Discussion:
How to set up your mobile devices & home router for privacy/security.
Discussion:
How to set up your mobile devices & home router for privacy/security.
For those wishing to know more about this topic, most people have their router Wi-Fi AP set to broadcast the SSID, which means it's uploaded to world-wide publicly accessible databases whether they like it or not.
a. The (unique) GPS location (of the phone uploading it) is uploaded
b. The signal strength (of the signal to the phone) is uploaded
c. The (unique) BSSID (MAC address) is uploaded - which is essentially you
d. The (normally non-unique) SSID is uploaded (with or without _nomap)
Of course, you should always disable Wi-Fi Protected Setup (WPS). Duh.
And, keep your firmware updated (duh),
Disable remote administration to your router (duh) & use HTTPS for login.
You "can" restrict connections by MAC, but if you're randomizing the MAC address, it's going to be impossible (as is static IP addresses set at the router level - they now have to be set at the mobile device level instead).
Also enable and check the router log (duh) for intrusions, but if you've
ever done that, you'll know already you're being attacked constantly.
Disable UPnP (duh), and firewall inbound traffic (duh) and enable DNS encryption (DoH/DoT), which seems easy, but I've found it to be a PITA.
A. DoH (DNS over HTTPS) wraps DNS queries inside HTTPS traffic
B. DoT (DNS over TLS) sends DNS queries over a TLS-encrypted channel
You enable iOS 14 & up DoH using Settings > Wi-Fi > DNS & you enable
Android 9+ DoT with Settings > Network & Internet > Advanced > Private DNS.
You enable DoH on Windows in Settings > Network & Internet > Change adapter options > DNS settings where Windows 11 is still DoH but the GUI is better.
On Android devices, you can add a system-wide firewall such as NetGuard.
It can block Wi-Fi/CellularData access per app. Not available on iOS.
I don't have much experience with RethinkDNS, but it's a FOSS Android app that combines encrypted DNS (DoH/DoT/DNSCrypt) with a system-wide firewall.
i. RethinkDNS = firewall + encrypted DNS (DoH/DoT/DNSCrypt) + blocklists
ii. NetGuard = firewall + per-app blocking + ad/tracker blocklists
You'll never have any privacy/security on iOS, which sucks at both (and anyone thinking it doesn't suck, clearly doesn't know anything about iOS).
While we're at it, it's probably a good idea to put smart TVs, cameras, and IoT gadgets on a separate VLAN or guest SSID, and it goes without saying further that you should change the rude/ignorant default iOS/Android setup.
If your neighbor's Wi-Fi is open, Windows can BLOCK accidental connections:
@echo off
netsh wlan show filters
echo Blocking unwanted Wi-Fi networks...
REM Replace these with the SSIDs you want to hide
netsh wlan add filter permission=block ssid="SSID1" networktype=infrastructure
netsh wlan add filter permission=block ssid="SSID2" networktype=infrastructure
netsh wlan add filter permission=block ssid="SSID3" networktype=infrastructure
echo Done! The specified SSIDs are now blocked.
netsh wlan show filters
pause
What did I miss?
Discussion:
How to set up your mobile devices & home router for privacy/security.
For those wishing to know more about this topic, most people have their router Wi-Fi AP set to broadcast the SSID, which means it's uploaded to world-wide publicly accessible databases whether they like it or not.
a. The (unique) GPS location (of the phone uploading it) is uploaded
b. The signal strength (of the signal to the phone) is uploaded
c. The (unique) BSSID (MAC address) is uploaded - which is essentially you
d. The (normally non-unique) SSID is uploaded (with or without _nomap)
Every mobile device owned by ignorant/rude people is uploading that privacy to the world-wide publicly accessible databases (which have been abused).
Chris wrote:
A router is not a person. At worst it represents a household in the same
For those wishing to know more about this topic, most people have their >>> router Wi-Fi AP set to broadcast the SSID, which means it's uploaded to >>> world-wide publicly accessible databases whether they like it or not.
a. The (unique) GPS location (of the phone uploading it) is uploaded
b. The signal strength (of the signal to the phone) is uploaded
c. The (unique) BSSID (MAC address) is uploaded - which is essentially you >>
way a postal address does.
Hi Chris,
If you move from one home to another, and if you take your router with you, then the "bad guy" can trace your movements exactly as to time & location.
They know your exact location & exactly when you changed locations.
d. The (normally non-unique) SSID is uploaded (with or without _nomap)No they haven't. A theoretical observation has been made. There's no
Every mobile device owned by ignorant/rude people is uploading that privacy
to the world-wide publicly accessible databases (which have been abused). >>
evidence of "abuse".
I know what you're talking about,
but most people reading this won't know
that the Apple system (versus the Google system) is atrociously designed.
The way Apple does it is Apple allows hundreds upon hundreds of access
point location information to be downloaded in a single instance by anyone
on the planet, while Google's system is far more constrained in terms of abuse potential.
You & I can delve deeper (much deeper) than that astute summary, but that quick overview of the huge differences between the highly insecure Apple system and the lousy Google system (more secure, but it still sucks in
terms of privacy) should suffice for most people here unless they ask for further details.
While you're at it, the equally rude satellites, google cars, the post
office and census collectors are also sharing extremely private information >> regarding everyone's houses, where they are and what they look like.
What you're saying I've heard a lot from people
Privacy is like personal hygiene. You never stop washing your hands.
I STRONGLY recommend first wrapping your house in tinfoil (hopefully that
will smother your *outgoing* connections), then radar opaque paint and,
finally, camouflage netting.
For extra privacy go live in the woods.
These are the exact words of sklavin, Chris.
Many people in history have decided to be a slave; but I'm not one of them. And more to the point, I do not advocate that people become slaves.
You advocate slavery. I advocate freedom.
Carlos E.R. wrote:gin.
Disable remote administration to your router (duh) & use HTTPS for lo
That removes the warranty. Seriously. My router is remotely managed by
.my ISP. Not via plain ssh login, they have their own dedicated channel
Hi Carlos,d by
Thanks for adding the missing information that the router may be manage
the ISP, which, of course, somewhat changes what you can and cannot doto
effect better privacy/security.e I
I'm actually surprised, Carlos, that the ISP manages "the router", wher
would NOT be surprised if the ISP manages "the modem" (even as I'm well.
aware that router:modem combinations exist (which may be what you have)
In my case, I don't have a modem since I get my Internet from a dozen miles
away over the air via WISP, but my "rooftop transceiver" is managed bythe
WISP (although he gives me his password so that I can make changes).dem,
Most people in the USA don't have a transceiver like I do; they have a
modem, and some people have a modem which is combined into a router.
I am unfamiliar with that setup personally, since I've never owned a mo
but I've bought them for my kids when they moved into apartments, so I'm
familiar with the concept that you seem to be speaking about..
Thanks for adding the extra value so that everyone on the team benefits
Carlos E.R. wrote:
Disable remote administration to your router (duh) & use HTTPS for login. >>That removes the warranty. Seriously. My router is remotely managed by
my ISP. Not via plain ssh login, they have their own dedicated channel.
Hi Carlos,
Thanks for adding the missing information that the router may be managed by the ISP, which, of course, somewhat changes what you can and cannot do to effect better privacy/security.
I'm actually surprised, Carlos, that the ISP manages "the router", where I would NOT be surprised if the ISP manages "the modem" (even as I'm well
aware that router:modem combinations exist (which may be what you have).
In my case, I don't have a modem since I get my Internet from a dozen miles away over the air via WISP, but my "rooftop transceiver" is managed by the WISP (although he gives me his password so that I can make changes).
Most people in the USA don't have a transceiver like I do; they have a
modem, and some people have a modem which is combined into a router.
I am unfamiliar with that setup personally, since I've never owned a modem, but I've bought them for my kids when they moved into apartments, so I'm familiar with the concept that you seem to be speaking about.
Thanks for adding the extra value so that everyone on the team benefits.
On 2025/12/2 16:26:18, Marian wrote:
Carlos E.R. wrote:
Disable remote administration to your router (duh) & use HTTPS for login. >>>That removes the warranty. Seriously. My router is remotely managed by
my ISP. Not via plain ssh login, they have their own dedicated channel.
Hi Carlos,
Thanks for adding the missing information that the router may be managed by >> the ISP, which, of course, somewhat changes what you can and cannot do to
effect better privacy/security.
I'm actually surprised, Carlos, that the ISP manages "the router", where I >> would NOT be surprised if the ISP manages "the modem" (even as I'm well
aware that router:modem combinations exist (which may be what you have).
In my case, I don't have a modem since I get my Internet from a dozen miles >> away over the air via WISP, but my "rooftop transceiver" is managed by the >> WISP (although he gives me his password so that I can make changes).
Most people in the USA don't have a transceiver like I do; they have a
modem, and some people have a modem which is combined into a router.
I am unfamiliar with that setup personally, since I've never owned a modem, >> but I've bought them for my kids when they moved into apartments, so I'm
familiar with the concept that you seem to be speaking about.
Thanks for adding the extra value so that everyone on the team benefits.
I don't know about the USA, but in the UK, a lot of users have _one_
whitish box, which connects to the 'phone line, and contains the MoDem, router, hub, wifi, ... you name it, it's in that box. Common parlance - including from the ISPs who usually supply the box - is to (mis)name
that box the "router".
They usually (since the ISP supplies them) have a version of the manufacturer's software, tweaked to suit the ISP. I'm not _aware_ of any
that are remote-flashed by the ISPs, but it wouldn't surprise me.
I don't _think_ most ISP contracts say you _have_ to use their "router", though there may be some that do; however, the majority of users _do_,
since it's generally supplied "free" by the ISP, and also if anything
goes wrong - or is _suspected_ of going wrong - the ISP's support desk
(which aren't great at the best of times) are likely to tell you you're
on your own if you're not using their "router".
Chris wrote:
For those wishing to know more about this topic, most people have their
router Wi-Fi AP set to broadcast the SSID, which means it's uploaded to
world-wide publicly accessible databases whether they like it or not.
a. The (unique) GPS location (of the phone uploading it) is uploaded
b. The signal strength (of the signal to the phone) is uploaded
c. The (unique) BSSID (MAC address) is uploaded - which is essentially you
A router is not a person. At worst it represents a household in the same
way a postal address does.
Hi Chris,
If you move from one home to another, and if you take your router with you, then the "bad guy" can trace your movements exactly as to time & location.
They know your exact location & exactly when you changed locations.
d. The (normally non-unique) SSID is uploaded (with or without _nomap) >>>No they haven't. A theoretical observation has been made. There's no
Every mobile device owned by ignorant/rude people is uploading that privacy >>> to the world-wide publicly accessible databases (which have been abused). >>
evidence of "abuse".
I know what you're talking about, but most people reading this won't know that the Apple system (versus the Google system) is atrociously designed.
The way Apple does it is Apple allows hundreds upon hundreds of access
point location information to be downloaded in a single instance by anyone
on the planet, while Google's system is far more constrained in terms of abuse potential.
They usually (since the ISP supplies them) have a version of the manufacturer's software, tweaked to suit the ISP. I'm not _aware_ of any
that are remote-flashed by the ISPs, but it wouldn't surprise me.
Carlos E.R. wrote:
My main argument, which all my kids learned in spades, was that paying $150 up front once, immediately reduced the long-term costs by thousands of dollars since it instantly saved the $50 (probably now $75 or more) "installation fee" that cable companies charged, and, of course, it eliminates the $10/month (now likely $20/month) plus taxes to rent it.
<https://www.costco.com/routers-networking.html>
On 2025-12-03 00:39, Marian wrote:
Carlos E.R. wrote:
...
My main argument, which all my kids learned in spades, was that paying $150 >> up front once, immediately reduced the long-term costs by thousands of
dollars since it instantly saved the $50 (probably now $75 or more)
"installation fee" that cable companies charged, and, of course, it
eliminates the $10/month (now likely $20/month) plus taxes to rent it.
<https://www.costco.com/routers-networking.html>
It is not a rental here. We can buy a router, the monthly fee doesn't
change a cent. The advantage is (probably) a more feature rich router
and more control. The disadvantage is that you have to work out the configuration, which is a pain (AFAIK they don't publish it), and that
if something breaks you have no support. They'll help, sure, depending
on who you manage to talk with, but no support.
When I was on ADSL I had their router, but I bought my own. The configuration was simpler back then, but the router had a wizard: I just told it what Telco it was, and it configured itself. I have not seen
this feature announced with fibre.
...
On 2025-12-03 00:39, Marian wrote:
Carlos E.R. wrote:
...
My main argument, which all my kids learned in spades, was that paying $150 >> up front once, immediately reduced the long-term costs by thousands of
dollars since it instantly saved the $50 (probably now $75 or more)
"installation fee" that cable companies charged, and, of course, it
eliminates the $10/month (now likely $20/month) plus taxes to rent it.
<https://www.costco.com/routers-networking.html>
It is not a rental here.
I can't imagine any ISP/WISP willing to do all that private LAN setup.
Carlos E.R. wrote:
It is not a rental here. We can buy a router, the monthly fee doesn't
change a cent.
Hi Carlos,
I need to be clear. I never said what you apparently thought I said.
It's not the "router", per se, that people rent out here.
It's the modem.
Where I live we have 40-acre zoning, so every property has to be a minimum
of 40 acres, where if you don't have a bunch of radios scattered about,you
J. P. Gilliver wrote:
Marian wrote:I had heard of the phrase <https://en.wiktionary.org/wiki/back_forty>
Where I live we have 40-acre zoning, so every property has to be a
minimum
of 40 acres
So hugely different outlooks! I've never heard (though I'm sure you're
right) of a _minimum_ property size before.
On 2025/12/3 12:47:9, Carlos E.R. wrote:
On 2025-12-03 00:39, Marian wrote:As I've said before, here in UK most users who are connected to a copper 'phone line have one box, containing MoDem, router, hub, and wifi base,
Carlos E.R. wrote:
...
My main argument, which all my kids learned in spades, was that paying $150 >>> up front once, immediately reduced the long-term costs by thousands of
dollars since it instantly saved the $50 (probably now $75 or more)
"installation fee" that cable companies charged, and, of course, it
eliminates the $10/month (now likely $20/month) plus taxes to rent it.
<https://www.costco.com/routers-networking.html>
It is not a rental here. We can buy a router, the monthly fee doesn't
change a cent. The advantage is (probably) a more feature rich router
and more control. The disadvantage is that you have to work out the
configuration, which is a pain (AFAIK they don't publish it), and that
if something breaks you have no support. They'll help, sure, depending
on who you manage to talk with, but no support.
When I was on ADSL I had their router, but I bought my own. The
configuration was simpler back then, but the router had a wizard: I just
told it what Telco it was, and it configured itself. I have not seen
this feature announced with fibre.
...
which box is generally referred to as a "router"; AIUI those with an
actual fibre connection to the home still have a similar-_looking_ box,
still referred to as a "router", but one additional box that connects to
the fibre, and to which the "router" connects, usually by an ethernet cable.
The "router" is in most cases provided "free" by the ISP (or, at least,
any monthly rental is included in the about 25 pounds a month you pay
for service access - which is _not_ reduced if you buy your own
"router"). There's no "installation charge" for the router as such; if
you get broadband where there was none before, there is usually a
startup charge, but that's regardless of whether you use the provided
router or not - it's to cover equipment setup at the exchange AIUI.
On 2025-12-03 15:27, J. P. Gilliver wrote:
On 2025/12/3 12:47:9, Carlos E.R. wrote:
On 2025-12-03 00:39, Marian wrote:
Carlos E.R. wrote:
...
My main argument, which all my kids learned in spades, was that paying $150
up front once, immediately reduced the long-term costs by thousands of >>>> dollars since it instantly saved the $50 (probably now $75 or more)
"installation fee" that cable companies charged, and, of course, it
eliminates the $10/month (now likely $20/month) plus taxes to rent it. >>>> <https://www.costco.com/routers-networking.html>
It is not a rental here. We can buy a router, the monthly fee doesn't
change a cent. The advantage is (probably) a more feature rich router
and more control. The disadvantage is that you have to work out the
configuration, which is a pain (AFAIK they don't publish it), and that
if something breaks you have no support. They'll help, sure, depending
on who you manage to talk with, but no support.
When I was on ADSL I had their router, but I bought my own. The
configuration was simpler back then, but the router had a wizard: I just >>> told it what Telco it was, and it configured itself. I have not seen
this feature announced with fibre.
...
As I've said before, here in UK most users who are connected to a copper
'phone line have one box, containing MoDem, router, hub, and wifi base,
which box is generally referred to as a "router"; AIUI those with an
actual fibre connection to the home still have a similar-_looking_ box,
still referred to as a "router", but one additional box that connects to
the fibre, and to which the "router" connects, usually by an ethernet cable. >>
The "router" is in most cases provided "free" by the ISP (or, at least,
any monthly rental is included in the about 25 pounds a month you pay
for service access - which is _not_ reduced if you buy your own
"router"). There's no "installation charge" for the router as such; if
you get broadband where there was none before, there is usually a
startup charge, but that's regardless of whether you use the provided
router or not - it's to cover equipment setup at the exchange AIUI.
Yes, same here.
On 2025-12-03 12:47, Andy Burns wrote:
J. P. Gilliver wrote:
Marian wrote:I had heard of the phrase <https://en.wiktionary.org/wiki/back_forty>
Where I live we have 40-acre zoning, so every property has to be a minimum >>>> of 40 acres
So hugely different outlooks! I've never heard (though I'm sure you're
right) of a _minimum_ property size before.
While that explains the origin of the "forty"...
...I have huge doubts about Arlen stating the whole truth about anything.
Paul wrote:
...I have huge doubts about Arlen stating the whole truth about anything. >>That makes sense for agricultural land. 40 is a quarter of a 160 property. >> And hobby farms here are 40. The zoning likely prevents chopping a title
into smaller chunks. You can't turn Ag land into subdivisions, without
the right zoning. And a higher level of government draws lines around
productive farmland and prevents that sort of thing. If they didn't do
that, all the farms would be sad looking subdivisions.
For hobby farming, you have to be careful to not lose your tax status.
The easiest way to "meet the farming requirement", is to rent out 30 acres >> for hay production, a neighbour comes in and harvests hay several times
per year. And that income is then taxed (somehow) at a farm rate. If
you just sit on the land, some tax becomes hella expensive. That's
what I've overheard from people doing this. There is an incentive to
"make it look like it's a farm". That's how the scheme works here.
A few people, will run their property like an actual farm.
Even inheritance of the property is a huge liability.
Paul
Hi Paul,
802.11 reality:
Nobody reads anything Alan Baker ever says because his IQ is actually at
the retard level (roughly no better than about 40 IQ).
He denies everything he can't comprehend - which - is everything.
One look at the Hillside (HS) zoning in unincorporated Santa Clara County would show the idiot that 40-acre zoning is the norm for Hillsides.
<https://plandev.santaclaracounty.gov/codes-and-policies/zoning-ordinance>
HS (Hillside District) = 40-acre minimum parcel size
AR (Agricultural Ranchlands District) -> 40-acre minimum parcel size
On 2025-12-03 17:44, Marian wrote:
Paul wrote:
...I have huge doubts about Arlen stating the whole truth about anything. >>>That makes sense for agricultural land. 40 is a quarter of a 160 property. >>> And hobby farms here are 40. The zoning likely prevents chopping a title >>> into smaller chunks. You can't turn Ag land into subdivisions, without
the right zoning. And a higher level of government draws lines around
productive farmland and prevents that sort of thing. If they didn't do
that, all the farms would be sad looking subdivisions.
For hobby farming, you have to be careful to not lose your tax status.
The easiest way to "meet the farming requirement", is to rent out 30 acres >>> for hay production, a neighbour comes in and harvests hay several times
per year. And that income is then taxed (somehow) at a farm rate. If
you just sit on the land, some tax becomes hella expensive. That's
what I've overheard from people doing this. There is an incentive to
"make it look like it's a farm". That's how the scheme works here.
A few people, will run their property like an actual farm.
Even inheritance of the property is a huge liability.
Paul
Hi Paul,
802.11 reality:
Nobody reads anything Alan Baker ever says because his IQ is actually at
the retard level (roughly no better than about 40 IQ).
He denies everything he can't comprehend - which - is everything.
One look at the Hillside (HS) zoning in unincorporated Santa Clara County
would show the idiot that 40-acre zoning is the norm for Hillsides.
<https://plandev.santaclaracounty.gov/codes-and-policies/zoning-ordinance> >> HS (Hillside District) = 40-acre minimum parcel size
AR (Agricultural Ranchlands District) -> 40-acre minimum parcel size
Did you catch the subtle shift there?
From, "Where I live we have 40-acre zoning, so EVERY property has to be
a minimum of 40 acres"
To, "40-acre zoning is the norm for Hillsides"
"the norm" implies that there are exceptions, where "every property" explicitly means there aren't.
From looking at the "Zoning Atlas" linked at the "Zoning Ordinance"
page Arlen linked above, we can see that he omits that "HS" and "AR" are
just two (2) zoning districts...
...out of a total 33 different districts.
And if you look at that map...
<https://stgenpln.blob.core.windows.net/document/zoning_atlas.pdf>
...you'll see that the vast majority of the area of Santa Clara County
is not zoned HS, or AR.
So, just as I suspect, Arlen wasn't telling the whole story.
| Sysop: | Tetrazocine |
|---|---|
| Location: | Melbourne, VIC, Australia |
| Users: | 14 |
| Nodes: | 8 (0 / 8) |
| Uptime: | 93:04:44 |
| Calls: | 184 |
| Files: | 21,502 |
| Messages: | 81,190 |