Reply
 
Thread Tools Display Modes
  #1  
Old 11-16-2017, 05:44 AM
GreedySmurf GreedySmurf is offline
Guest
 
Join Date: Jan 2007
Location: London, England
Posts: 1,514
Landlord owned router - security?

Were in the midst of signing leases etc for a new place were moving to. An interesting approach is a single monthly payment to the property managers which covers all utilities, (council tax, power, water, & broadband). FYI, this is not a share flat, its a one bedroom flat in a new build high rise.

Its the broadband that Im a bit wary of. Reviewing the lease the terms include a commitment that we will not access anything illegal, nor use the connection to breach copyrights. IE no pirated downloads. So I can understand that, as presumably the broadband connection is a commercial account and any C&D letters would go to the landlord/management company.

So far so good. However the lease goes on to stipulate that the landlord reserves the right to monitor specific usage of the broadband service, given that the broadband account will not be in our name, presumably they own the router, and I am now concerned about using online banking through the WiFi.

I am totally OK with VPNs, and use one occasionally now, but if I understand correctly a VPN is only helpful from the router out into the wilds of the net, and will not help if the vulnerability is at the router? Is that correct? Should I be concerned? Could a monitoring system at the router log more than just the site visited, account IDs & passwords for example? If so, any suggestions to protect my data privacy if I assume there is some kind of monitoring system in the router?

Thanks for any opinions or suggestions.
  #2  
Old 11-16-2017, 05:58 AM
WilyQuixote WilyQuixote is offline
Guest
 
Join Date: Oct 2013
Location: Cape Town, South Africa
Posts: 417
Doesn't look like a good idea for either landlord or tenant:

http://ask-leo.com/is_the_wifi_conne...ct_myself.html

https://blog.upad.co.uk/blog/the-upa...ss-in-the-rent
  #3  
Old 11-16-2017, 06:44 AM
psychonaut psychonaut is offline
Guest
 
Join Date: Apr 2001
Location: Europe
Posts: 5,140
Quote:
Originally Posted by GreedySmurf View Post
I am totally OK with VPNs, and use one occasionally now, but if I understand correctly a VPN is only helpful from the router out into the wilds of the net, and will not help if the vulnerability is at the router? Is that correct?
That depends on whether you're running the VPN client on the router or on your own computer (or other device) that connects to the router. The latter is the more common setup, in which case the router isn't going to know which sites you are visiting or what data you are transferring. So as long as you trust the security of your VPN software and the privacy of the VPN service provider, you don't have anything to worry about.

Mind you, you might not even need to use the VPN for much of your browsing. Things like online banking are conducted through protocols that are already secure and mostly private. Whoever controls the router would know what online banking website you are connecting to, but they wouldn't be able to eavesdrop on the traffic between you and the bank.
  #4  
Old 11-16-2017, 09:20 AM
manson1972 manson1972 is offline
Member
 
Join Date: Jan 2004
Posts: 5,152
Quote:
Originally Posted by psychonaut View Post
Things like online banking are conducted through protocols that are already secure and mostly private. Whoever controls the router would know what online banking website you are connecting to, but they wouldn't be able to eavesdrop on the traffic between you and the bank.
Once whoever controls the router knows what banking website you are connecting to, they can set up a fake site to resemble it and then just redirect your traffic there.
  #5  
Old 11-16-2017, 09:27 AM
kanicbird kanicbird is offline
Guest
 
Join Date: May 1999
Posts: 18,400
Sort of a weird workaround which is sure to have bugs, but you can use a wireless bridge attached to a separate router which you can secure.
  #6  
Old 11-16-2017, 10:48 AM
psychonaut psychonaut is offline
Guest
 
Join Date: Apr 2001
Location: Europe
Posts: 5,140
Quote:
Originally Posted by manson1972 View Post
Once whoever controls the router knows what banking website you are connecting to, they can set up a fake site to resemble it and then just redirect your traffic there.
Not really. This is the whole point of SSL certificates. If whoever controls the router tries to do this, your browser should pop up a very conspicuous warning dialog telling you that the site's certificate doesn't check out. Of course, if you're in the habit of dismissing security warnings without reading and understanding them, then I suppose this trick might work.
  #7  
Old 11-16-2017, 11:12 AM
manson1972 manson1972 is offline
Member
 
Join Date: Jan 2004
Posts: 5,152
Quote:
Originally Posted by psychonaut View Post
Of course, if you're in the habit of dismissing security warnings without reading and understanding them, then I suppose this trick might work.
Most people do this. That is why the fake website collecting your credentials works. Usually started by sending a phishing email with a fake link, but control of a router makes it easier.
  #8  
Old 11-16-2017, 01:11 PM
iamthewalrus(:3= iamthewalrus(:3= is offline
Guest
 
Join Date: Jul 2000
Location: Santa Barbara, CA
Posts: 10,578
Quote:
Originally Posted by manson1972 View Post
Once whoever controls the router knows what banking website you are connecting to, they can set up a fake site to resemble it and then just redirect your traffic there.
No they can't.
__________________
A full list of this post's Associate Producers is available on written request.
  #9  
Old 11-16-2017, 01:14 PM
md2000 md2000 is offline
Guest
 
Join Date: Feb 2009
Posts: 13,235
Yes, a VPN client on your PC will send encrypted data out from the PC to the VPN company's router. Basically, anyone eavesdropping will see a packet that says "from Me, to VPN, here's a package of encrypted data". The VPN provider then spews the data unencrypted out the other side onto the internet, appearing to come from them not you.

Of course, if you're the type who has their PC's sharing data with each other, no password needed, anyone else on that Wifi can also find and read your shared folders. This is why when you connect to a new Wifi, the computer asks if this is home or public. Home, you think everyone on the nework is supposed to be on it and able to access shared date. Public, like in Starbucks, you don't want to be sharing data. if you are excessively techno-immersed, you probably want to set up your own router and connect the external port to either the wired or wifi provided. Note this still does not protect your traffic from inspection. HTTP data can be read from the packets. HTTPS is encrypted - that is, the data is encrypted but the destinations are not. Nor are the port numbers, which indicate what sort of traffic this is, typically. And of course, you started the conversation by querying the DNS "what is the IP for straightdope.com?" so the person monitoring your traffic externally will see encrypted traffic going to that IP and know it is for this website... All the more reason for a VPN where even that request is sent to the VPN site totally encrypted.
  #10  
Old 11-16-2017, 01:20 PM
manson1972 manson1972 is offline
Member
 
Join Date: Jan 2004
Posts: 5,152
Quote:
Originally Posted by iamthewalrus(:3= View Post
No they can't.
Yes they can.
  #11  
Old 11-16-2017, 01:31 PM
thelurkinghorror thelurkinghorror is offline
Guest
 
Join Date: Jun 2006
Location: Venial Sin City
Posts: 12,436
I'll bet they're still using the default password. It's usually something like admin / password depending on router brand. Not sure what information you'd get if they are monitoring through there, though.
  #12  
Old 11-16-2017, 01:54 PM
gnoitall gnoitall is offline
Guest
 
Join Date: Jul 2009
Posts: 5,235
Quote:
Originally Posted by manson1972 View Post
Yes they can.
It's true, but it's more broadly true. If your landlord isn't MITM*-ing you, his upstream provider might. If not, their backbone provider could.

You have to decide who you trust, and how much.

*For those not involved with network security: MITM == "Man in the middle attack". A hostile network element (such as a rogue router) puts itself in the path through which data must pass, and uses its position to alter or redirect that data. A non-trustworthy network intermediary.
  #13  
Old 11-16-2017, 02:11 PM
gazpacho gazpacho is offline
Guest
 
Join Date: Oct 1999
Posts: 5,627
Quote:
Originally Posted by psychonaut View Post
Not really. This is the whole point of SSL certificates. If whoever controls the router tries to do this, your browser should pop up a very conspicuous warning dialog telling you that the site's certificate doesn't check out. Of course, if you're in the habit of dismissing security warnings without reading and understanding them, then I suppose this trick might work.
Recent versions of chrome and probably the other browsers are making it really difficult to bypass incorrect SSL certificates. You really have to read the error web page to find how to dismiss this error. And it is a multi step process.

This is sort of a pain for administering my router. I would like to have the router web page as an encrypted web page. But since it is my local router it does not have a signed certificate. I have to click advanced which opens an other link to allow me to ignore that the certificate is bad then I can proceed.

I just found a good resource for all the certificate errors so you can see what sort of thing pops up under various circumstances.
https://badssl.com/
https://wrong.host.badssl.com/ is what you will probably get if in a man in the middle attack.

Last edited by gazpacho; 11-16-2017 at 02:14 PM.
  #14  
Old 11-16-2017, 02:22 PM
manson1972 manson1972 is offline
Member
 
Join Date: Jan 2004
Posts: 5,152
Quote:
Originally Posted by gazpacho View Post
I would like to have the router web page as an encrypted web page
Out of curiosity, why do you want this?
  #15  
Old 11-16-2017, 02:25 PM
gazpacho gazpacho is offline
Guest
 
Join Date: Oct 1999
Posts: 5,627
Quote:
Originally Posted by manson1972 View Post
Out of curiosity, why do you want this?
Mainly so that the login credentials to the router are not flying though the air encrypted.
  #16  
Old 11-16-2017, 03:07 PM
manson1972 manson1972 is offline
Member
 
Join Date: Jan 2004
Posts: 5,152
Quote:
Originally Posted by gazpacho View Post
Mainly so that the login credentials to the router are not flying though the air encrypted.
I assume you mean unencrypted. But if you are using wi-fi, isn't the transmission already encrypted via wi-fi encryption protocols?
  #17  
Old 11-16-2017, 03:35 PM
jnglmassiv jnglmassiv is online now
Charter Member
 
Join Date: Nov 2002
Location: Chicago's Northside
Posts: 2,537
If OP has physical access to the router(and it's not integrated with the modem), I'd just unplug it and use my own.
  #18  
Old 11-16-2017, 03:45 PM
nightshadea nightshadea is offline
Member
 
Join Date: May 2001
Location: a condo in hell 10th lvl
Posts: 2,545
I wouldn't go for it on general principal .... I mean the minute I decide to add the new star wars arcade rom build to my (extremely huge)MAME collection I can be cut off / kicked out ? just no ...
  #19  
Old 11-16-2017, 03:47 PM
gazpacho gazpacho is offline
Guest
 
Join Date: Oct 1999
Posts: 5,627
Quote:
Originally Posted by manson1972 View Post
I assume you mean unencrypted. But if you are using wi-fi, isn't the transmission already encrypted via wi-fi encryption protocols?
Yes I have WPA2 but anyone connected to the router has the keys to decrypt the traffic. There are a fair number of internet connected devices in the modern person's home. TVs have wifi connection for streaming. Alexa's and Google homes, chromecasts, rokus etc. All of those have access to the wifi that is a lot of attack surfaces that you have access to the wifi traffic. If one of those is compromised it should not be easy to allow that compromise access to the router by sending passwords in the clear. It just does not make sense to send anything in the clear anymore.
  #20  
Old 11-16-2017, 03:58 PM
manson1972 manson1972 is offline
Member
 
Join Date: Jan 2004
Posts: 5,152
Quote:
Originally Posted by gazpacho View Post
Yes I have WPA2 but anyone connected to the router has the keys to decrypt the traffic. There are a fair number of internet connected devices in the modern person's home. TVs have wifi connection for streaming. Alexa's and Google homes, chromecasts, rokus etc. All of those have access to the wifi that is a lot of attack surfaces that you have access to the wifi traffic. If one of those is compromised it should not be easy to allow that compromise access to the router by sending passwords in the clear. It just does not make sense to send anything in the clear anymore.
Fair enough. You can buy a certificate for yourself and install it on your router to avoid that prompt every time.
  #21  
Old 11-16-2017, 04:26 PM
caligulathegod caligulathegod is offline
Guest
 
Join Date: Aug 2003
Location: Columbus OH
Posts: 451
It's a nice perk to have free broadband, but if it's a concern, you can always just bypass the whole thing and get your own broadband. If you can get your own cable TV, you can get your own broadband.
  #22  
Old 11-16-2017, 05:35 PM
t-bonham@scc.net t-bonham@scc.net is offline
Guest
 
Join Date: Mar 2003
Location: Minneapolis, MN
Posts: 13,553
Quote:
Originally Posted by caligulathegod View Post
It's a nice perk to have free broadband, but if it's a concern, you can always just bypass the whole thing and get your own broadband. If you can get your own cable TV, you can get your own broadband.
That's not always possible.
I have several friends who live in high-rise buildings, where residents are not allowed to have any company add wiring to their units -- they are required to use the installed service. And the building has an agreement with one broadband provider that they get the exclusive right to service units in the building. So unless the residents get a wireless link (which can be difficult connections in a high-rise building), they are stuck using the building-provided broadband.
  #23  
Old 11-16-2017, 06:44 PM
md2000 md2000 is offline
Guest
 
Join Date: Feb 2009
Posts: 13,235
The simplest safest is, if you have physical access to the router - connect your router in cascade-your WAN connects to a wired LAN port of the landlord’s router. After all they must have some provision for those real computers that don’t have wifi, just copper connection. Or, because the wifi signal sucks in some spots.

If you try to swap out the owners router, you may need to know login information for the ISP service. (DSL typically)
  #24  
Old 11-16-2017, 11:36 PM
si_blakely si_blakely is online now
Guest
 
Join Date: Jul 2002
Location: UK
Posts: 4,893
The site-provided router can do almost anything to your connection if it wants to (processing capability notwithstanding).

It can provide false DNS responses, so that your requests to find www. bank.com go to dirty hackers IP.
It can intercept DNS requests to external DNS providers (Google DNS/OpenDNS) so that won't help you either.

It can intercept (and modify) unencrypted traffic (HTTP, SMTP, POP/IMAP).
It can redirect encrypted traffic if it wants (HTTPS, SMTPS, IMAPS).

You cannot stop any intervening network device from doing these things, anywhere.

BUT ...

It cannot redirect HTTPS/SMTPS/IMAPS traffic to different servers without causing a certificate error unless the certificate/key has been stolen or a Certificate Authority has been compromised.
It cannot inspect or modify encrypted traffic without having installed a trusted certificate on your local device. For this to happen in a global sense, this would require a major compromise in the Certificate Authority.

There are SSL inspection devices that companies install to monitor outgoing HTTPS conversations. They require a specific root certificate to be installed on all the company machines. The SSL inspection device intercepts a request to https://www .mybank.com. The inspection device then connects to https://www .mybank.com and gets the presented certificate. It then forges a new certificate for www. mybank.com signed by the CA for which the client has a root certificate, and passes that to the client. The client verifies the forged certificate against the supplied root certificate, and opens a connection to the inspection device. The inspection device decrypts the traffic, examines it, possibly logs it, and then passes it through it's own encrypted connection to https://www. mybank.com.
The only way this can work without a browser certificate error is the presence of the root certificate on the client device.

There are some mechanisms proposed that can prevent even this sort of trusted MITM inspection.
HTTP Public Key Pinning was one, but it was not well supported and seems to have died.
DNS Certification Authority Authorization has been recently been made mandatory, but will have to rely on DNS over TLS to be safe.
  #25  
Old 11-17-2017, 10:23 AM
md2000 md2000 is offline
Guest
 
Join Date: Feb 2009
Posts: 13,235
Quote:
Originally Posted by si_blakely View Post
The site-provided router can do almost anything to your connection if it wants to ...
So can any router, or any point in the intermediate chain. Your best bet to avoid this is - again - a VPN tunnel from a trusted point - your PC or your own router - to a reliable commercial VPN service. The higher up the internet food chain you go, the less likely traffic can be compromised and the less likely it can go undiscovered for any length of time.

A VPN, as mentioned previously, is a totally encrypted tunnel from your trusted point to the VPN point. All the intermediate routers see is "I have a packet of encrypted data from me to VPN". Even your DNS requests are part of this encrypted traffic. Since the connection is established between the two sites, like mentioned for other traffic it would take an interesting compromise of certificate authority to allow someone to imitate the VPN endpoint.

So you have to ask - what is your goal? If you think someone is playing deep hacker games with your traffic, don't use it, however you avoid it. If you want to do something the landlord disallows - use a VPN. If you just don't like the idea that the landlord - or someone else in the building - is watching your traffic, tracking what you do and which websites - use a VPN. If your concern is that using someone else's network means your network, devices and shares are open and visible to others -landlord or tenants - cascade through your own router with your own security. (Many networked non-PC devices come with no security or default passwords.)

A PC believes a certificate when it says "I am XXX" if the root for that certificate (or that certificate) is in the root certificate store for that PC. Enterprises accomplish this through use of domain policy and domain administrator rights to push the necessary certificate to the PC's in their domain. So if someone wants to fake a certificate without warning you, they have to have administrative rights and access to your PC. If they get this far, a fake root certificate is the least of your worries.

Last edited by md2000; 11-17-2017 at 10:26 AM.
  #26  
Old 11-17-2017, 10:39 PM
LSLGuy LSLGuy is online now
Charter Member
 
Join Date: Sep 2003
Location: Southeast Florida USA
Posts: 20,660
Quote:
Originally Posted by t-bonham@scc.net View Post
That's not always possible.
I have several friends who live in high-rise buildings, where residents are not allowed to have any company add wiring to their units -- they are required to use the installed service. And the building has an agreement with one broadband provider that they get the exclusive right to service units in the building. So unless the residents get a wireless link (which can be difficult connections in a high-rise building), they are stuck using the building-provided broadband.
Not really.

The point is that if they have wired cable TV to their unit (good bet) they can choose to buy internet service over that cable as an add-on and then connect their personal internet router to that wired service.

Thereby avoiding the building's untrustworthy wifi.

It still remains the case that ultimately we have to trust every single machine between us and the other end. But going the way I describe removes one layer of untrustworthy gear close to you.

Last edited by LSLGuy; 11-17-2017 at 10:39 PM.
  #27  
Old 11-18-2017, 12:05 PM
caligulathegod caligulathegod is offline
Guest
 
Join Date: Aug 2003
Location: Columbus OH
Posts: 451
Quote:
Originally Posted by t-bonham@scc.net View Post
That's not always possible.
I have several friends who live in high-rise buildings, where residents are not allowed to have any company add wiring to their units -- they are required to use the installed service. And the building has an agreement with one broadband provider that they get the exclusive right to service units in the building. So unless the residents get a wireless link (which can be difficult connections in a high-rise building), they are stuck using the building-provided broadband.
Quote:
Originally Posted by LSLGuy View Post
Not really.

The point is that if they have wired cable TV to their unit (good bet) they can choose to buy internet service over that cable as an add-on and then connect their personal internet router to that wired service.

Thereby avoiding the building's untrustworthy wifi.
Exactly. If you have coax coming into your unit, you do not need new wiring, just a splitter.
  #28  
Old 11-19-2017, 01:11 PM
edwardcoast edwardcoast is offline
Guest
 
Join Date: Jan 2014
Posts: 961
Quote:
Originally Posted by GreedySmurf View Post
Were in the midst of signing leases etc for a new place were moving to. An interesting approach is a single monthly payment to the property managers which covers all utilities, (council tax, power, water, & broadband). FYI, this is not a share flat, its a one bedroom flat in a new build high rise.

Its the broadband that Im a bit wary of. Reviewing the lease the terms include a commitment that we will not access anything illegal, nor use the connection to breach copyrights. IE no pirated downloads. So I can understand that, as presumably the broadband connection is a commercial account and any C&D letters would go to the landlord/management company.

So far so good. However the lease goes on to stipulate that the landlord reserves the right to monitor specific usage of the broadband service, given that the broadband account will not be in our name, presumably they own the router, and I am now concerned about using online banking through the WiFi.

I am totally OK with VPNs, and use one occasionally now, but if I understand correctly a VPN is only helpful from the router out into the wilds of the net, and will not help if the vulnerability is at the router? Is that correct? Should I be concerned? Could a monitoring system at the router log more than just the site visited, account IDs & passwords for example? If so, any suggestions to protect my data privacy if I assume there is some kind of monitoring system in the router?

Thanks for any opinions or suggestions.
As a business practical consideration for the landlord, I'm seriously doubting they have the ability or interest to monitor you individually, and that might simply be some boilerplate their attorney put into their contracts to scare people into not doing anything illegal and abusing their connections. Internet connections for broadband are sold at a flat-rate, so the landlord wouldn't be concerned about it until the ISP contacts them to complain about abuse of some sort. If you want to test this, ask to see an example of recent data usage report or how do you go about checking your individual usage, because these reports might not even exist.

If you have a cell phone with a data plan, create a personal hot-spot. This won't be going through the landlord's connection at all. Use that for all financial transactions such as banking and whatever else you are concerned about being private. Use the broadband for web surfing and things like Netflix. Anything personal use the hot-spot.
  #29  
Old 11-19-2017, 07:50 PM
EdelweissPirate EdelweissPirate is offline
Guest
 
Join Date: Mar 2015
Location: Madison, WI USA
Posts: 110
I am baffled by people who think they shouldn't check their bank accounts over "public wi-fi." SSL/TLS connections are effectively single-web-site VPNs. Data is encrypted between you and your bank regardless of whether the wi-fi is encrypted or not.

If, while connecting to your bank, you're presented with a bad SSL/TLS certificate (man-in-the-middle attack) and you care even a little bit about security, you'll notice and kill the connection attempt. If you don't know enough to pay attention to a bad cert, you probably didn't care (or didn't know) about network security in the first place.

MD2000 does a respectable job of describing what network security people call "the chain of trust" here:

Quote:
Originally Posted by md2000 View Post
A PC believes a certificate [is valid and not fake] when it says "I am XXX" if the root for that certificate (or that certificate) is in the root certificate store for that PC. <snip> ...if someone wants to fake a certificate without warning you, they have to have [already taken complete control of your computer]. If they get this far, a fake root certificate is the least of your worries.
MD2000 is right about that last part, too. If an attacker has enough control of your machine to plant a fake root certificate, they've already got complete control and you're already hosed, VPN or no.

In the OP's place, I wouldn't want random neighbors port-scanning my machines if they were so inclined. I would do what MD2000 suggests (a bit obliquely) in an earlier post: get a wireless bridge1 and feed that into your own router. It would look approximately like this:

[Internet]
____|_______________
[Landlord's router w/wi-fi]
__________|_______________
[Your shiny new wireless bridge]
__________|_____________
[Your router via its WAN port]
____|_____ ____|_____ __|________
[Your wi-fi] [wired eth0] [wired eth1] [etc.]

Those wired "eth" connections are shorthand for the wired ethernet ports on your own router.

This way, no none could snoop on your wireless signals without considerable effort, even if they were on the landlord's network. You could also have your router connect to a VPN service so that all the traffic it passed to the untrusted landlord network was encrypted.

Oh, and you should set your DNS servers to something other than what your landlord provides via DHCP. Google's public DNS servers support DNSSEC, as do many others. Using DNSSEC will help protect against DNS poisoning attacks, but your DNS queries will still be visible to your landlord. That's one thing a VPN service would prevent.

One thing that might be helpful is remembering that, short of child porn or The Silk Road, no one really cares what web sites you look at. My dad won't get a Facebook account because he's convinced that the NSA is monitoring Facebook (not unlikely) by assigning individual agents to "watch his activity" (bloody unlikely). There is no NSA agent watching my mom click "like" on photos of her grandkids or surf on over to the AARP website. There are likely algorithms scanning huge streams of data, but nothing more personal than that.

Similarly, there are no nefarious hackers who want to see all the documents stored on your computer. There are automated scripts (programs) trying to root your machine and add it to a botnet that can be rented out. Those scripts probably look for useful numbers, too, perhaps of the credit card or social security persuasion. But no one will be reading your journal.



1I'd recommend something like the $50 Asus RP-N54. Google the model name if you're interested.

Wireless bridges are now more often called "range extenders" because that's how people tend to use them. But they can also "grab" a wifi signal out of the air and allow you to connect to it with an ethernet cable. They "bridge" the wireless/wired gap.

You'd connect the bridge's wireless interface to your landlord's wi-fi network and the wired interface to your router's WAN port.

This allows you to use your existing router in exactly the same way you would if you had the interwebs coming out of a cable modem's ethernet port (or whatever). The only difference is minor: you'll be double-NATed. If you don't know what that means off the top of your head, you probably will never notice. It's not a big deal unless you're trying to host a server.
  #30  
Old 11-19-2017, 08:25 PM
si_blakely si_blakely is online now
Guest
 
Join Date: Jul 2002
Location: UK
Posts: 4,893
To be honest, I'd be more interested in answers to the following questions for the landlord:

What is the total bandwidth supplied to the building?
Is there enough total bandwidth

How many units is this divided between?
Is there enough data per unit?

Are individual unit connections rate-limited?
Can a bandwidth hog suck all the bandwidth impacting the whole building?

Is there a data cap on the entire building?
Could the building run out of data for the month?

If so, is there a data cap per unit?
Can one unit use all the allocated bandwidth?

Are individual units isolated (i.e a switched network or a shared network)?
Can other residents snoop my traffic?

Who manages the connections and what security is in place on the management system?
Who do I need to trust to manage my connection?
  #31  
Old 11-19-2017, 10:29 PM
EdelweissPirate EdelweissPirate is offline
Guest
 
Join Date: Mar 2015
Location: Madison, WI USA
Posts: 110
Those are all good questions, but no landlord I've ever met would be able to answer any of them.
  #32  
Old 11-19-2017, 10:51 PM
t-bonham@scc.net t-bonham@scc.net is offline
Guest
 
Join Date: Mar 2003
Location: Minneapolis, MN
Posts: 13,553
Quote:
Originally Posted by EdelweissPirate View Post
Those are all good questions, but no landlord I've ever met would be able to answer any of them.
Probably not themself. But they should have a contact in the bandwidth supplier who would be able to answer them, in some detail.
  #33  
Old 11-19-2017, 11:20 PM
Evan Drake Evan Drake is offline
Suspended
 
Join Date: Nov 2016
Posts: 2,719
I would rather go back to dial-up 2 decades ago than accept conditions from any landlord. Or satellite if I could afford it.


An employer can tell you what to do on his machine, but not what to do on yours. If a landlord is allegedly worried about liabilty he can offer disclaimers in advance. I will avoid illegalities because I want to, not because of some intrusive little busybody. It's no different to telling you what you can and can't read in your home.
  #34  
Old 11-20-2017, 12:24 AM
EdelweissPirate EdelweissPirate is offline
Guest
 
Join Date: Mar 2015
Location: Madison, WI USA
Posts: 110
Quote:
Originally Posted by t-bonham@scc.net View Post
Probably not themself. But they should have a contact in the bandwidth supplier who would be able to answer them, in some detail.
Well, certainly. But then why not ask for the contact directly instead of going through the motions with the landlord?
  #35  
Old 11-20-2017, 09:01 AM
LSLGuy LSLGuy is online now
Charter Member
 
Join Date: Sep 2003
Location: Southeast Florida USA
Posts: 20,660
Quote:
Originally Posted by Evan Drake View Post
I would rather go back to dial-up 2 decades ago than accept conditions from any landlord. Or satellite if I could afford it.


An employer can tell you what to do on his machine, but not what to do on yours. If a landlord is allegedly worried about liabilty he can offer disclaimers in advance. I will avoid illegalities because I want to, not because of some intrusive little busybody. It's no different to telling you what you can and can't read in your home.
I applaud the sentiment, but it's a pretty good bet this hypothetical landlord is "imposing" the same conditions his hypothetical ISP imposes on every subscriber. Including you if you went to that ISP directly.

Bottom line: IMO you're tilting at windmills.

Last edited by LSLGuy; 11-20-2017 at 09:02 AM.
  #36  
Old 11-20-2017, 09:42 AM
filmore filmore is offline
Guest
 
Join Date: Aug 2002
Posts: 3,428
How will the tenants be able to connect to the internet? Which of these is building providing:

1. Building-wide wifi?
2. Ethernet ports in each unit? (ethernet plugs in the wall like telephone plugs)?
3. A broadband router in each unit? (each unit has it's own cable modem)?


If it's wifi only, that will be the hardest to live with. There will be more contention for bandwidth and all the troubles that come with wifi.

If it's the 2nd or 3rd, there are methods you can use to make sure no one can snoop your data (the web addresses or packets), as well as not be able to snoop the computers on the network.

It's also good to ask who is managing the broadband. If it's just the building maintenance people, it's very likely that the equipment will not be maintained proactively. They may only upgrade the systems when people complain about poor performance. But a bigger issue is that they may be lax about upgrading firmware, which means security holes may go unpatched.
  #37  
Old 11-20-2017, 04:06 PM
butler1850 butler1850 is offline
Guest
 
Join Date: Nov 2001
Location: NH, Escaped from MA
Posts: 2,866
Much better answers above than my original reply. Pay no attention to this post.

Last edited by butler1850; 11-20-2017 at 04:11 PM.
  #38  
Old 11-21-2017, 02:57 PM
Evan Drake Evan Drake is offline
Suspended
 
Join Date: Nov 2016
Posts: 2,719
Quote:
Originally Posted by LSLGuy View Post
I applaud the sentiment, but it's a pretty good bet this hypothetical landlord is "imposing" the same conditions his hypothetical ISP imposes on every subscriber. Including you if you went to that ISP directly.

Bottom line: IMO you're tilting at windmills.

Then the landlord is under the onus to find a provider not making such conditions.

Conditions we don't have over here --- or would routinely ignore: the pathetic attempts by Cameron [ it seemed to be a personal thing, rather than a conservative thing: to protect our children from porn and to make intellectual property rights unassailable by preventing illegal downloads ] get no further than forbidding ISPs to permit certain websites by High Court order: the ISPs have no wish nor appetite to control viewing.


And some ISPs, famously Andrews and Arnold, a small private [ expensive ] company in Berkshire, have fast, unlimited, uncensored broadband as part of policy. Plus free IPv6 if you want it.
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 06:06 PM.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2017, vBulletin Solutions, Inc.

Send questions for Cecil Adams to: cecil@chicagoreader.com

Send comments about this website to: webmaster@straightdope.com

Terms of Use / Privacy Policy

Advertise on the Straight Dope!
(Your direct line to thousands of the smartest, hippest people on the planet, plus a few total dipsticks.)

Publishers - interested in subscribing to the Straight Dope?
Write to: sdsubscriptions@chicagoreader.com.

Copyright 2017 Sun-Times Media, LLC.

 
Copyright © 2017