info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Classic college kid Internet privacy question
2 views
Skip to first unread message
Robin Goodfellow
Oct 23, 2021, 6:06:38 PM10/23/21
to
Classic college kid basic Internet privacy question.
1. Kid is a freshman who was brought up on privacy.
2. Kid is in a dorm apt with school Wi-Fi & Ethernet (2 ports).
3. Understandably, kid wants privacy on his Internet connections.
Kid has the following hardware in his dorm room.
A. 5G Android smartphone
B. Desktop with Wi-Fi & Ethernet (unknown if it's both 2.4 & 5GHz)
C. Laptop with Wi-Fi & Ethernet (unknown if it's both 2.4 & 5GHz)
What options do we have?
a. Kid is on USA T-Mobile which provides only 5GB/month free hotspot.
b. I don't think a free public Wi-Fi or WISP is in the cards.
c. I doubt the school would allow Comcast cable in a dorm room.
Kid says 5GB isn't enough so I can ask his parents to change their plan
(he's my grandchild) but increasing his hotspot amount is only one possible
solution given he thinks the hotspotting is too slow already.
Personally I can go a year on 5GB of cellular data but I'm 4 times his age.
Kid today asked for a router for Christmas (I have no problem with that).
Which is what prompted this query.
What options do we have given the goal is privacy from the school?
(I didn't ask why because I'm an adult so I know anyone who asks why isn't
usually an adult because every adult understands privacy needs are basic.)
This is a technical question, not a moral question.
What are his technical options given a typical college environment?
--
I have a spare 2.4GHz Netgear WNR834Bv2 A/G/N router which I'm willing to
flash with something that may help, perhaps turning it into a VPN router?
Kid knows all about software VPN and privacy based browsers.
Kid mostly wants gaming, I think (as far as he has told me anyway).
However, I don't ask why someone wants privacy because asking why is like
asking why they would want to breathe fresh air - it's a basic right.
1. Kid is a freshman who was brought up on privacy.
2. Kid is in a dorm apt with school Wi-Fi & Ethernet (2 ports).
3. Understandably, kid wants privacy on his Internet connections.
Kid has the following hardware in his dorm room.
A. 5G Android smartphone
B. Desktop with Wi-Fi & Ethernet (unknown if it's both 2.4 & 5GHz)
C. Laptop with Wi-Fi & Ethernet (unknown if it's both 2.4 & 5GHz)
What options do we have?
a. Kid is on USA T-Mobile which provides only 5GB/month free hotspot.
b. I don't think a free public Wi-Fi or WISP is in the cards.
c. I doubt the school would allow Comcast cable in a dorm room.
Kid says 5GB isn't enough so I can ask his parents to change their plan
(he's my grandchild) but increasing his hotspot amount is only one possible
solution given he thinks the hotspotting is too slow already.
Personally I can go a year on 5GB of cellular data but I'm 4 times his age.
Kid today asked for a router for Christmas (I have no problem with that).
Which is what prompted this query.
What options do we have given the goal is privacy from the school?
(I didn't ask why because I'm an adult so I know anyone who asks why isn't
usually an adult because every adult understands privacy needs are basic.)
This is a technical question, not a moral question.
What are his technical options given a typical college environment?
--
I have a spare 2.4GHz Netgear WNR834Bv2 A/G/N router which I'm willing to
flash with something that may help, perhaps turning it into a VPN router?
Kid knows all about software VPN and privacy based browsers.
Kid mostly wants gaming, I think (as far as he has told me anyway).
However, I don't ask why someone wants privacy because asking why is like
asking why they would want to breathe fresh air - it's a basic right.
Marco Moock
Oct 24, 2021, 4:01:18 AM10/24/21
to
Am Sat, 23 Oct 2021 22:06:35 +0000
schrieb Robin Goodfellow <Ancient...@Heaven.Net>:
> 2. Kid is in a dorm apt with school Wi-Fi & Ethernet (2 ports).
Use this net and only connect through a VPN or TOR.
Restrict that by certain firewall rules.
You can run a TOR client that provides a SOCKS proxy server. The
computer the kid uses is directly connected to that computer (not
Routing or NAT enabled, just connected via Ehernet) and only uses the
SOCKS proxy on it.
schrieb Robin Goodfellow <Ancient...@Heaven.Net>:
> 2. Kid is in a dorm apt with school Wi-Fi & Ethernet (2 ports).
Restrict that by certain firewall rules.
You can run a TOR client that provides a SOCKS proxy server. The
computer the kid uses is directly connected to that computer (not
Routing or NAT enabled, just connected via Ehernet) and only uses the
SOCKS proxy on it.
Robin Goodfellow
Oct 24, 2021, 2:33:06 PM10/24/21
to
Marco Moock <inv...@invalid.invalid> asked
that is, which I very much appreciate given your knowledge of networking
surpasses that of mine.
Two things were already done, one by his parents, the other by me.
1. The parents doubled his cellular hotspot from 5GB to 10GB for $10/month
2. I flashed the extra Netgear WNR834Bv2 with this "chk" file from dd-wrt
<https://wiki.dd-wrt.com/wiki/index.php/Netgear_WNR834Bv2>
<ftp://ftp.dd-wrt.com/betas/2015/08-25-2015-r27745/broadcom/dd-wrt.v24_mini-wnr834bv2.chk>
Regarding VPN or TOR, he is mostly gaming, I think, neither of which
really lends itself to TOR (at least not the Tor Browser Bundle anyway).
I'm sure there is a way to set up the entire system on TOR/Socks
but I've tried that about 10 or 15 years ago and it was miserable
(privoxy and all that) to do.
Therefore the only TOR he's using is the Tor Browser Bundle,
which isn't, he says, useful for gaming.
The VPN he's using are the free vpns, which, as you may know,
aren't all that reliable (and which don't have many locales
inside the USA usually).
If I understand your suggestion correctly, we can set up an entire
computer to run nothing but TOR/SOCKS, which is what the kid can
connect to directly from his desktop (but he also wants to use
his phone cellular, apparently).
There is a $90 T-Mobile mobile hotspot device which, for $55/month
gives him everything he's asking for (50GB/month of cellular data)
but of course, that's $600 per year which is a bit steep of a price
to pay when he _already_ has "free" Internet provided by the school.
I'm working on figuring out how adding "VPN" to a router works,
where I've figured out that Netgear uses "chk" files first.
<https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=776979>
and then once dd-wrt is on that router, it can take a further
dd-wrt "bin" file, but I don't know (yet) which bin to use.
<https://dd-wrt.com/support/router-database/?model=WNR834B_v2>
And, I don't want to guess (as bricking is always around the corner).
At that location are seven dd-wrt "bin" files, but which one do I use?
1) DD-WRT: Broadcom Generic -= K2.4 - Mini dd-wrt.v24_std_generic.bin
<https://download1.dd-wrt.com/dd-wrtv2/downloads/betas/2020/11-03-2020-r44715/broadcom/dd-wrt.v24_std_generic.bin>
2) DD-WRT: Broadcom Generic -= K2.4 - Mini dd-wrt.v24_mini_generic.bin
<https://download1.dd-wrt.com/dd-wrtv2/downloads/betas/2020/11-03-2020-r44715/broadcom/dd-wrt.v24_mini_generic.bin>
3) DD-WRT: Broadcom Generic -= K2.4 - Micro dd-wrt.v24_micro_generic.bin
<https://download1.dd-wrt.com/dd-wrtv2/downloads/betas/2020/11-03-2020-r44715/broadcom/dd-wrt.v24_micro_generic.bin>
4) DD-WRT: Broadcom Generic -= K2.4 - Micro + OLSRD dd-wrt.v24_mini-wnr834bv2.chk
<https://download1.dd-wrt.com/dd-wrtv2/downloads/betas/2020/11-03-2020-r44715/broadcom/dd-wrt.v24_micro_olsrd_generic.bin>
5) DD-WRT: Broadcom Generic -= K2.4 - Mini dd-wrt.v24_nokaid_generic.bin
<https://download1.dd-wrt.com/dd-wrtv2/downloads/betas/2020/11-03-2020-r44715/broadcom/dd-wrt.v24_nokaid_generic.bin>
6) DD-WRT: Broadcom Generic -= K2.4 - Mini dd-wrt.v24_voip_generic.bin
<https://download1.dd-wrt.com/dd-wrtv2/downloads/betas/2020/11-03-2020-r44715/broadcom/dd-wrt.v24_voip_generic.bin>
7) DD-WRT: Broadcom Generic -= K2.4 - Mini dd-wrt.v24_vpn_generic.bin
<https://download1.dd-wrt.com/dd-wrtv2/downloads/betas/2020/11-03-2020-r44715/broadcom/dd-wrt.v24_vpn_generic.bin>
Notice the _last_ one has "vpn" in the name, so one might intuit
that it's the one to use, but knowing that bricking routers is a
distinct possibility, just guessing without any other data is usually
not a good idea when it comes to flashing firmware.
I think the VPN router "might" replace your "TOR/SOCKS computer" in
the suggested scenario (as I don't have an extra PC to give the kid).
If I understand VPN routers, we still need to pay for a reliable VPN
service but after that, the school will only see the (faked) MAC
address of the VPN router for _all_ his traffic (whether it's Wi-Fi
or Ethernet from his phone or from his desktop or from his laptop).
And, if I understand it correctly, _all_ that traffic will be
connected to a single IP address (of the VPN) and it will all
be encrypted.
The school will know he's using VPN, and they'll know all the
metadata of the size and timing of the packets, but that's it
(am I correct?)
If that's a good plan (lowest cost, best compromise on privacy),
then all I need to do now is find a tutorial for setting up
dd-wrt as a VPN router. I think I need to flash another "bin" file
(after the initial "chk" file though - but I don't know which one).
In theory, does this sound like a low-cost plan that "can" work?
1. I put VPN on the extra router & set the MAC to look like a PC
2. I set dd-wrt to always log into a (paid?) public VPN service
3. The kid connects _everything_ to that VPN router
Does _that_ approach give the kid the privacy he is asking for?
>> 2. Kid is in a dorm apt with school Wi-Fi & Ethernet (2 ports).
> Use this net and only connect through a VPN or TOR.
> Restrict that by certain firewall rules.
> You can run a TOR client that provides a SOCKS proxy server. The
> computer the kid uses is directly connected to that computer (not
> Routing or NAT enabled, just connected via Ehernet) and only uses the
> SOCKS proxy on it.
Thanks Marco Mock for hazarding advice, as I am well aware how risky
> Use this net and only connect through a VPN or TOR.
> Restrict that by certain firewall rules.
> You can run a TOR client that provides a SOCKS proxy server. The
> computer the kid uses is directly connected to that computer (not
> Routing or NAT enabled, just connected via Ehernet) and only uses the
> SOCKS proxy on it.
that is, which I very much appreciate given your knowledge of networking
surpasses that of mine.
Two things were already done, one by his parents, the other by me.
1. The parents doubled his cellular hotspot from 5GB to 10GB for $10/month
2. I flashed the extra Netgear WNR834Bv2 with this "chk" file from dd-wrt
<https://wiki.dd-wrt.com/wiki/index.php/Netgear_WNR834Bv2>
<ftp://ftp.dd-wrt.com/betas/2015/08-25-2015-r27745/broadcom/dd-wrt.v24_mini-wnr834bv2.chk>
Regarding VPN or TOR, he is mostly gaming, I think, neither of which
really lends itself to TOR (at least not the Tor Browser Bundle anyway).
I'm sure there is a way to set up the entire system on TOR/Socks
but I've tried that about 10 or 15 years ago and it was miserable
(privoxy and all that) to do.
Therefore the only TOR he's using is the Tor Browser Bundle,
which isn't, he says, useful for gaming.
The VPN he's using are the free vpns, which, as you may know,
aren't all that reliable (and which don't have many locales
inside the USA usually).
If I understand your suggestion correctly, we can set up an entire
computer to run nothing but TOR/SOCKS, which is what the kid can
connect to directly from his desktop (but he also wants to use
his phone cellular, apparently).
There is a $90 T-Mobile mobile hotspot device which, for $55/month
gives him everything he's asking for (50GB/month of cellular data)
but of course, that's $600 per year which is a bit steep of a price
to pay when he _already_ has "free" Internet provided by the school.
I'm working on figuring out how adding "VPN" to a router works,
where I've figured out that Netgear uses "chk" files first.
<https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=776979>
and then once dd-wrt is on that router, it can take a further
dd-wrt "bin" file, but I don't know (yet) which bin to use.
<https://dd-wrt.com/support/router-database/?model=WNR834B_v2>
And, I don't want to guess (as bricking is always around the corner).
At that location are seven dd-wrt "bin" files, but which one do I use?
1) DD-WRT: Broadcom Generic -= K2.4 - Mini dd-wrt.v24_std_generic.bin
<https://download1.dd-wrt.com/dd-wrtv2/downloads/betas/2020/11-03-2020-r44715/broadcom/dd-wrt.v24_std_generic.bin>
2) DD-WRT: Broadcom Generic -= K2.4 - Mini dd-wrt.v24_mini_generic.bin
<https://download1.dd-wrt.com/dd-wrtv2/downloads/betas/2020/11-03-2020-r44715/broadcom/dd-wrt.v24_mini_generic.bin>
3) DD-WRT: Broadcom Generic -= K2.4 - Micro dd-wrt.v24_micro_generic.bin
<https://download1.dd-wrt.com/dd-wrtv2/downloads/betas/2020/11-03-2020-r44715/broadcom/dd-wrt.v24_micro_generic.bin>
4) DD-WRT: Broadcom Generic -= K2.4 - Micro + OLSRD dd-wrt.v24_mini-wnr834bv2.chk
<https://download1.dd-wrt.com/dd-wrtv2/downloads/betas/2020/11-03-2020-r44715/broadcom/dd-wrt.v24_micro_olsrd_generic.bin>
5) DD-WRT: Broadcom Generic -= K2.4 - Mini dd-wrt.v24_nokaid_generic.bin
<https://download1.dd-wrt.com/dd-wrtv2/downloads/betas/2020/11-03-2020-r44715/broadcom/dd-wrt.v24_nokaid_generic.bin>
6) DD-WRT: Broadcom Generic -= K2.4 - Mini dd-wrt.v24_voip_generic.bin
<https://download1.dd-wrt.com/dd-wrtv2/downloads/betas/2020/11-03-2020-r44715/broadcom/dd-wrt.v24_voip_generic.bin>
7) DD-WRT: Broadcom Generic -= K2.4 - Mini dd-wrt.v24_vpn_generic.bin
<https://download1.dd-wrt.com/dd-wrtv2/downloads/betas/2020/11-03-2020-r44715/broadcom/dd-wrt.v24_vpn_generic.bin>
Notice the _last_ one has "vpn" in the name, so one might intuit
that it's the one to use, but knowing that bricking routers is a
distinct possibility, just guessing without any other data is usually
not a good idea when it comes to flashing firmware.
I think the VPN router "might" replace your "TOR/SOCKS computer" in
the suggested scenario (as I don't have an extra PC to give the kid).
If I understand VPN routers, we still need to pay for a reliable VPN
service but after that, the school will only see the (faked) MAC
address of the VPN router for _all_ his traffic (whether it's Wi-Fi
or Ethernet from his phone or from his desktop or from his laptop).
And, if I understand it correctly, _all_ that traffic will be
connected to a single IP address (of the VPN) and it will all
be encrypted.
The school will know he's using VPN, and they'll know all the
metadata of the size and timing of the packets, but that's it
(am I correct?)
If that's a good plan (lowest cost, best compromise on privacy),
then all I need to do now is find a tutorial for setting up
dd-wrt as a VPN router. I think I need to flash another "bin" file
(after the initial "chk" file though - but I don't know which one).
In theory, does this sound like a low-cost plan that "can" work?
1. I put VPN on the extra router & set the MAC to look like a PC
2. I set dd-wrt to always log into a (paid?) public VPN service
3. The kid connects _everything_ to that VPN router
Does _that_ approach give the kid the privacy he is asking for?
Marco Moock
Oct 24, 2021, 3:01:27 PM10/24/21
to
Am Sun, 24 Oct 2021 18:33:02 +0000
schrieb Robin Goodfellow <Ancient...@Heaven.Net>:
> Regarding VPN or TOR, he is mostly gaming, I think, neither of which
> really lends itself to TOR (at least not the Tor Browser Bundle
> anyway).
> I'm sure there is a way to set up the entire system on TOR/Socks
> but I've tried that about 10 or 15 years ago and it was miserable
> (privoxy and all that) to do.
It works, but tor has high latency and because of that isn't capable
for real time communication like gaming.
> The VPN he's using are the free vpns, which, as you may know,
> aren't all that reliable (and which don't have many locales
> inside the USA usually).
>
> If I understand your suggestion correctly, we can set up an entire
> computer to run nothing but TOR/SOCKS, which is what the kid can
> connect to directly from his desktop (but he also wants to use
> his phone cellular, apparently).
Much harder because Google and Apple are bad companies restricting what
users can do and restrict proxy usage to web browsers only. As I know
Android only supports an HTTP proxy, so you would need an HTTP/SOCKS
proxy connector too.
> I'm working on figuring out how adding "VPN" to a router works,
That would be a solution. The kid is then directly connected via the
VPN and the VPN router creates the VPN tunnel.
> I think the VPN router "might" replace your "TOR/SOCKS computer" in
> the suggested scenario (as I don't have an extra PC to give the kid).
Yes, makes it much easier.
> If I understand VPN routers, we still need to pay for a reliable VPN
> service but after that, the school will only see the (faked) MAC
> address of the VPN router for _all_ his traffic (whether it's Wi-Fi
> or Ethernet from his phone or from his desktop or from his laptop).
True. They only see that VPN routers interface to them and the metadata.
IPv4 addresses.
IPv6 is normally global, so every device gets its own global IPv6
address.
> The school will know he's using VPN, and they'll know all the
> metadata of the size and timing of the packets, but that's it
> (am I correct?)
True
firmware. There are many models that support that, but some
manufactures create barriers to do so, for my TP Link I needed to set
up a TFTP server and use the recovery feature of that device to install
a foreign (non TP link) firmware on it.
nothing else.
Also think about locking the computer when not using and encrypting all
hard disks to ensure nobody can gain access to the data/manipulate the
computer this way.
schrieb Robin Goodfellow <Ancient...@Heaven.Net>:
> Regarding VPN or TOR, he is mostly gaming, I think, neither of which
> really lends itself to TOR (at least not the Tor Browser Bundle
> anyway).
> I'm sure there is a way to set up the entire system on TOR/Socks
> but I've tried that about 10 or 15 years ago and it was miserable
> (privoxy and all that) to do.
for real time communication like gaming.
> The VPN he's using are the free vpns, which, as you may know,
> aren't all that reliable (and which don't have many locales
> inside the USA usually).
>
> If I understand your suggestion correctly, we can set up an entire
> computer to run nothing but TOR/SOCKS, which is what the kid can
> connect to directly from his desktop (but he also wants to use
> his phone cellular, apparently).
users can do and restrict proxy usage to web browsers only. As I know
Android only supports an HTTP proxy, so you would need an HTTP/SOCKS
proxy connector too.
> I'm working on figuring out how adding "VPN" to a router works,
VPN and the VPN router creates the VPN tunnel.
> I think the VPN router "might" replace your "TOR/SOCKS computer" in
> the suggested scenario (as I don't have an extra PC to give the kid).
> If I understand VPN routers, we still need to pay for a reliable VPN
> service but after that, the school will only see the (faked) MAC
> address of the VPN router for _all_ his traffic (whether it's Wi-Fi
> or Ethernet from his phone or from his desktop or from his laptop).
> And, if I understand it correctly, _all_ that traffic will be
> connected to a single IP address (of the VPN) and it will all
> be encrypted.
Depends on the VPN operator. Some use IPv4-NAT, some give you public
> connected to a single IP address (of the VPN) and it will all
> be encrypted.
IPv4 addresses.
IPv6 is normally global, so every device gets its own global IPv6
address.
> The school will know he's using VPN, and they'll know all the
> metadata of the size and timing of the packets, but that's it
> (am I correct?)
> If that's a good plan (lowest cost, best compromise on privacy),
> then all I need to do now is find a tutorial for setting up
> dd-wrt as a VPN router. I think I need to flash another "bin" file
> (after the initial "chk" file though - but I don't know which one).
You nee a router that a) supports dd-wrt and is able to flash foreign
> then all I need to do now is find a tutorial for setting up
> dd-wrt as a VPN router. I think I need to flash another "bin" file
> (after the initial "chk" file though - but I don't know which one).
firmware. There are many models that support that, but some
manufactures create barriers to do so, for my TP Link I needed to set
up a TFTP server and use the recovery feature of that device to install
a foreign (non TP link) firmware on it.
> In theory, does this sound like a low-cost plan that "can" work?
> 1. I put VPN on the extra router & set the MAC to look like a PC
> 2. I set dd-wrt to always log into a (paid?) public VPN service
> 3. The kid connects _everything_ to that VPN router
Sound ok
> 1. I put VPN on the extra router & set the MAC to look like a PC
> 2. I set dd-wrt to always log into a (paid?) public VPN service
> 3. The kid connects _everything_ to that VPN router
> Does _that_ approach give the kid the privacy he is asking for?
It gives you protection against surveillance from the scholl, but
nothing else.
Also think about locking the computer when not using and encrypting all
hard disks to ensure nobody can gain access to the data/manipulate the
computer this way.
0 new messages