1

I have just moved to a new place and the router is controlled by the managing company, what can I do to improve my security and my anonymity under this constraint?

Jack
  • 13
  • 2
  • One option is to use a VPN. If setup properly (including taking into account DNS), the owner/operator of the router will be able to see that you are using a VPN, but will not be able to see which sites you are connecting to. – mti2935 Dec 11 '21 at 17:41
  • 1
    Is there a written agreement with the management company? You should have since any bad action can be directed to you by them. – kelalaka Dec 12 '21 at 19:09

1 Answers1

3

There are three main issue when using a network not under your control.

1. Security of data sent and received over the network.

The operator of the router has the ability to intercept and tamper with all your network transmissions. In this regard, your scenario is almost identical to using a public wifi, and the corresponding mitigations also apply to you.

2. Privacy

Even if you are using HTTPS for all your connections, the operator of the router can still see which sites you visit, through your DNS queries and SNI strings. Again, this is similar to using a public wifi. If this is something you are worried about, you can use a VPN or Tor. A VPN doesn't completely solve the problem, it just shifts it (i.e. the VPN operator can still see which sites you visit.) Tor is much better, but it comes with the drawbacks of slower speeds and not being legal everywhere.

3. Protecting resources on your network

This is where your scenario differs from a public wifi. As this is a home network, you probably want to use it for more than just browsing. For example, you might want to connect a wireless printer to your network. And you wouldn't want someone with access to the network to be able to spam the printer with junk and waste all the cartridges/toner. Nor would you want anyone to be able to access/modify any of your files if you ever open a file share on your devices, and you definitely will not want to have someone trying to exploit vulnerabilities in your devices. But since you do not control the router, you cannot control who has access to this network, and therefore may be susceptible to such attacks.

One possible solution to this would be to set up your own network inside your current wifi. Basically, connect a dedicated device (maybe another router or Raspberry Pi, a laptop would do too, but it would be sort of overkill) to the main wi-fi, and have that device create a separate hotspot to which you will connect all your other devices. Now anyone with access to the main wi-fi would only be able to interact with the dedicated device. Everything else would be relatively safe behind a NAT. Setting this up may require some technical skills, but you can look for a tutorial online or ask for help at Super User.

Of course, choosing to implement any of this depends on how paranoid you are about the managing company or anyone else with access to the router being malicious.

nobody
  • 11,341
  • 2
  • 41
  • 60
  • 1
    +1 for the advice. Yes set up your home network even a [tor wifi](https://pimylifeup.com/raspberry-pi-tor-access-point/) – kelalaka Dec 12 '21 at 19:13