Privacy

44073 readers

361 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 6 years ago

MODERATORS

How's my network privacy? Should I switch from a commercial router to PFsense or something? (lemmy.ml)

submitted 1 month ago by HiddenLayer555@lemmy.ml to c/privacy@lemmy.ml

6 comments fedilink hide all child comments

I use Linux on all my personal computers and privacy respecting ROMs on phones, and Pi-Hole, but a part I haven't really taken a look at is my network at home.

I currently have my ISP's smart router in bridge mode connected to a brand name Wi-Fi 6 router with a wireless "mesh" range extender. I really like the range extender because it has an Ethernet port so it's basically a "free" Ethernet plug for that room connected to a high power Wi-Fi transceiver that's faster than a lot of on board Wi-Fi antennas.

But I feel like it's probably not the best thing privacy and security wise? I already don't use the app and luckily it still has a web interface for management, but I don't know how secure the firmware is or if it has any corporate "analytics" or not. I'm thinking a PFsense or similar router software on Linux box to connect to the bridge port of my ISP's router since I was told the "Ethernet" cable connecting from it to the fiber modem won't work with a store bought router, I assume it has some kind of DRM?

I already have an old PC in mind to convert to a router. I assume I could just use the onboard Ethernet port to talk to the router and add my own USB NIC to connect to the main switch?

I don't know what to do for Wi-Fi though, could I buy two dedicated access points and put them on different floors, and have them both connected to the wired network? How hard would it be to have those be the same Wi-Fi network and have devices actually switch between them depending on location?

Also, most of my NICs and switches are from the thrift store or eBay for higher end used server parts. Is that bad? As in how worried should I be about the firmware running in those being tampered with by whoever owned it last?

you are viewing a single comment's thread
view the rest of the comments

[–] truthfultemporarily@feddit.org 0 points 1 month ago (1 children)

It depends on your threat model or how I like to call it: the paranoia level. Since all connections go through the ISP router anyway you won't really gain that much privacy unless you directly put a VPN on your router.

Here is what you could potentially stop leaking:

MAC addresses of your devices
DNS queries if you use unencrypted DNS

Also theoretically, the router could be an entry point to do attacks against your devices.

People who use pfsense mostly do that because they want more features. For example I have an IoT VLAN that cannot talk to the internet.

For privacy the simplest thing would be to try and put a custom firmware on your WiFi router, like OpenWRT.

Everything else is a bit of an overhaul. And in the end, you always have to trust that the WiFi access points manufacturers firmware does not exfiltrate data.

Also, I would just try plugging in to the modem and see what happens. Most likely you're just wasting power right now with that ISP router.

[–] HiddenLayer555@lemmy.ml 1 points 1 month ago* (last edited 1 month ago)

Since all connections go through the ISP router anyway you won’t really gain that much privacy unless you directly put a VPN on your router.

I'm more concerned about local network traffic to and from my home server, especially over Wi-Fi. Most of it is SSH but there are still some unencrypted HTTP (and proxy) traffic.