When I started writing this bullshit blog about anonymity and privacy, I wasn’t really expecting for people to spend some time reading about privacy, vpn or staying anonymous. But I am glad that there are real real people who read these and take a moment to send feedback. Thanks to rafaleon from http://hackabean.blogspot.co.uk. He asked me if I could write about VPN clients for routers. Yes I promise I will come back to the blogs with a post about how to configure VPN on routers. If you guys have no idea about what I am trying to tell you, read the earlier posts in this series.
I started off this blog midway. I know I haven’t wrote another post in the last week. I won’t apologise for it. My day job became a little stressful all of a sudden and I decided to take a break from blogging for a week. Oh what my day job is? I look into web applications for security vulnerabilities.
I admit to the fact that I have a half cooked blog about VPN routers in my machine. But while I was writing about that, something sparked in my head. When I was writing about configuring the VPN client on to the router, it suddenly occurred to me, how many of the actual people do change the default credentials on the routers that is provided by the ISP. Which in turn gave me few more ideas about what all are there wrong about the day to day things. So I decided to cover the VPN-router in another blog.
But wait, what am I going to write now?
Yea, I know I know, I am acting too weird, saying too much bullshit. But this bullshit is what I am made of, its part of me and my life so if you feel like there is too much bullshit here, maybe you should wear a mask to avoid the stench.
I like this way of talking, first person, third person, IDK which person but I had been like this for a long time now. And the fun thing is when I started watching Mr.Robot and Elliot’s friend, it kind of made sense (for me). Trust me I am not saying that I am like Elliot Alderson, I am not even a percentage of a hacker he is, but I am saying about the paranoia and talking to myself thing.
Yea, common privacy issues: No more topic deviation this time. I promise.
I am going to ask you a few questions, when I say finger countable. I want you people to sit back and ask yourself if this is what you do. If so, then it is way past time you started thinking about it and change your habits.
[Edit: Instead of writing a mile long post, I Am dividing this into two posts, for the ease to read]
Privacy Question 1.
The browsing pattern matters. If I am to bullshit about this, I have to say too much about it. But I will try to keep it in the box.
In one of the previous blogs I asked you guys, how in the hell google know that you looked for penis enlargement pills so that they are showing you an ad next time when you are in a site?
They would even offer you a discount (may be after seeing your condition ;P).
Oh, yes when I ask you a question or tell you something, do you actually really go ahead and look into that topic over the internet? Or do you just really read what I say, then take a deep sigh and move on? Really? Fuck you…
There is something called tracking. User tracking they termed it. They do this tracking to provide you “better” service. What is the better service? Telling you that you will be given penis enlargement pills when you are trying to read about anonymity? Or show you ads of things that you were window browsing or had been adding to your wishlist all day?
I agree all of it is good. Yea, we don’t have to bother when a favorite thing is getting at a slashed price. But you have to understand the fact that given enough information like this they will be able to profile you. What kind of a person you are and what are the things you like. What if tomorrow when you have a parking ticket or a speeding ticket and you have to go down to the precinct and suddenly the people there know all about your fetish, your last condom flavor and what is the right Tyre size for your car? Omg, that’s too much… yea maybe you might think I exaggerated a bit there, but not really. If someone intent to retrieve all those information from you, they really can. But it is a totally different story.
So, about these in-private browsing and incognito windows. What are they for. Well, they are really a blessing. What they actually do is, when you open one of such windows, I will call it a “Secret Mode” the browser actually starts an entirely different version of the browser that do not track you with cookies or anything. The best thing about the secret mode function is that, even when you are logged in into your Gmail or Facebook in the first tab of your browser, you can use an entirely different browser window and browse as if these two do not have any relation. And the benefit? First – less memory consumption, second – it’s just a shortcut away.
Privacy Question 2.
In the blog I was writing, I was about to tell you people about how to configure the VPN client on the router that you own, I wrote, login into your router and… I paused. Yea right… How many of you have actually done that over the period of several years you had been using the internet?
Do you actually even know such a thing exist? I mean, some of you might have the internet credentials, which you need to put into those boxes to remove the restrictions in the connection and check usage and other details.
But there are actual credentials that we use to login into the router. Router – the small device with the antenna and blinking lights that you eventually kick when the net connection is out…? Ring a bell?
The fun thing about the routers provided by the ISPs are they all contain default credentials. When I mean credential I mean username password. And the fun thing is, most of the credentials are just like “admin:blank”, “blank:admin”,”admin:admin” which varies depending on the router manufacturer.
But how to.. I mean… Reach the router? I mean seriously what am I going to expect in a router?
How to? : Well, connect to your home network and issue the ip 192.168.0.1 (most of the times, might vary with the device). It will ask you for the username password which if you have not changed will be one of the defaults. You can change those in the settings and reboot the device.
What is the problem associated with all these messy steps? The fun thing about the router configuration is, most of the configurations are accessible through your public IP. Which means, if you go ahead and ask google “Ok Google, what is my IP” it will give you back an IP address that which is your public IP. If you issue that IP in the browser window, it will give you the router login screen. If you have the defaults there, an attacker can simply login into your router, see what all devices you have connected to the internet, which of them can be hacked easily, he can get your wifi password, he can even set a DNS of his own and lead you to pages of his own desire as he wish.
I know this is too much. But… let’s go, change your defaults now.
Privacy Question 3.
How many of you have changed your WiFi password after you got the router?
Yup that is the question of the year. If you had this question straight then the second question might had made sense. Have you actually ever changed your wifi password? Or is it still the same old “AKJHASIZHZ” given by the Sky or BT? Seriously? Well, damn you, you are doing it wrong. Why change it? Why changing it is urgent? I will cover that in another blog but for now, find your router login first and change it and then change the wifi password with immediate effect.
Privacy Question 4.
Are you really curious about “What this girl did to her boyfriend was unbelievable” ? Yeah well me too, but not as much as you are.
Do you really know what happens when you click such a URL. Yea, I know you will be directed to a page with a so called believable story which says what this girl did was so and so things or may be an advertisement that would just lead into a site which sells a Viagra or something else.
But the question is, is that all that happens? Are you sure? Because in my humble opinion this could lead you anywhere including a place you would never want to be. Sometimes Such a link might lead you into a page which downloads a piece of software that you might accidentally click on or the browser may prompt you to install a plugin that is needed to run the website. But when you do it, if you do it, how much sure are you that you are installing a legitimate software? It could be a malware, a Trojan or even an application that is designed to spy on you, taking away important things from your browser.
Privacy Question 5.
Install application downloaded from unofficial stores?
When I say store, it could just be any store. It could be an alternate play store for Android or Apple Store, could be a download from Sourceforge or any site that claim to distribute a version of a software.
Yeah, I know, sometimes we all have to rely on pirated softwares because the licensed ones are heavily priced. So all what we know is that type into Google “software cracked with keygen”. We will be surely shown with a hundred sites that distribute the so called heavily priced software for free. Sometimes make me wonder why all these people should not be awarded with a Nobel prize for social service. Cracking all these softwares and supplying it to the third world internet users.
Are they really doing a social service? I don’t mean to discredit all the people who do that, but I am just saying a good percent of them are malwares. Sometimes even the readme would say you have to disable the anti-virus first because the keygen might be shown as a virus, and for the sake of using the wares, we just do as they say. Are you sure you didn’t just leave your computer open to someone who can peek into your web camera and turn on your mic?
Coming up: 10 Bleeping questions for you Part 2