71

I pay my neighbors to use their WiFi. They have listed me as Guest with a separate password from theirs. Is there any way to prevent them from seeing the sites I've visited? My browser history clears automatically. Since they're in charge of the router, can they always see in real time what I'm browsing as I'm browsing? I'm assuming they won't be able to see where I've been since my history clears.

stefan
  • 1
  • 8
Pat
  • 701
  • 1
  • 5
  • 5
  • 23
    Might be a silly question but did this become a partial trust scenario before or after you signed up to share internet? – Gusdor Jun 16 '14 at 10:35
  • Do you know what the model of their router is? If do do, someone could look up the manuals online and see if it has such a feature. – Ilmari Karonen Jun 16 '14 at 17:25
  • 6
    I'd go for a VPN solution if getting your own WIFI isnt an option. PureVPN is pretty cheap for standard anonymised VPN. – Chris McKee Jun 16 '14 at 22:02
  • 1
    Anything you can see in real time can also be logged to a a file for later viewing. Your browser history, on the other hand, isn't something your neighbors have access to unless they break into your PC. – Kaz Jun 19 '14 at 01:18
  • 2
    Use `https`; then your neighbors can only tell what sites you're connecting to, but cannot eavesdrop on what's actually being transported between you and the sites. For instance they can know that you're using online banking, but not what you're doing in that session. – Kaz Jun 19 '14 at 01:19
  • 4
    @Kaz They specifically asked for a way of preventing them from seeing which sites they've visited! –  Jun 20 '14 at 14:07
  • http://superuser.com/q/156869/13889 – endolith Aug 04 '16 at 04:20

12 Answers12

57

Yes they can but unless your neighbor has the required technical expertise, its highly doubtful.

To view incoming and outgoing traffic you need specific software to monitor network packets and the tech knowledge to actually do it. Most routers only keep a syslog and unless they are using software like wireshark to monitor/capture your packets, they cannot view the sites you have visited.

So unless he is a geek or a hacker (however amateur) there is usually nothing by default that records your traffic.

*Side Note: Clearing your browsing history is completely restricted to your local system and if they can/are monitoring, it will do you no good.

Alternatively, if your neighbor does have the required software and skills to monitor your traffic, you can use a proxy. By doing so the monitoring software will only show a lot of outgoing and incoming connections between you and the proxy, so even though they will know you are using a proxy, they can't see what sites you visited.

EDIT: as lorenzog correctly mentioned in the comments, for true sense of security and privacy, one should use a SSL Proxy to encrypt data sent and also tunnel DNS queries (which can be monitored by the router administrator) through the SSL proxy.

Community
  • 1
Abbas Javan Jafari
  • 1,916
  • 13
  • 31
  • 1
    I understood that all traffic is saved in the router for a time. So, you're saying URL's aren't saved there? And, are you saying even if they logged in with my password under"guest" they cannot see what site I'm looking at? – Pat Jun 16 '14 at 04:43
  • 2
    Most home routers don't log network traffic and even if they do, an average person cannot interpret them without the special software. How much tech skill doe you neighbor have? – Abbas Javan Jafari Jun 16 '14 at 04:48
  • 2
    I don't think he has much tech skill but I suppose he is smart enough to find out how to monitor me with equipment by searching the internet. But, I don't think he's that curious/suspicious of me. I don't have anything to hide but I do want my privacy. – Pat Jun 16 '14 at 04:51
  • 1
    I appreciate the answers I've received here. Thank you both. I now think I don't have anything to be concerned about. – Pat Jun 16 '14 at 04:53
  • The bad news is, if he actually does have the required skills, then he can monitor you traffic even if you are using your own personal router. Like I said above, use a proxy :) – Abbas Javan Jafari Jun 16 '14 at 04:54
  • 5
    My old router used to log every site visited. Seeing it was as simple as going to `192.168.0.1` and typing in a password (it was all in a user friendly list). However my new router doesn't do this so it may not be typical cc @Pat – Richard Tingle Jun 16 '14 at 08:56
  • 1
    @RichardTingle I actually did some digging myself and found out that some old routers do this. My new Cisco and TP-Link routers don't however. Do you have any idea as to why this is? – Abbas Javan Jafari Jun 16 '14 at 09:04
  • 2
    How exactly will a proxy help, seeing how you connect to that proxy via the same router? – dotancohen Jun 16 '14 at 11:30
  • 1
    @dotancohen A proxy helps because then the router registers a connection to the proxy, rather than the actual site, so while the person knows you used a proxy, they don't know what site you accessed through it – Dakeyras Jun 16 '14 at 12:15
  • Just want to re-insist what Dakeyras said; Instead of the sites you actually saw, he will just see a couple of connections to the same site/server (proxy) – Abbas Javan Jafari Jun 16 '14 at 13:12
  • 43
    I'm sorry to be picky but this answer is incorrect at best, and misleading at worst. First of all, suggesting a proxy does **not** improve the security because cleartext content will be sent to the proxy.. in cleartext. So the proxy should be a **SSL proxy**. Secondly, unless you tunnel DNS queries through the (SSL) proxy, the person in charge of the wifi can always see your DNS queries (which are sent in the clear). Thirdly, "special software" takes a few minutes to install. Fourthly, a false sense of security (because "usually this does not happen") is worse than no sense of security. – lorenzog Jun 16 '14 at 14:30
  • I advise you to read the requirements of the actual question first, and after that take a closer look at my answer. First of all the question (as mentioned by the person who asked) is more towards privacy rather than security. Secondly, I clearly stated that such monitoring is possible but the general population definitely cannot do this but I also implied that it's not that hard and an amateur geek with low tech knowledge can do it. Regarding your comment about a proxy not being secure without SSL I agree but I was hesitant to include it in the answer to avoid complication.I will fix it tnx:) – Abbas Javan Jafari Jun 16 '14 at 14:37
  • 6
    The word to google is "VPN". Get a service like StrongVPN, it's the same kind of thing that you would use at an open wifi hotspot (in a coffee shop, etc) to protect your privacy and browsing history. – Andrew Lewis Jun 16 '14 at 14:37
  • Just throwing this out there, Wireshark has all the information the OP doesn't want his neighbors to see, in (IMO) a very easily-readable format. I honestly don't think it takes much "tech skill" to be able to use Wireshark and read the data. Of course, it's not for everyone and it is very possible that the OP's neighbors are an old married couple who are still running XP and barely know what a 'URL' is. But then again they could be savvy users; I'm inclined to believe the latter simply because they set up a separate login for him in their router. – Chris Cirefice Jun 17 '14 at 20:32
  • Yes wireshark is quite easy to use. I never said it takes a security expert to do it, just saying that the average non-tech savvy person can't pull it off. Anyone with minimal experience can do it and that is why using a proxy/VPN is the only way to go. – Abbas Javan Jafari Jun 18 '14 at 02:27
  • 1
    My Netgear WNDR3400 logs all traffic: the client IP, domain name, and time of access. – Eric Lagergren Jun 18 '14 at 18:21
  • Yes there are modems that easily record that, even by default. However if someone can go into the router settings and view and then interpret the data (meaning someone with above average computer knowledge/curiosity), they can easily learn to use Wireshark which is also user friendly. – Abbas Javan Jafari Jun 18 '14 at 18:27
  • 1
    This is a terrible answer. Most new routers come with logging enabled. If someone wanted to snoop they wouldn't have to be a rocket scientist to figure out how this works on their router. If you think this is hard, then you are the guy who can't figure it out. The proxy doesn't help at all. Please list a full set of steps on what the OP needs to do to connect via a proxy without sending any information or making any DNS queries in clear text. How do you assume the person setting up the wifi is a total idiot and the end user is a tech genius? This answer is wrong. – blankip Jun 20 '14 at 14:30
  • 1
    I never said anything about the need to be a rocket scientist and I mentioned implicitly in the answer and explicitly in the comments that It does not require much tech knowledge and therefore it is NOT hard. I also said that you will need to tunnel DNS queries via a SSL proxy and that's the opposite of making DNS queries in clear text. PLEASE take the time to read the actual answer before criticizing it with no logical reason and please learn to speak with more respect. – Abbas Javan Jafari Jun 20 '14 at 14:39
  • @lorenzog, What's a good program to tunnel all requests (including DNS) via TLS? – Pacerier May 25 '15 at 07:06
  • @Pacerier the simple answer is, get a paid VPN service that guarantees tunneling DNS requests through them. The more complex answer depends on what OS you are using, how do you connect to your VPN provider, and so on. You can do it all manually by setting up a VM in the cloud and enforcing all your routes (static and dynamic) through it. – lorenzog May 25 '15 at 17:55
  • @AbbasJavanJafari sorry I just saw your reply to my comment. I think the rest of the discussion covers your objections, and other answers do a good job of clarifying further the OP's options. In the future please make sure to use the @ followed by the username as it is the only way to get notifications of replies on this site. – lorenzog May 25 '15 at 17:57
  • @lorenzog, No I mean I'm trying to setup it myself without a paid service or a VM. Is it "logically" possible to do this on a Windows host? – Pacerier May 26 '15 at 04:11
  • @Pacerier you need something to listen on the outside if you want to send encrypted traffic to it. Either a VM, or a friend's computer, or anything that is "outside" your own network. – lorenzog May 27 '15 at 13:45
  • This answer is super-bad. Everyone knows from watching the news/law and order that it's really easy to spy on wifi traffic. All the neighbor needs to do is spend a bit of time Googling to find free tools like ettercap or wireshark that have very friendly user interfaces for this kind of thing. There are probably even youtube tutorials on how to do it. This answer should be heavily-modified or taken down, IMO. – davidtbernal Jul 27 '17 at 02:23
48

If you get a VPN and use that for browsing, that will hide all your traffic from both your neighbour and their ISP.

pjc50
  • 2,986
  • 12
  • 17
31

What about using tor? Keep in mind that your speed will be affected.

As other people said, using any private mode in your browser is not going to be of any help.

EDIT :

The slowdown heavily depends on the network topology, the number of nodes, how much traffic the nodes are handling and what you are downloading. Here you can find some explanations about tor performances. Although old, it may be interesting.

stefan
  • 1
  • 8
rookie coder
  • 411
  • 3
  • 5
  • You might want to quantify how affected. I heard Tor was dail-up modem slow. – Frames Catherine White Jun 16 '14 at 11:50
  • 2
    @Oxinabox Tor performance has improved *a lot* over the last couple of years. – CodesInChaos Jun 16 '14 at 13:06
  • 2
    Keep in mind that the exist node can sniff all the (unencrypted) traffic. Tor only obscures the link to your original IP. – CodesInChaos Jun 16 '14 at 13:08
  • 1
    @CodesInChaos the problem is the entry node in this case, so tor should do the trick. – rookie coder Jun 16 '14 at 13:11
  • @CodesInChaos: the exit node can sniff the traffic, but AFAIK it cannot know where it comes from. – Burkhard Jun 17 '14 at 11:27
  • 1
    Isn't this solution way more complicated than getting a separate Internet connection? Looks like cracking nuts with a sledgehammer. And you never know when FBI will start monitoring you because "if you use tor, then you must hide something..." – Sam Jun 17 '14 at 11:32
  • @user49480: This sounds like the typical argument I often hear in favor of logging all communications (esp. here in Germany): "If you don't have something to hide, why care?". AFAIK nobody can know that you use tor (if used correctly). – Burkhard Jun 18 '14 at 06:56
  • @Burkhard that wasn't an argument but an irony. – Sam Jun 18 '14 at 09:02
  • DNS will leak information. I often look at the site folks are visiting by looking at my DNS cache (I run a DNS server locally). –  Jun 20 '14 at 15:24
  • @jww not if you use the tor bundle, afaik. It seems to me that the OP is only concerned about web surfing. – rookie coder Jun 25 '14 at 08:22
26

Yes they can actually. What it boils down to is that they can see which websites you are running by looking at:

  • Clear HTTP traffic
  • DNS requests sent

One thing you could do is purchase an encrypted VPN and run all your internet traffic through the VPN. This way your neighbours will not be able to see what you are doing.

Lucas Kauffman
  • 54,169
  • 17
  • 112
  • 196
  • 12
    On the other hand, whoever you've configured your VPN with *will* be able to see what you're doing. As with everything on the internet, it ultimately boils down to who you trust. – Shadur Jun 16 '14 at 08:55
  • @Shadur - if you're that worried, you could just set up your own VPN on a VPS; they're pretty cheap these days – sapi Jun 16 '14 at 23:57
  • 5
    @sapi Then that assumes you're able to trust the VPS host! – Bob Jun 17 '14 at 05:38
  • 4
    Maybe we should all just wear tin-foil hats and disconnect ourselves from the internet. – Lucas Kauffman Jun 17 '14 at 08:17
  • Note that some VPNs will still reveal which domains you visit. PrivateInternetAccess.com has a setting for "DNS Leak Protection‌​", which is defaulted to OFF on Windows. Even with a VPN, the practice of sharing WiFi is still risky since you're not behind a firewall (wrt your neighbors). – Logical Fallacy Jun 17 '14 at 19:54
13

When my laptop is using a network I don't control (basically anything that's not home) it wears pretty red socks to reroute all traffic into the SOCKS5 proxy built into OpenSSH and then to a server I rent anyways for my website to protect my traffic. You can use tor as well but I intensely dislike tor (for reasons off topic here).

This is the socks_up script:

socks_down
ssh  -o ControlMaster=yes -S /tmp/linode-socket -fCqND 8080 ssh@linode
sudo redsocks -c /usr/local/bin/redsocks.conf 
sudo iptables -t nat -N REDSOCKS
sudo iptables -t nat -A REDSOCKS -d 0.0.0.0/8 -j RETURN
sudo iptables -t nat -A REDSOCKS -d 10.0.0.0/8 -j RETURN
sudo iptables -t nat -A REDSOCKS -d 127.0.0.0/8 -j RETURN
sudo iptables -t nat -A REDSOCKS -d 169.254.0.0/16 -j RETURN
sudo iptables -t nat -A REDSOCKS -d 172.16.0.0/12 -j RETURN
sudo iptables -t nat -A REDSOCKS -d 192.168.0.0/16 -j RETURN
sudo iptables -t nat -A REDSOCKS -d 224.0.0.0/4 -j RETURN
sudo iptables -t nat -A REDSOCKS -d 240.0.0.0/4 -j RETURN
sudo iptables -t nat -A REDSOCKS -p tcp -o wlan0 -j DNAT --to 127.0.0.1:8081
sudo iptables -t nat -A REDSOCKS -p tcp -o eth0 -j DNAT --to 127.0.0.1:8081
sudo iptables -t nat -A OUTPUT -p tcp -j REDSOCKS
sudo iptables -t nat -I REDSOCKS -d 1.2.3.4 -j RETURN

You need to change the 1.2.3.4 to your server IP and ssh@linode to your server and user.

This is the socks_down script:

#!/bin/bash
sudo iptables -F
sudo iptables -X 
sudo iptables -Z
sudo iptables -t nat -F
sudo iptables -t nat -X
sudo iptables -t nat -Z
sudo killall redsocks
ssh -o ControlMaster=no -S /tmp/linode-socket -O exit localhost

This is the redsocks.conf file:

base{log_debug = off; log_info = off;
   daemon = on; redirector = iptables;}
   redsocks { 
     local_ip = 127.0.0.1; local_port = 8081;
     ip = 127.0.0.1; port = 8080;
     type = socks5;
   }

(and I know it shouldn't live in a bin directory. Oh well.)

chx
  • 615
  • 3
  • 13
13

In practice, it depends on the router they're using (and, specifically, on the firmware it's running). Basically all home WiFi routers have the technical ability to log visited URLs, as long as their firmware includes such a feature (and it's not exactly a complicated one). The main questions are:

  1. whether the router firmware supports such a logging feature, and
  2. whether the router's normal admin interface exposes it, e.g. as a "parental monitoring" function.

If you happened to know the manufacturer and model of your neighbors' WiFi router (which you might be able to determine just by typing its IP address — often 192.168.0.1 or 10.0.0.1 — into your browser's address bar), it should be possible to find its manual online and see if it provides such features. Otherwise, we can only guess.

(Note that, if your neighbors are using a separate DSL / Cable router and WiFi access point, either of those could be logging your web browsing habits. Also, if they wanted to, and had the necessary technical skills, they could route any traffic between the DSL and WiFi boxes through an ordinary computer that could certainly log any and all traffic passing through it. However, the most common home WiFi setup these days tends to involve a single integrated DSL+WiFi router, which would make it the only part of the connection between you and the ISP under your neighbors' control.)

As for hiding your web browsing habits from nosy neighbors, you'd basically have to tunnel it through the router in such a manner that the router can't see it. Some options for this include:

  • running a VPN client that connects to a server outside your neighbors' control;
  • configuring your browser to pass all web requests through a proxy server (which itself should be using HTTPS, otherwise your neighbors can still see all the traffic between your browser and the proxy);
  • setting up an SSH tunnel to a server you have SSH access to, and configuring your browser to use it as a SOCKS proxy;
  • configuring your browser to use the Tor anonymizing network (or using the Tor Browser Bundle).

Note that, with all of these options, whoever runs the VPN / SSH / proxy server you're connecting to could still see which sites you visit and, if you're not also using HTTPS, any content you're posting / accessing. This is even true for Tor, although, in that case, the server that actually sees your web traffic will be a random Tor exit node that should not, because of the "onion routing" design, have any idea who you are (unless, of course, the content of your web traffic itself reveals it).

Also note that simply using HTTPS as much as possible (e.g. with the help of HTTPS Everywhere), even without a VPN / proxy, will help your privacy somewhat: even with HTTPS, your neighbors can still see which sites you visit, but not the specific URLs or content of the pages you access on each site (at least as long as you don't accept any bogus certificates).

Finally, even if your HTTP(S) traffic is transmitted securely through a VPN or a proxy, your browser could still be leaking information about the sites you visit through DNS requests. A decent VPN client should take care of this for you, but if you're using a proxy server or an SSH tunnel, you may need to configure your browser correctly to prevent such DNS leaks. Fortunately, I've never actually seen a home WiFi router that would log DNS requests (or, at least, that would expose such logging through the normal admin tools), so monitoring those would require some extra tech skills from your neighbors.

Ps. If your neighbors aren't too tech savvy, there's always the possibility that they might've left their WiFi router's admin password at its default value. If so, and you're feeling unscrupulous enough, you could just look it up and try to log in with it to see if they have monitoring enabled (and, potentially, to monitor their web usage) — not to say that I'd condone doing any such thing, or that it would even be legal. Besides, if they've left the password unchanged, they'll probably have left the WiFi network unsecured too, in which case anyone else nearby with a WiFi-enabled computer could do the same. If that's the case, it might be more in your interests to carefully hint that they really ought to secure their network better, even if it'll cut down your (illegitimate) access too.

Ilmari Karonen
  • 4,386
  • 18
  • 28
1

They could view/log any traffic that is sent in plaintext (not encrypted) over their network. Clearing your browser history only affects your local computer, and has no impact on what has occurred on the network.

David
  • 15,814
  • 3
  • 48
  • 73
  • So, to elaborate on that, what information can be strongly encrypted by what means? Assuming the neighbor is sniffing packets, what would be needed to hide not only your bank account information, but also the IP addresses you're going to, and other "envelope information", etc.? Proxy? VPN? – Phil Perry Jun 16 '14 at 17:53
1

Unless you use a VPN to tunnel through their network, they can see your activity and the destination of your traffic, just like your ISP could. (They are effectively your ISP.)

If you want to avoid them being able to see everything you are doing, you must encrypt your communications across their network. If you use a VPN, they will be able to tell you are using a VPN, but all of your requests to the VPN will be protected and you will actually access the sites you are going to from the VPN end point which is outside your neighbor's network.

AJ Henderson
  • 41,816
  • 5
  • 63
  • 110
1

The only way to make it impossible for them to know what browsing you are doing is to use either a VPN or an SSL Proxy (things like Tor are a fancy form of proxy). Otherwise, they could potentially sniff the traffic as it passes through their router, and identify at least the hostnames you are connecting to, and (if it is not HTTPS) the actual URLs.

Of course, whether they have the technical knowledge or inclination to do this is another matter. Most routers will not include this sort of feature.

I'd say that, if you suspect them this much, and want to keep your usage secret, get your own Internet connection.

Steve Shipway
  • 241
  • 1
  • 5
1

As an alternative to VPN's and bundled secure proxying solutions, you can assemble a solution using just Secure Shell (SSH) and a HTTP proxy.

  1. Initiate an SSH session to a remote server where you have an account.
  2. As part of the SSH session, configure port forwarding: forward a local port on your machine to the address:port of some HTTP proxy which is reachable from the remote machine.
  3. Use the local port as your HTTP proxy for browsing.

Thus all you need is a remote machine with a shell account reachable by SSH, and a proxy somewhere (perhaps on that machine itself).

In Firefox, proxy settings are found on the "Advanced" configuration panel in the "Network" tab, under "Connection" ("Configure how Firefox connects to the Internet").

Kaz
  • 2,303
  • 16
  • 17
1

Here are the specific steps to get a simple, DIY setup running that will provide you 1) a solid approach that uses an SSL proxy and 2) will also tunnel DNS queries through the SSL proxy as well.

Bonus, you don't need to ask your neighbor to do anything (provided they're not actively blocking against this, which I'd doubt in your situation).

Here are the steps:

  1. Get a Shell Account - Sign up for a shell account (there are many good & cheap ones, I pay $5 a month for mine) and a many free ones with a wide range of quality (http://shells.red-pill.eu/). IMHO, you get what you pay for with free hosts, but YMMV. Nutshell, all you need is a username, password, and shell access to server. Keep in mind you also might already have one, through school, work, web hosting, etc.

  2. Get an SSH Client - On your computer, you'll need an ssh client. I use the one available on the command line of Mac OS X and Ubuntu. If you're using Windows, use Cygwin to install ssh. Either way, it's the same command and syntax:

    ssh -l username yourshellaccount.com -D 8080 -N

    (Note: 8080 is a port number, you can change this to something else if you need. Which ever number you choose, you'll need it for Step 3).

  3. Get FoxyProxy - Get FoxyProxy for FireFox (free plugin). The steps to configure FoxyProxy are pretty simple and headache free. When configuring the plugin, you'll need to reference the details from Step 2 above. Nutshell here, you're telling FireFox to route it's requests through the ssh tunnel you created in Step #2. FoxyProxy also has a checkbox that allows you to "[x] Perform remote DNS lookups". Check this box to perform the DNS lookups on the remote server.

That's it. You can have all of this up and running within a matter of minutes. All traffic is encrypted between your system and the remote server, when browsing the web through FireFox. The remote server is now the one making all HTTP requests, DNS lookups, etc.

Note: I said it already, but worth highlighting, that only your Firefox web browsing is tunneled. It's not doing anything else. This, IMHO, is a benefit of this approach given what you're trying to accomplish. If you're curious about what this is doing and how it works, use this wikipedia article to get started.

Bill
  • 111
  • 3
0

Use uProxy to encrypt your traffic and proxy it through a trusted machine elsewhere, owned by yourself or a friend.

This is probably safer than Tor, because there's less chance of malicious exit nodes, and less chance the destination will block your traffic. And there's zero cost, unlike a commercial VPN.

poolie
  • 303
  • 1
  • 8