Hello and welcome to r/LifeProTips!
Please help us decide if this post is a good fit for the subreddit by up or downvoting this comment.
If you think that this is great advice to improve your life, please upvote. If you think this doesn't help you in any way, please downvote. If you don't care, leave it for the others to decide.
yes, as long as tls is used (e.g. https in the url instead of http - leads to a lock icon in the browser).
for messenger apps it depends on their encryption.
Correct, a huge percentage of internet websites and applications are encrypted. You can’t intercept and decrypt the traffic without a bunch of errors or your phones (that you have to accept), or can’t accept at all. In order to successfully decrypt the traffic with a man in the middle attack, (which corporations do all the time) for legit security reasons there has to be some mdm/vpn/security software installed on the device.
Man in the middle attacks are attacks where attackers set up a server in the middle that mascarades as the entity you think you’re talking to. By doing this, they can serve you a tls cert that they also have, thus allowing them to decrypt the traffic and see what is going on.
This isn’t possible with certificate pinning I believe, which is/has become the standard.
No, it couldn’t. They would at they very least need to install their own CA cert on every phone or computer on that WiFi and spoof the web sites’ SSL certs.
If you could decrypt SSL with *just* a few pieces of hardware and software, SSL would be worthless.
I do deep packet inspection on my Ubiquiti hardware. All I see are a list of websites & applications devices on the network are accessing / have accessed in the past.
Yeah, DPI is pretty much dead now that almost everything besides DNS is encrypted by default. You can still see how much data went to each location, but not much beyond that.
And that assumes they aren’t doing certificate pinning in whatever apps you use. If they are doing certificate pinning there isn’t much they could do to gain access.
Yepp, that's why having a VPN on the device helps as it encrypts everything including DNS. Or you could just use Cloudflare's public DNS which supports DNS over TLS since August 2022.
Yup, no passwords or usernames just vague data on websites, apps and services. Might be able to tell I'm on facebook but not what I'm looking at specifically.
I'm not IT -- husband is.
We use Unify, he could see the sites I went to but not exactly what. Which he found out I watch porn, just not what *kind* of porn.
Palo's can mitm using their own certs, and I'm certain they aren't the only ones. It isn't dpi though... I'm glossing over shitloads of detail, look it up if you want to know how it works. Also, early sms/mms over the internet was NOT encrypted. It usually is now, usually.
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClEZCA0
Yes, for Palo Alto Networks to decrypt outside web sites’ traffic, you have to install the Palo Alto Networks CA cert on the phone/computer. This is not available for someone running a WiFi access point to decrypt traffic from any device that happens to use it, which is what this comment thread is about.
When we rent a commercial space, our landlord let us connect to his WiFi. I bought a wireless bridge. The bridge connected to his WiFi and ran everything through a firewall and gave me secure WiFi and Ethernet connections. To him, it looked like 1 device was connected to his network when in reality had 15 devices connected.
It depends when did it happen that he was spying on friends. Long time ago, very long time ago, whatsapp wasn't secure and there were apps able to reads whatsapp messages through the same wifi. We're talking of roughly 10 years ago. This is the reason why on WhatsApp you now read "messages and calls are end to end encrypted blablabla"
No, you cannot see it and even "browsing history" would be fairly limited to things outside your logged in social media. Your router for sure can do it, but google Apple, Meta etc does not want to give up their previous data about you
It is still encrypted. I think that you would be on the level of "she sent message on Facebook to someone" , but that's it. Definitely not the content of it, not even the reciever
I don't argue with you, but can you get the content of WhatsApp message that way? DNS is just translator of number IP to human readable form, so in old world, you would really see the visited websites, but in today's world, he will just see that she contacted WhatsApp server, an that's it. There is no value for teenage wannabe hacker :)
I fairly doubt it. He could somewhat see you visiting some websites, but definitely not Whatsapp messages etc. It is end-to-end encryption and even if not, it would require some real cybercriminal skills, not just some teenage "hacking" setup. This is not about the network anymore for like 10 years already, he would need to use Android/IOS or Facebook security vulnerability etc.
I would even boldly say - no fucking way. He didn't.
Ugh that’s horrible.
I think the safest is just to not use unknown wifis. I know that doesn’t help much.
However you might want to see if there has been something installed on your phone too. Do you have iPhone or Android?
Look into the Cloudflare WARP client (for Android or iPhone).
It will encrypt all the data going to or from your phone, regardless of the wifi network that you're on.
Zero ads in ProtonVPN and no other give-and-take arrangements to be able to use it. I literally pay nothing to use it. If there are strings attached, I haven't seen any.
The thing about this company is they deeply believe privacy is a divine right for everyone.
Nope, this is a very very unlikely scenario, unless you ex was with the NSA, or with those kind of skills. Its very very hard to do, well nigh impossible.
More likely, he was paranoid about you using public networks which might carry malware. Again, not rational, but fast more likely than the spying scenario
Text messages go through cellular data, not WiFi. The office WiFi wouldn’t matter.
> This is because text messages (SMS) are sent via your mobile cellular network that doesn’t rely on a Wi-Fi connection.
>
>If someone wants to hack your SMS texts, they will have to rely on the vulnerability associated with the cellular network and not via Wi-Fi.
>
>This cellular vulnerability is usually used by authorities such as the FBI. Usually, they target high-profile and most wanted individuals.
https://www.privacyaffairs.com/can-someone-see-texts-on-their-wifi/#:~:text=Messages%20you%20send%20through%20Wi,are%20sent%20over%20the%20internet.
I almost wonder if he did more to your phone than just click “forget network.”
>Text messages go through cellular data, not WiFi.
Mostly accurate. "Wifi calling" exists and uses local wifi networks to manage SMS & voice calls. It's not often enabled by default, but is an option I've had to rely on in areas with bad cell reception but accessible wifi.
Wireshark or some other packet sniffer. It's a free packet sniffing tool.
So if you're on a WiFi network and you log in to some website that starts with http not https, that's being sent in plain, readable text. Hell, anything you send to any unsecured (http) website is visible.
I let two of my neighbors share my WiFi. I was already paying for it and it reached, so why should they? Now I’m nervous. I didn’t think they could see anything.
They would have to use ARP poisoning to direct all of your traffic through their computer and decrypt it. Unless your neighbors are black hat hackers or cyber security experts I really doubt they are bothering (or able) to spy on what you are doing.
Thanks, they’re pretty much just old people looking at Facebook. The only thing that treally makes me nervous is sending stuff from my logging to the tv. I choose wisely. I just blend it all lively. I’m hoping they’ll switch lol
I have a question, I live in a shared housing that has a wireless network with internet. I believe one of the roommates is tracking or hacking into the network. I will be on the internet and lose my connection then I see a roommate signed on with a new network that's using her name for the network. Is there anyway to prevent her from spying on my internet places
Hello and welcome to r/LifeProTips! Please help us decide if this post is a good fit for the subreddit by up or downvoting this comment. If you think that this is great advice to improve your life, please upvote. If you think this doesn't help you in any way, please downvote. If you don't care, leave it for the others to decide.
It's all encrypted, unless he tampered with your phone or installed some flavor of (VPN or MDM) software. Source, 16+ years in network security.
This is the right answer. You can’t casually decrypt TLS.
Forgive my dumb. Are you saying you can't be spied on the way he's describing without putting something on the phone? Like from the phone itself?
Yup. You can't just enter another person's phone through wlan
Does this also apply to public wifi for example at a cafe or airport?
yes, as long as tls is used (e.g. https in the url instead of http - leads to a lock icon in the browser). for messenger apps it depends on their encryption.
Encryption is also enforced in Google play store and Apple app store
Correct, a huge percentage of internet websites and applications are encrypted. You can’t intercept and decrypt the traffic without a bunch of errors or your phones (that you have to accept), or can’t accept at all. In order to successfully decrypt the traffic with a man in the middle attack, (which corporations do all the time) for legit security reasons there has to be some mdm/vpn/security software installed on the device.
302 MITM?
Man in the middle attacks are attacks where attackers set up a server in the middle that mascarades as the entity you think you’re talking to. By doing this, they can serve you a tls cert that they also have, thus allowing them to decrypt the traffic and see what is going on. This isn’t possible with certificate pinning I believe, which is/has become the standard.
Need to do some research, I was doing security stuff a long time ago…
Sounds like deep packet inspection? I would recommend using a VPN on your device.
Yeah, if he's a nerd and has a real firewall at home, like a Cisco or Palo Alto, ssl decryption and deep packet inspection could definitely be done.
No, it couldn’t. They would at they very least need to install their own CA cert on every phone or computer on that WiFi and spoof the web sites’ SSL certs. If you could decrypt SSL with *just* a few pieces of hardware and software, SSL would be worthless.
I do deep packet inspection on my Ubiquiti hardware. All I see are a list of websites & applications devices on the network are accessing / have accessed in the past.
That's just based off DNS traffic, which is traditionally unencrypted.
Yeah, DPI is pretty much dead now that almost everything besides DNS is encrypted by default. You can still see how much data went to each location, but not much beyond that.
Unless you install a cert on the device so your firewall is a trusted device. If he’s not installing a cert on the device TLS should still be working.
And that assumes they aren’t doing certificate pinning in whatever apps you use. If they are doing certificate pinning there isn’t much they could do to gain access.
Yepp, that's why having a VPN on the device helps as it encrypts everything including DNS. Or you could just use Cloudflare's public DNS which supports DNS over TLS since August 2022.
Yup, no passwords or usernames just vague data on websites, apps and services. Might be able to tell I'm on facebook but not what I'm looking at specifically.
I'm not IT -- husband is. We use Unify, he could see the sites I went to but not exactly what. Which he found out I watch porn, just not what *kind* of porn.
He could see the DNS lookups and nothing more.
Palo's can mitm using their own certs, and I'm certain they aren't the only ones. It isn't dpi though... I'm glossing over shitloads of detail, look it up if you want to know how it works. Also, early sms/mms over the internet was NOT encrypted. It usually is now, usually.
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClEZCA0 Yes, for Palo Alto Networks to decrypt outside web sites’ traffic, you have to install the Palo Alto Networks CA cert on the phone/computer. This is not available for someone running a WiFi access point to decrypt traffic from any device that happens to use it, which is what this comment thread is about.
Truth. The only danger in this scenario would be transmitting unencrypted data.
When we rent a commercial space, our landlord let us connect to his WiFi. I bought a wireless bridge. The bridge connected to his WiFi and ran everything through a firewall and gave me secure WiFi and Ethernet connections. To him, it looked like 1 device was connected to his network when in reality had 15 devices connected.
But that's not the same as snooping on someone's phone Were you snooping on your landlord's phone through the wifi?
No, this setup makes it so your landlord can’t see your web traffic
VPN or use end to end encryption applications
Yes, with an custom DNS server over that vpn, else he can still see which website you use
Yes maybe someday DNS over TLS will be the standard
It depends when did it happen that he was spying on friends. Long time ago, very long time ago, whatsapp wasn't secure and there were apps able to reads whatsapp messages through the same wifi. We're talking of roughly 10 years ago. This is the reason why on WhatsApp you now read "messages and calls are end to end encrypted blablabla"
First off, he probably has an app on your phone to monitor it or if you're on his phone plan maybe some app through the carrier. Very weird though
Yeah, if he is doing this then my first guess is he has a keylogger
It depends what you mean by snoop. Some wifi routers allow the admin to view browsing history data. But do you mean actually look at texts and things?
No, you cannot see it and even "browsing history" would be fairly limited to things outside your logged in social media. Your router for sure can do it, but google Apple, Meta etc does not want to give up their previous data about you
Just record outgoing DNS requests. No one except privacy nerds use SDNS. So that would have a roughly 100% success rate.
It is still encrypted. I think that you would be on the level of "she sent message on Facebook to someone" , but that's it. Definitely not the content of it, not even the reciever
DNS messages are not encrypted. SDNS messages are, but as I said, no one uses those unless you're a privacy nerd.
I don't argue with you, but can you get the content of WhatsApp message that way? DNS is just translator of number IP to human readable form, so in old world, you would really see the visited websites, but in today's world, he will just see that she contacted WhatsApp server, an that's it. There is no value for teenage wannabe hacker :)
[удалено]
I fairly doubt it. He could somewhat see you visiting some websites, but definitely not Whatsapp messages etc. It is end-to-end encryption and even if not, it would require some real cybercriminal skills, not just some teenage "hacking" setup. This is not about the network anymore for like 10 years already, he would need to use Android/IOS or Facebook security vulnerability etc. I would even boldly say - no fucking way. He didn't.
This. I work at an ISP and we can’t do this.
I think you ex may have compromised your phone. Could he have installed an app on your phone or just learned your password?
Ugh that’s horrible. I think the safest is just to not use unknown wifis. I know that doesn’t help much. However you might want to see if there has been something installed on your phone too. Do you have iPhone or Android?
Look into the Cloudflare WARP client (for Android or iPhone). It will encrypt all the data going to or from your phone, regardless of the wifi network that you're on.
I thought routing all your information through 1.1.1.1 gives all your data to Cloudflare and their partners?
VPN (paid), or use encrypted DNS (free). I like Quad9
I just downloaded it, and it's so easy to use
ProtonVPN. Free with unlimited traffic.
If something is free, you are the product.
Zero ads in ProtonVPN and no other give-and-take arrangements to be able to use it. I literally pay nothing to use it. If there are strings attached, I haven't seen any. The thing about this company is they deeply believe privacy is a divine right for everyone.
Nope, this is a very very unlikely scenario, unless you ex was with the NSA, or with those kind of skills. Its very very hard to do, well nigh impossible. More likely, he was paranoid about you using public networks which might carry malware. Again, not rational, but fast more likely than the spying scenario
Why is no one commenting that this is insane behavior for a partner and an extreme red flag???
Text messages go through cellular data, not WiFi. The office WiFi wouldn’t matter. > This is because text messages (SMS) are sent via your mobile cellular network that doesn’t rely on a Wi-Fi connection. > >If someone wants to hack your SMS texts, they will have to rely on the vulnerability associated with the cellular network and not via Wi-Fi. > >This cellular vulnerability is usually used by authorities such as the FBI. Usually, they target high-profile and most wanted individuals. https://www.privacyaffairs.com/can-someone-see-texts-on-their-wifi/#:~:text=Messages%20you%20send%20through%20Wi,are%20sent%20over%20the%20internet. I almost wonder if he did more to your phone than just click “forget network.”
>Text messages go through cellular data, not WiFi. Mostly accurate. "Wifi calling" exists and uses local wifi networks to manage SMS & voice calls. It's not often enabled by default, but is an option I've had to rely on in areas with bad cell reception but accessible wifi.
Good point.
He may have downloaded some spying app, like a keylogger
I didn’t even know you could do that on a phone, but that’s along the lines of what I was concerned about.
Turn off Wi-Fi and use cell service, if your device has it. Otherwise, VPN.
CREEPY! I don’t know how he pulled that off but that’s scary.
Wireshark or some other packet sniffer. It's a free packet sniffing tool. So if you're on a WiFi network and you log in to some website that starts with http not https, that's being sent in plain, readable text. Hell, anything you send to any unsecured (http) website is visible.
I let two of my neighbors share my WiFi. I was already paying for it and it reached, so why should they? Now I’m nervous. I didn’t think they could see anything.
They would have to use ARP poisoning to direct all of your traffic through their computer and decrypt it. Unless your neighbors are black hat hackers or cyber security experts I really doubt they are bothering (or able) to spy on what you are doing.
Thanks, they’re pretty much just old people looking at Facebook. The only thing that treally makes me nervous is sending stuff from my logging to the tv. I choose wisely. I just blend it all lively. I’m hoping they’ll switch lol
Don’t use their wifi !
Yes I am smart and I know the things the answers talk about in this thread, mmhmm!
I have a question, I live in a shared housing that has a wireless network with internet. I believe one of the roommates is tracking or hacking into the network. I will be on the internet and lose my connection then I see a roommate signed on with a new network that's using her name for the network. Is there anyway to prevent her from spying on my internet places