On Sat, Nov 01, 2014 at 05:42:36PM -0400, Michael Butash wrote: > Your wireless doesn't initiate any security upstream to the > internet, only making sure your neighbors aren't watching what > you're looking at on the internet. Trivial without any encryption, > gradients harder based on your choice of router and/or encryption. > Use wpa2 with aes (not tkip) with a complex password, you're good > (for now). That's what my set up is at present. > > VPN only encrypts you to a gateway of your choice and NAT's you out > their address to the world. Usually work or other admin function, > but others use these to hide where they bittorrent movies from so > media cartel ambulance chasers go fish in a foreign country and > service that doesn't keep your origin IP logs (in theory). If you > vpn to something, and connect to a website unencrypted, someone can > still see what is contained in your packets to be able to reassemble > them if when they hit government black box collectors off optical > taps at all your favorite ISP's. > > Tor is *like* this, but egressing and NAT'ing you out any number of > random gateways that people donate bandwidth (and liability) to. > > Tor and vpn's are more about hiding your IP identity, which with a > court order is trivial to get your ISP to tell them who you are > (almost trivial it seems even without these days). > > If you want to secure data, you need end to end encryption, so make > sure everything you connect to uses some kind of ssl, tls, > encryption, etc - no router will save you. Https on web pages, ssh > on admin sessions, etc (look for "https everywhere" plugins for your > browser). I think I was slowly coming around to that idea. Thanks for the kick. What was confusing me was that Stephen Partington's reply talked about turning on security and I was going nuts trying to find out how for my *wired* connection, which was the subject of my post. > Sadly there are still a lot of crappy applications that > talk to the internet that do NOT use encryption on their socket > connections to send data. Figure out which, and banish them from > your routines/usage. Dandy, but looking at source code tells a nonprogrammer (me) little. I guess I'll just coast along with https for the important stuff even tho I've read that it can be spoofed. -- Bob Holtzman Giant intergalactic brain-sucking hyperbacteria came to Earth to rape our women and create a race of mindless zombies. Look! It's working! --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss