It’s over 9 years since I posted the first set of articles on the Carrypad blog…which became Origamiportal….which became UMPCPortal. I wanted to relay some thoughts on my personal need for a mobile internet device I called the Carrypad. I wrote about 5-7-inch screen sizes, web browsing, operating systems, GPS and use cases: Bed, sofa, toilet, plane, train and ship. I was, even if I do say so myself, spot-on, especially with the toilet! But I didn’t think enough about security.
My first mention of security was when I did a mini review of the Pepperpad 3 in October 2006.
…I was able to check for software listening on IP ports. It all looks pretty clean and with the automatic updates, there should be no need to worry too much about security. Low maintenance is always a good thing.
Admittedly the threat-level was lower 9 years ago but I should have paid more attention to security over the last 9 years and today there’s absolutely no excuse because the Internet is now a messy place.
PC and smartphones operating systems were not built with today’s risks in mind, and they’ve got worse. There’s more code in the operating system now, more 3rd-party applications, more sensors, more connectivity and more people to exploit creating ‘business models’ that were never imaginable.
The next time you join a new WiFi hotspot think about this: Is the site you’re looking at really the site you think it is? Is the DNS server really serving the correct IP addresses? Is the ISP behind the hotspot someone you trust? Do you trust everyone on the network that you’ve just connected to? How many of your apps have access to your location, permission to use your social networks, WiFi, your contact and SMS information and even to an unencrypted version of your internet traffic?
Last December I was teaching journalists about internet security and privacy in Ukraine. As part of a demo I set up a ‘fake Internet’ using about 150 euros of equipment. I served up a router, DHCP, DNS and even faked a Facebook login page. After I had logged into the Facebook page I turned on the projector which was connected to my Linux-box-Internet, did a search on Wireshark and read out my password. It was easy, cheap and effective and that was just in a class of 20 people. Can you imagine what goes on at the CES show in Las Vegas? At every airport in the world? At the cheap cyber café and on that open hotspot you found from your apartment?
If you are about to connect to an unknown hotspot don’t use a Windows PC unless you’re either a) happy with the risks or b) you’ve taken time to harden your PC with the 13-point checklist below. Easy isn’t it? NO IT ISN’T. The checklist is unworkable for most people.
Windows on a public hotspot checklist. (For increased privacy and security.)
- If possible, use a PC with an encrypted disk. (Microsoft Bitlocker is available for free on some low-cost Windows devices and on all Windows ‘Pro’ installations. E.g. All Surface Pro devices.)
- Turn on SecureBoot in your BIOS if possible and (as a minimum) add a BIOS boot (or BIOS admin) password. Create a long 15+ character Windows password for all accounts.
- Install OS updates and reboot.
- Check Firewall is on.
- Update the anti-virus and run a check.
- Run CCleaner (also check and clean the auto-start-up list.) and Spybot.
- Create a non-admin account. Log out and log back in as a non-administrator account. For more privacy, don’t log in via a provider account (E.g. Microsoft, Google .)
- Use up-to-date Chrome with HTTPS Everywhere, Privacy Badger extensions enabled. Don’t link Chrome to a Google account unless you trust Google. (Run an Incognito browser Window.)
- Hardwire your DNS to your ISP. If you trust Google, they have a good DNS service at 220.127.116.11 and 18.104.22.168. (Don’t use the DNS given by the hotspot)
- Use the Zenmate extension to tunnel and encrypt web traffic or buy a good VPN to tunnel all traffic. (I’m using HideIPVPN’s UK tunnel.)
- Use Startpage.com as search engine if you don’t want Google to store your searches / IP address. Startpage can also be used as a proxy.
- Avoid using cellular data if you don’t want to be location tracked. (Turn off A-GPS / location services on phone too.)
- Do not leave your PC unattended.
Enjoy your coffee!
Fortunately there are easier ways. You can ignore most of this list (points 1- 7) if you use a Chrome OS device and a Chromebook is probably the cheapest, easiest way to do it. That’s why i’m encouraging you all to think about adding a Chrome OS PC to your PC portfolio. I’m not asking you to replace anything, I’m simply asking you to consider spending $150 on your security.
A Chromebook is not 100% secure but it’s probably the cleanest consumer computing device you can buy. Even if you don’t trust Google, a Chromebook is still the cleanest consumer computing device you can buy. When it comes to online security, the Chromebook is the easiest recommendation I can make. Again, if you don’t trust Google, you can still use a Chromebook without a Google account.
Chrome OS was built from the start with security as a key consideration. Chrome OS is also simple and fast and that’s the bit that makes it so easy to recommend. My only problem with ChromeOS is that I can’t get it as a dual-boot option or on a mini, lightweight 2 in 1 that I can take everywhere. Like the ASUS T90 Chi for example.
The Lenovo N20p [N20p review] is my most-used device at home because it’s a no brainer. Which one of my 10-20 PCs is likely to be the fastest to boot? The Chromebook. Which one is most likely not to have to be rebooted after booting just to get the latest security patches installed? The Chromebook. Which one is not going to take 2 minutes before I can use the full speed of the disk and CPU? The Chromebook. Which one is likely to have some battery life left after a week of not being used? The Chromebook.
Again, a Chromebook is not 100% secure but unless you’re into air-gap computing, sharing files over a temporary Intranet (I find the MiFi with microSD card and no SIM card to be a useful solution in this case,) have dumped your smartphone and are very familiar with the Tails Linux-based distro on a PC where you change the MAC address daily then don’t knock it. The Windows security landscape is terrible in comparison and the average Linux distro is rarely a problem-free experience when installed on a modern laptop. OSX might be a reasonable solution, it’s true, but there’s also a lot of unknown quantities there. [Note: I have never assessed an OSX PC for security and privacy. Your comments are welcome on that topic below.]
For security’s sake, get a Chromebook. Add the HTTPS Everywhere and Privacy Badger plugins. Enable them for guest-mode/incognito mode usage. Consider and research ZenMate as an HTTP VPN and use Startpage.com as your default search engine to avoid Google having a list of searches against your IP address. Get a real VPN solution and learn how to configure it in Guest Mode on ChromeOS. Learn the 60-second Power Wash. Configre DNS to use Google 22.214.171.124 or find and configure your own trusted DNS and you will be in a position to switch-on and go browsing without any significant worry, unless you’re doing something naughty!
Related article: 7-steps to the best Chromebook security.
Chromebooks under 1.3 KG are always listed in the database here at UMPCPortal. Go here and select the Chrome OS operating system as shown in the image below.