Cheap, semi-reliable internet access

Move along, nothing to see here!
sky
Posts: 725
Joined: Tue Jan 04, 2011 2:20 am
Contact:

Cheap, semi-reliable internet access

Post by sky » Sat Sep 24, 2016 11:01 am

I have been using an unlimited 3G Verizon wifi jetpack since June. The initial cost was about $80 for the device and a few months of service, and I am currently paying $5 a month.

It works well during off-peak hours (peak hours seem to be commute times and lunch). There are times when it has no connection, or a slow connection. It will stream youtube videos, although I often pause the video to build up a buffer. It does not work well with two people trying to stream video, so we have one per person. Typical speed is 1.5 Mbs down, 0.5 up. During certain times I have no access. I believe it is related to the amount of traffic on the cell tower I am connected to but who knows.

I have the 4510 mifi device, which works well. You can connect up to 4 devices and it acts as a router, so you can run a file server over it (I think). I was not able to get torrents to work.

You have to make a $5 payment by phone with a credit card every 30 days. You don't receive a statement or any reminder, you can call and find out when your deadline is, and when you pay you get an additional 30 days from the day of payment.

To find a vendor, search "unlimited 3G" on ebay. I have had good luck with the vendor glselectronics. Avoid a vendor called Mobile Solutions.

We were having a lot of outages with Com cast and dropped their $85 a month plan. We are now paying $10 a month for two of these unlimited 3G plans. The nice thing is that when it is working well, you can watch as much video as you want without concern for going over a limit. When the device is working well, from a user perspective it works about as fast as the 15 Mbps Comcast connection did.

User avatar
Sclass
Posts: 1089
Joined: Tue Jul 10, 2012 5:15 pm

Re: Cheap, semi-reliable internet access

Post by Sclass » Sun Sep 25, 2016 10:21 pm

sky wrote: and I am currently paying $5 a month.

.
Wow way to go! The only way to get it cheaper than that is the library or a Starbucks parking lot.

User avatar
C40
Posts: 1738
Joined: Thu Feb 17, 2011 4:30 am
Location: Western U.S.
Contact:

Re: Cheap, semi-reliable internet access

Post by C40 » Mon Sep 26, 2016 12:41 am

I've been using the same exact thing for about 5 months now and I'm happy with it.

sky
Posts: 725
Joined: Tue Jan 04, 2011 2:20 am
Contact:

Re: Cheap, semi-reliable internet access

Post by sky » Mon Sep 26, 2016 7:07 am

We had no wifi device on our last van camping trip and paid far more than $5 a month in gas to drive into town to get wifi.

User avatar
vexed87
Posts: 1159
Joined: Fri Feb 20, 2015 8:02 am
Location: Yorkshire, UK

Re: Cheap, semi-reliable internet access

Post by vexed87 » Mon Sep 26, 2016 7:14 am

I use one of those 4G mifi things too, works very well in an area too far from the telephone exchange to bother with a slow-poke fixed line.

No usage limit for your $5 charge? Wow! I get 10GB @ £16/month which is significantly more than you are spending, I'm all but certain the mobile providers have formed a cartel here in the UK to jack up wireless prices... consider I used to get unlimited data for £10/month before 2014, now you cant get unlimited deals at all, and the rolling contract I'm on now is already ~20% more expensive to join than it was when I signed up.

The cost/GBs does drop the more you buy, but I don't realistically use more than 7-8GB, so use the cheapest package I can get away with, with a slight cushion. I could drop to 2-5GB/month if I gave up all video and audio streaming, but to save a few pounds, it's not worth it.

If anyone in the UK has found a cheaper alternative to Three's MiFi packages, let me know!

Scott 2
Posts: 798
Joined: Sun Feb 12, 2012 10:34 pm

Re: Cheap, semi-reliable internet access

Post by Scott 2 » Mon Sep 26, 2016 8:44 am

These are hacked devices, exploiting a technical hole in Verizon's network, and against policy.

More concerning to me - if buying from a random seller on eBay, you do not know what the device was flashed with. It could be reading all of your network traffic, including SSL. It's a great vector for a man in the middle attack.

User avatar
Sclass
Posts: 1089
Joined: Tue Jul 10, 2012 5:15 pm

Re: Cheap, semi-reliable internet access

Post by Sclass » Mon Sep 26, 2016 2:14 pm

Scott 2 wrote:These are hacked devices, exploiting a technical hole in Verizon's network, and against policy.

More concerning to me - if buying from a random seller on eBay, you do not know what the device was flashed with. It could be reading all of your network traffic, including SSL. It's a great vector for a man in the middle attack.
:o

Okay, that isn't sounding that great anymore.

I had a friend who was doing something like this with cable modems. Apparently he was able to use a hacked modem to get cable internet access on a cable that had been shut down for TV. I mean, you could hook up a set top box and it wouldn't work, but if you hooked in to the cable with the modem you could get internet. He said the big issue was security and you couldn't expect any privacy on the connection.

sky
Posts: 725
Joined: Tue Jan 04, 2011 2:20 am
Contact:

Re: Cheap, semi-reliable internet access

Post by sky » Mon Sep 26, 2016 10:42 pm

C40 wrote:I've been using the same exact thing for about 5 months now and I'm happy with it.
Have you used it in Canada?

User avatar
C40
Posts: 1738
Joined: Thu Feb 17, 2011 4:30 am
Location: Western U.S.
Contact:

Re: Cheap, semi-reliable internet access

Post by C40 » Tue Sep 27, 2016 5:16 pm

No, I haven't used it in Canada.


As for security, that's a good point. If I understand how this works correctly, the one risk is that the guy who flashes and sells the device could be doing something nefarious. I bought mine from a seller with a website who appears to have some longevity. I'll let you guys know if I notice some kind of security issue or identity theft.

User avatar
bryan
Posts: 646
Joined: Sat Nov 29, 2014 2:01 am
Location: mostly Bay Area

Re: Cheap, semi-reliable internet access

Post by bryan » Tue Sep 27, 2016 6:51 pm

C40 wrote:The one risk is that the guy who flashes and sells the device could be doing something nefarious. I bought mine from a seller with a website who appears to have some longevity. I'll let you guys know if I notice some kind of security issue or identity theft.
Exploits these days are essentially invisible. Especially for embedded devices (which I would count a router or wifi AP as counting). I would certainly prefer to connect to a vpn every time I used such a device (or even one straight from your ISP), essentially treating it like a public wifi hotspot. "HTTPS Everywhere" would also help close some possible holes. Ideally you could inspect the device and compare to a good reference (is there an extra chip somewhere?) and re-flash the firmware/OS.

User avatar
BRUTE
Posts: 2264
Joined: Sat Dec 26, 2015 5:20 pm

Re: Cheap, semi-reliable internet access

Post by BRUTE » Tue Sep 27, 2016 8:19 pm

if the device is compromised, a VPN would completely eliminate any risks?

User avatar
bryan
Posts: 646
Joined: Sat Nov 29, 2014 2:01 am
Location: mostly Bay Area

Re: Cheap, semi-reliable internet access

Post by bryan » Tue Sep 27, 2016 8:53 pm

BRUTE wrote:if the device is compromised, a VPN would completely eliminate any risks?
The risk is the router/wifi AP which is just the first hop of networking. So a man in the middle risk, same as if you are concerned about coffee shop wifi or your ISP snooping on your traffic. The VPN protocol you use ought to protect against MITM while establishing secure channels, after which the VPN ought to protect against MITM while using the internet (you should still worry about the security of your VPN endpoint, e.g. be weary of just buying a cheap, easy to use VPN connection from a provider from some list on the internet).

If this device is connected via a USB/lightning port interface, you may have to worry about additional exploit vectors.

Using more secure protocols (https:// instead of http://) is beneficial if you are MITM or not or on your VPN, as it is another layer.

For instance, it might be a sweet operation to sell MITM devices like OP which aren't really too nefarious (they won't steal your ERE forum login credentials or cookies) but instead inject ads into websites directly (or co-opt well known ads like Google). Very old stuff: http://www.ex-parrot.com/pete/upside-down-ternet.html

User avatar
Ego
Posts: 3806
Joined: Wed Nov 23, 2011 12:42 am

Re: Cheap, semi-reliable internet access

Post by Ego » Tue Sep 27, 2016 9:07 pm

bryan wrote: The risk is the router/wifi AP which is just the first hop of networking. So a man in the middle risk, same as if you are concerned about coffee shop wifi or your ISP snooping on your traffic. The VPN protocol you use ought to protect against MITM while establishing secure channels, after which the VPN ought to protect against MITM while using the internet (you should still worry about the security of your VPN endpoint, e.g. be weary of just buying a cheap, easy to use VPN connection from a provider from some list on the internet).
Are there any VPNs you would recommend for travel? I like mine (PIA) but it is big so some geo-restricted sites block it. It's also fairly inexpensive so I thought it may fall into your weary list. Also, I run into problems here with cloudflare every so often. And Mrs. Ego is always yelling at me, "The little green man (PIA logo) won't let me watch Hulu."

User avatar
bryan
Posts: 646
Joined: Sat Nov 29, 2014 2:01 am
Location: mostly Bay Area

Re: Cheap, semi-reliable internet access

Post by bryan » Tue Sep 27, 2016 10:00 pm

Ego wrote: Are there any VPNs you would recommend for travel? I like mine (PIA) but it is big so some geo-restricted sites block it. It's also fairly inexpensive so I thought it may fall into your weary list. Also, I run into problems here with cloudflare every so often. And Mrs. Ego is always yelling at me, "The little green man (PIA logo) won't let me watch Hulu."
The cheapest ones that are the most dubious are the free ones! Short answer is no, though..

I don't think there is a "best" VPN out there for all cases. I don't keep to up to date as I'm happy enough with what I have. Choosing a VPN is weighed among server availability, compatibility with your usage patterns and devices, and what the provider says they do or don't do (ad if you trust them). VPN providers have lied in the past about logging etc.

I have heard PIA is good. But maybe if it is not allowing you to watch hulu/netflix you can shop around for another. I think the cloudfare issue is pretty common unless you roll your own or use a VPN that botnets (or so many people) don't use.

If any wants to DIY, this should be a good approach:
https://www.digitalocean.com/community/ ... untu-14-04
https://github.com/kylemanna/docker-openvpn

User avatar
Sclass
Posts: 1089
Joined: Tue Jul 10, 2012 5:15 pm

Re: Cheap, semi-reliable internet access

Post by Sclass » Wed Sep 28, 2016 7:25 pm

Does https protect you from guys snooping open wifi at the coffee shop?

I used to play with ethereal back in the day on open wifi and learned more than I wanted about my my neighbors. But stuff was sent in the clear back then c2002.

Right now I'm kind of scared to hit my mother's webcams (http://) or even my bank (https://) from places like Macdonalds or the Library.

Scott 2
Posts: 798
Joined: Sun Feb 12, 2012 10:34 pm

Re: Cheap, semi-reliable internet access

Post by Scott 2 » Wed Sep 28, 2016 8:49 pm

Anytime you use public wifi, you are taking a risk. Some recent examples:

http://arstechnica.com/security/2016/07 ... -and-linux
http://arstechnica.com/security/2015/06 ... ses-users/

IMO the biggest risk is someone malicious who spoofs the public wifi, then gets you to connect.

I admit, I use it when I shouldn't, especially for email. It's just so damn convenient, and I tell myself the odds of a compromised network at a large reputable business are low. That could just be wishful thinking though. I use monitoring solutions on top of other preventative actions,because it's ultimately just a question of when. Sooner or later, your data will be breached. If you're lucky, you'll find out before any real damage is done.

Security really comes down to putting in as many layers of defense and control as possible, in hopes of making yourself more trouble than it is worth. If someone is committed to compromising you, they will eventually succeed.

What makes these devices so concerning, is the sellers have already demonstrated they are malicious actors. If they are willing to take advantage of Verizon, they are willing to take advantage of you.

SavingWithBabies
Posts: 52
Joined: Mon Aug 31, 2015 2:50 pm

Re: Cheap, semi-reliable internet access

Post by SavingWithBabies » Thu Sep 29, 2016 3:52 pm

Scott 2 wrote:These are hacked devices, exploiting a technical hole in Verizon's network, and against policy.
Is it people still doing the method linked below from 2012?

http://www.cultofmac.com/137537/get-fre ... how-deals/

User avatar
C40
Posts: 1738
Joined: Thu Feb 17, 2011 4:30 am
Location: Western U.S.
Contact:

Re: Cheap, semi-reliable internet access

Post by C40 » Thu Sep 29, 2016 11:32 pm

Scott 2 wrote:
What makes these devices so concerning, is the sellers have already demonstrated they are malicious actors. If they are willing to take advantage of Verizon, they are willing to take advantage of you.
"Take Advantage of" is stretching it a bit.

Yeah, they are doing something that Verizon doesn't want. Of course Verizon would prefer those old plans go away and everyone buy new, expensive ones. Not doing exactly what Verizon wishes is hardly "taking advantage". If they wanted, they could eliminate all these 3G data plans tomorrow (along with all the income they get form them).

User avatar
C40
Posts: 1738
Joined: Thu Feb 17, 2011 4:30 am
Location: Western U.S.
Contact:

Re: Cheap, semi-reliable internet access

Post by C40 » Thu Sep 29, 2016 11:37 pm

SavingWithBabies wrote:
Scott 2 wrote:These are hacked devices, exploiting a technical hole in Verizon's network, and against policy.
Is it people still doing the method linked below from 2012?

http://www.cultofmac.com/137537/get-fre ... how-deals/
I don't think so. From what I've read, it's likely that the data plans being flashed on the devices are from big blocks of corporate accounts that companies sold off as lots rather than fully closed. That would make somep sense as to why they are so cheap. But I really don't know: I'm just repeating this theory posted by some other dude on the internet.

Augustus
Posts: 121
Joined: Sat Apr 02, 2016 10:15 am

Re: Cheap, semi-reliable internet access

Post by Augustus » Sat Oct 01, 2016 10:06 pm

Sclass wrote:Does https protect you from guys snooping open wifi at the coffee shop?

I used to play with ethereal back in the day on open wifi and learned more than I wanted about my my neighbors. But stuff was sent in the clear back then c2002.

Right now I'm kind of scared to hit my mother's webcams (http://) or even my bank (https://) from places like Macdonalds or the Library.
Yes. SSL is designed so that someone can eavesdrop on the entire handshake and still not be able to know the encryption key used to encrypt data.

The ssl attack Scott mentioned will expose urls, but not the data being transmitted. That attack also isn't against ssl itself, it's against stupid auto proxy setups that various OSes implement, the ssl protocol itself is secure. The only way to eavesdrop on ssl traffic is to install a trusted root authority ssl certificate on your machine, and in every case I know of you will be prompted on whether or not to allow that.

Read up on diffie helman key exchange, it is really fascinating, and the math is pretty easy to understand, just need some basic algebra.

+1 Vpns, I run my own using openvpn on a nas in my house, it's awesome because I'm basically on my home network anywhere I go, local computers on my network are all accessible, and printers too.

User avatar
BRUTE
Posts: 2264
Joined: Sat Dec 26, 2015 5:20 pm

Re: Cheap, semi-reliable internet access

Post by BRUTE » Sat Oct 01, 2016 10:35 pm

wouldn't having a root CA certificate also allow anyone to fake any certificates? and lots of root certs have been leaked. lots of bad actors have them, anyway. like the government of north korea.

Augustus
Posts: 121
Joined: Sat Apr 02, 2016 10:15 am

Re: Cheap, semi-reliable internet access

Post by Augustus » Sat Oct 01, 2016 11:10 pm

BRUTE wrote:wouldn't having a root CA certificate also allow anyone to fake any certificates? and lots of root certs have been leaked. lots of bad actors have them, anyway. like the government of north korea.
Yes and no. From what I understand, it is not that easy, you have to explicitly trust the certificate AND perform a man in the middle attack. Basically the attacker in this case is intercepting traffic, decrypting it, contacting the remote server, encrypting that data, and sending it back to you. thus the requirement for them to install a trusted root certificate on your machine, that way they can make a certificate for the domain you are visiting on the fly and sign it. if it's your personal machine, on a network that isn't controlled by attacker, that is not possible unless you are already compromised by some kind of malware, in which case you're screwed no matter what you do.

It is however easy to do on say a company laptop where the certificate is preinstalled and you must use their network. http://security.stackexchange.com/quest ... ls-traffic

User avatar
BRUTE
Posts: 2264
Joined: Sat Dec 26, 2015 5:20 pm

Re: Cheap, semi-reliable internet access

Post by BRUTE » Sun Oct 02, 2016 12:46 am

seems right, they would still need a MITM, which a VPN should help prevent.

User avatar
bryan
Posts: 646
Joined: Sat Nov 29, 2014 2:01 am
Location: mostly Bay Area

Re: Cheap, semi-reliable internet access

Post by bryan » Sun Oct 02, 2016 5:05 pm

Augustus wrote:
BRUTE wrote:wouldn't having a root CA certificate also allow anyone to fake any certificates? and lots of root certs have been leaked. lots of bad actors have them, anyway. like the government of north korea.
Yes and no. From what I understand, it is not that easy, you have to explicitly trust the certificate AND perform a man in the middle attack. Basically the attacker in this case is intercepting traffic, decrypting it, contacting the remote server, encrypting that data, and sending it back to you. thus the requirement for them to install a trusted root certificate on your machine, that way they can make a certificate for the domain you are visiting on the fly and sign it. if it's your personal machine, on a network that isn't controlled by attacker, that is not possible unless you are already compromised by some kind of malware, in which case you're screwed no matter what you do.

It is however easy to do on say a company laptop where the certificate is preinstalled and you must use their network. http://security.stackexchange.com/quest ... ls-traffic
I would like to emphasize the malware and pre-installed (e.g. by employer, though it could also be by a person that plugs a USB stick into your PC while you are not looking or swapping your 4g wifi hardware with another) bit.

Hell, a lot of applications you run that talk over the network never use encryption (maybe until recently). Especially android apps..

Of course, a lot of this SSL stuff isn't done correctly anyway and has been easier to subvert in practice than you would think. For android apps and web browsers, it was the case that the full chain of certificate authentication was often never done (only authenticate of the one cert). There are always talks on this subject at DEF CON, Black Hat, and even Google IO (this year talking of improving the APIs to make it harder for developers to screw this up in Android M, N).

p.s. I would be surprised if three letter agencies _didn't_ have MITM points/taps from popular VPN exit nodes or other points (like AWS). Not so sure about smaller attackers.

Augustus
Posts: 121
Joined: Sat Apr 02, 2016 10:15 am

Re: Cheap, semi-reliable internet access

Post by Augustus » Sun Oct 02, 2016 10:32 pm

You could always untrust all the root CAs and roll your own :) my VPN is self signed, so at least the local network part of my communications is probably safe.

In a more philosophical vein, SSL is more a delaying tactic, and should only be trusted to a point. Is it safe enough for an Amazon purchase? Probably. Will it stop a three letter agency? In most cases I'd say yes, just because I believe in widespread incompetence and laziness. Is it impenetrable? No way.

I have a buddy who is essentially a three letter agency eavesdropper, his biggest complaint was the lack of drive and professionalism of his colleagues, he said many more terror attacks would have been stopped if people weren't doing the bare minimum and coasting towards a pension. He is strictly terror/war surveillance.

Sorry for the thread hijack :)

Post Reply