How-To Geek

What You Said: How Do You Browse Securely Away From Home?


Responses to this week’s Ask the Reader question show that just because you’re away from home doesn’t mean you have to give up the security and privacy that your home network provides.

Earlier this week we asked you to share you browsing away from home security tips and tricks and obliged. JC offered one of the more entertaining tales of away-from-home browsing:

Recently a bunch of us stayed at a high end resort down in Mexico. Internet was offered as a pay per device service at about $80/week/device. Considering we had about 12 wifi devices there among us(a few geeks), I decided to plan ahead. I setup a WRT54G as a WiFi client with a vpn back to my house and NAT. Setup a second one as a basic wireless access point with password and plugged it into the first.

Onsite we setup the devices and connected to the wireless with one paid account(tied to the MAC address). Everyone connected to the other device for wireless access and it was all tunnelled through my home network with encryption.

Next time, I will have a WAN side proxy to allow devices to get on the WiFi network, not register with the access gateway, and use the proxy as the default gateway. This way we can use the wireless anywhere on the resort, not just in our room.

Paranoid, not really(in Cuba I was paranoid). I’m just cheap, paranoid was a simple addon to cheap.

TheFu highlights how, despite your best efforts sometimes the Wi-Fi hotspot can thwart you:

For quick access, an ssh SOCKS proxy to my home server(s).

For longer needs, like an evening in a hotel, OpenVPN.

If I can’t get either of those working, it is time to hit the hotel bar or watch some tube.

Out of 7 hotels I’ve stayed in the last 3 months, only 2 allowed any VPN/ssh access. Hotels are deploying invisible web proxies to prevent bandwidth hogs. These are not compatible with ssh or openVPN. I’m amazed at the number of fantastic hotels that don’t have in-room wifi too. I always bring a tiny, usb-powered, travel wifi router now.

The proxies are a real problem.

Hisa tried the tunneling and VPN solutions others highlighted, but found them lacking:

I have tried tunneling home and VPNs, but I could never get over the performance issues. So, prior to the Sprint hotspot for smartphones, I tethered. Now, I use the hotspot when I need it. It’s $30 for the month, but if you don’t use it the whole month, Sprint only charges you for the days you used it. And you can secure it too so no one else can hitch a ride. If I am feeling particularly paranoid, I will use TOR as well. Performance is great, even outside of the Sprint service area (thanks roaming – the minimal charges are worth it when your job depends on it). I had AT&T for a while and they had a similar feature though a bit more expensive but still well worth it.

For more tips, tricks, and suggested services, hit up the comment thread here.

Jason Fitzpatrick is a warranty-voiding DIYer who spends his days cracking opening cases and wrestling with code so you don't have to. If it can be modded, optimized, repurposed, or torn apart for fun he's interested (and probably already at the workbench taking it apart). You can follow him on if you'd like.

  • Published 06/1/12

Comments (3)

  1. fengshaun

    How would I go about doing what JC did? Are there any tutorials/explanations around the net that I can’t find?

  2. Johann

    In reply to Thefu’s comments about SSH tunnelling not being allowed in many hotels, I’ve been able to SSH tunnel out of every hotel I’ve ever stayed in using this technique:

    You are simply making your SSH connection look like normal web browsing. Unless they deploy a full-on MITM system to decrypt and inspect HTTPS traffic (which for God’s sake I hope no hotel does…) then it will work.

    I’ve not been inside a single network where this connection hasn’t worked for me and is useful to have at your disposal.

  3. TheFu

    How-to setup OpenVPN on dd-wrt routers:
    This is good for remote access when you are out and about “in the wild” with your laptop.

    For @fengshaun, if you want a router-to-router VPN like between relatives and your home system:

    DD-WRT firmware replacement rocks, provided your router is supported. Tomato is pretty cool as well. Some commercial routers come with DD-WRT pre-installed – many from Buffalo do

More Articles You Might Like

Enter Your Email Here to Get Access for Free:

Go check your email!