how I could ‘branch out’ for a bit, as there are some convergent things here that are of interest to us. The shared aspect of someone’s activity on the Dark web and your daily usage of your favorite internet browser does indeed boil down to two things – privacy and anonymity.
I want to expand a bit on that, and I will try to look at it from a few different angles, but for this article I want to talk about the usage of Public Wi-Fi for privacy, and anonymity.
When you’re on a public hotspot keep in mind that the owner of that hotspot is in fact Man in The Middle. This means that they can see your traffic, inject into your traffic, other users on the network can as well look at your traffic, attack you, even directly through your open ports. Also, this hotspot doesn’t need to be the hotspot you think you’re connecting to.
That’s a lot of different risks coming at you all at once. But how would you go on about dealing with this? And I don’t mean not using the hotspot; let’s say that for some reason we must use that risky public hotspot.
One good thing to do (as a best practice of sorts) is to disable whatever wireless technology you’re not using, for example, Bluetooth, 3G, etc. It will also save some battery. If you must, try using a hotspot that has WPA2, AES, and avoid any hotspot that’s using WEP, for example. Just run from those.
Also, use SSL and TLS for encryption because without end-to-end encryption a threat actor might inject packets and attack you or your browser. Generally, for anything that’s sent from your device, use encryption. This is somewhere where your VPN might jump in.
The idea here is that the whole OS you’re on is sending data that’s encrypted, because you don’t want some stuff that’s in the background not to go through the encrypted tunnel messing your whole operation up.
One other good thing to do is set up a firewall profile for public hotspots/networks.
Lastly, you can bring hardware into the mix by using a portable router/firewall and connect it to the hotspot. The above ideas are the same as for the hardware, to add a layer of security to your connection, and hardware achieves that through physical separation. Of course, this might not be the best option for you, but in that case, at least try to stick with the bare minimum setup, and use a VPN, close those ports and services you won’t be needing don’t make it easier for your friendly neighbourhood hacker to compromise you.
On the flip side, public networks/hotspots, like internet café’s, airports, hotels, etc, are a good way to protect your anonymity; given, if you set up correctly, and if those networks provide anonymous connection.
Since this internet connection isn’t registered to you, nor should have any connections to you, it is a good way to keep your anonymity.
The things you should do when you’re going to visit one of these public places to access Internet anonymously
This whole scenario (somewhat) implies that your adversary has significant resources, and the consequences would be dire for you. Even if that’s not the case, in my opinion, you can’t really overdo this stuff, as you can never be truly 100% risk-free and/or secure which is why this has a place on the discussion panel – in my opinion.
I am very interested in this topic, and for me this is all for educational purposes. Please be careful, know the risks, as well as your limitations, and please don’t do any illegal activity! I don’t want to bore you, nor to digress any more, but I feel the need to say this out loud, just in case.
You will also want to follow your OpSec rules (this is something I covered previously, but as a refresher I will add the list below too – slightly variated)
Don’t talk openly about stuff that’s important i.e., mission critical
Don’t trust anyone
Don’t contaminate your identities
Be paranoid (better now, than later)
Stay under the radar – if you’re a dissident, don’t tweet your political opinions, etc. – make yourself ordinary as you can
Avoid logging whatever you can; if you can – destroy it. It’s better to not have it than to keep it encrypted, no matter the algorithm keeping your stuff secure…
Everything should be encrypted, even non-sensitive data
Treat your OpSec as a very serious thing, as it is.
To get back on our topic, ideally, you will have no pattern when visiting said public places where you will be accessing the Internet. You will vary your distance, you will choose those places at random, you will look for the busier ones, where more users go through, if possible, also vary the times you visit the said public places. Also, don’t bring a phone that can be tied to your identity that you don’t want to be associated with your internet connection, as it will be.
Try to fit in, avoid talking too much, and avoid standing out. Try to sit where you can see everything, ideally keep your back to a wall. You want to see everything/everyone coming at you so you can theoretically react in time.
For an extra-paranoid option, wipe the prints from the table, glasses, whatnot, basically don’t leave your DNA.
Also, remember – if you don’t own the machine you’re on – you’re fully vulnerable if you’re using your own accounts or stuff like that! (In case of the Internet café’s where you use their computers, as everything can be logged). There are mitigations for this (like pre-encrypting your stuff before using the public PC for that), but I would advise you to just not opt for going this route. Just avoid this option like the plague, if at all possible.
Another thing to note is that you can access hotspots from a distance, and I intend to expand on that a bit more, but don’t mistake public hotspots for anonymizing services. You should still send your traffic through an encrypted tunnel and follow all the OpSec rules that are relevant for your own threat model.
This has been a short intro on public hotspots and how to behave when you’re out there in the wild and you care about your privacy, security, and anonymity. I will expand on this for quite a bit, as I intend to cover the above mentioned accessing of the hotspots from a distance, as well as many other tips and tricks you might find useful on your privacy, security, and anonymity journey.
Cover image by Parker Coffman
#privacy #anonymity #public-hotspots
About Version 2
Version 2 is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
TOPIA is a consolidated vulnerability management platform that protects assets in real time. Its rich, integrated features efficiently pinpoint and remediate the largest risks to your cyber infrastructure. Resolve the most pressing threats with efficient automation features and precise contextual analysis.