How to browse privately on public Wi-Fi for free
- — 03 March, 2011 11:25
If you're a mobile worker and like to go online using public Wi-Fi services, like those in coffee shops, you probably don't realize how insanely reckless you're being.
Public Wi-Fi is the worst kind of Internet connection. Data isn't encrypted as it flies through the air and, as the recent Firesheep debacle showed, it's incredibly easy for others using the same network to grab your login details for sites like Facebook
One method of protecting yourself is to use a browser extension like HTTPS Everywhere. This forces your browser to connect by default to a site's secure HTTPS server, but very few sites have one. You can also pay for VPN services but these can be slow.
In this tutorial I explain how to create a secure setup that'll stop anybody from snooping on your Wi-Fi-transmitted data, regardless of what type of Internet connection you're using. It won't cost a penny because we're going to use entirely free-of-charge software, although you'll need an old PC to act as a server and your Internet router will need to be able to work with a dynamic DNS service. (Most can, and if yours can't, you might find that a firmware update brings the functionality.)
The technique involves creating a secure shell (SSH) server on the old computer at home or work, through which you'll do all your Web browsing via an encrypted tunnel across the Internet.
It's not a perfect solution because DNS lookups are still done via the public Wi-Fi connection. Somebody could theoretically find out what sites you've been visiting, but this is unlikely.
The instructions are in four stages, the first three of which explain how to get everything set up.
Setting Up the SSH Server
1. Start by downloading the standard desktop release of Ubuntu Linux (don't download the server version unless you're experienced with the Linux command-line). I chose to install version 10.10 of Ubuntu. Install it on the old computer you're going to use as a server.
There's no minimum specification for the old computer, although ideally it should have 1GB or more of RAM. However, because it'll be an Internet-facing machine, you should remove any personal data, such as files contained in an old Windows installation.
2. Once installation has finished, get the new Ubuntu system online via Ethernet or Wi-Fi to your home or work router, and ensure it's fully updated (click System, then Administration, then Update Manager, and click the Check button, followed by the Install Updates button).
3. When updating has finished, open a command-line prompt (Applications, then Accessories, then Terminal) and type the following: sudo apt-get install openssh-server. Once the installation has finished, close the command-line window.
That's all for setting up the Ubuntu machine. All you need in the future before leaving the house to work remotely is to boot up the server and log in to your account to ensure the machine gets an Internet connection.
There's no need to run any additional software since everything runs in the background. If you don't mind the electricity bill, you could even leave the machine booted up 24 hours a day, but check the power saving settings to ensure the system doesn't go into sleep-mode (System, then Preferences, then Power Management).
Configuring Your Internet Router
1. You'll need to create a static domain name for your server, and configure your router to allow incoming connections, so we can always connect to it while out and about. Head over to Dyndns.com and create a free domain name (look to the lower-left of the Dyndns home page). You can choose just about anything for the DNS address -- I created keirthomas.dyndns-office.com, for example.
To set up the domain name you'll be prompted to create a new account at Dyndns.com, but this is free. Be careful when registering your new domain; Dyndns.com tries very hard to sell you paid-for accounts and often it can be hard to see the smaller links that setup the free stuff.
2. You'll know when the Dyndns account is fully set up because you'll reach a screen showing the host name alongside your router's public IP address.
However, you must now configure the dynamic DNS feature of your router so that it will always inform Dyndns of its public IP address.
How this is done varies from router to router so I can't provide a guide, but generally speaking you'll need to select Dyndns.com from a dropdown list within the configuration screen and enter both your Dyndns username and password, along with the host address you created (I entered keirthomas.dyndns-office.com, for example). If prompted, there's no need to set up multiple hosts.
3. You'll also have to create a firewall rule on the router to pass-through incoming SSH traffic automatically to your new Ubuntu server. Again, how this is done varies, so I can't provide a guide. Some routers refer to creating these rules as setting up application sharing. If you've ever created a firewall rule for online gaming or file sharing, then you'll know where to look in your router's configuration options because the SSH rule is essentially the same thing, although this time you must allow port 22 to pass through.
Configuring Your Laptop
1. Most of the hard work is now done. On the laptop you're going to use out and about, download and install PuTTY. PuTTY doesn't have an installation routine so you'll need to put the .exe file somewhere safe on your hard disk (such as in your Documents folder).
PuTTY does two things: It opens the secure tunnel to the Ubuntu server, and also runs a SOCKS proxy on your laptop that your Web browser will connect to in order to use the tunnel.
2. Start PuTTY and, in the tree view of configuration options on the left, click the SSH option under the Connection heading. In the new submenu that appears, select Tunnels. Under the Destination heading in the PuTTY dialog box, select the Dynamic radio button and in the Source Port text field, enter 8080. Then click the Add button.
3. Back in the tree view of configuration options in PuTTY, click the Session heading at the very top and, in the Hostname (or IP Address) field, type the Dyndns domain you created earlier (again, I would type keirthomas.dyndns-office.com). In the Saved Sessions text field, type a name so you can save your new configuration (something like SSH tunnel is fine). Then click the Save button.
4. The final setup step is to configure your browser, which involves setting it to work with a proxy server. For Firefox, installing the FoxyProxy Basic add-on allows you to quickly switch between using a proxy server and deactivating it when you're back at home. You can search for and install it using the Add-Ons window of Firefox (Go to Tools, then Add-ons).
7. Once FoxyProxy Basic is installed, select its entry on the Tools menu in Firefox and select Options on the submenu. Then, in the FoxProxy Basic configuration dialog box, click the Add New Proxy button.
8. In the dialog that appears, ensure Manual Proxy Configuration is selected and, in the Host or IP Address field, type localhost. In the port field, type 8080. Put a check in the SOCKS proxy? checkbox. Then leave everything else as it is and click OK. Close the FoxyProxy Basic dialog box.
Open the Tunnel Via Your Laptop
Setup is now finished. In future, before you leave the house or workplace to work remotely, first ensure the Ubuntu computer is booted-up and logged in, and then follow these instructions when you reach your destination.
1. Log in to the public Wi-Fi service you want to use.
2. Start PuTTY and select the new entry you created in the list of Saved Sessions. Then click the Open button to start the secure tunnel connection.
2. The first time you do this you'll be told that they host key is not in the registry. This is fine -- just click Yes in the dialog box that appears to add it. This dialog box will not appear in the future.
3. Every time you log in using PuTTY, a window will appear with the words Login As. Enter your username for the account you created on the Ubuntu computer, and the password, when prompted. You'll then log in to the new computer and be shown a command prompt, but there's no need to type anything, and you can minimise the PuTTY window. However, you must keep the PuTTY window open for the tunnel to work.
4. Start Firefox and select the proxy entry you created earlier from the FoxyProxy Basic entry on the Tools menu.
And that's it!
From this point on, you will be browsing via your very own secure tunnel. To check this, open another browser (such as Internet Explorer) and visit WhatsMyIp.com. This will show the public IP address of the Wi-Fi service you're using in the coffee shop.
However, visiting WhatsMyIp with Firefox will show a different IP address -- the one for your home or work router, which is feeding you the Websites via the secure tunnel. In other words, all your Web data is coming via this IP address, through the secure tunnel. To anybody snooping on the connection, the data will be nothing more than encrypted garbage.
When you've finished remote working, you can close the PuTTY window, and also switch Firefox back to a non-proxy connection by clicking the FoxyProxy Basic , then Completely Disable FoxyProxy entry on the Tools menu of Firefox.
Keir Thomas has been making known his opinion about computing matters since the last century, and more recently has written several best-selling books. You can learn more about him at http://keirthomas.com . His Twitter feed is @keirthomas .