OS 9.1 in homogenous home network

[CC_333]

We do have choices. Android is complete shit - it's just like Windows environments on a phone. Google app stores blindly accept anything, and privacy controls are horrible. Choose a non-Android, which today means getting an iPhone. More choices would be nice, but we're stuck in a captive market.

This is true. However, the only way, it seems, we can block say, for instance, tracking-by-credit card, is by simply not having a credit card, which is severely limiting nowadays, given that most online services pretty much require them.

Smart TVs are horrible, but you can simply not connect them to the Internet. Really, that's all. Just don't connect them. Read up about video streaming devices and buy one you like. For instance, Roku seems OK. AppleTV seems OK. Amazon Fire and Google Chromecast? Completely and provably evil. Let your Roku or AppleTV get Internet, but not your smart TV.

Yeah, that's easy enough. Simply don't connect them to the internet. However, and I'm not sure if this is true, there is this annoying trend where sometimes an app or device, if it detect that it's out of date, will actually shut itself down and won't let the user do anything until it gets updated to the newest version. Do "smart" TVs do this? Even if they do, I suppose it'd be moot as long as it doesn't see the internet.

Don't buy a Ring. Don't buy a camera that uploads to the "cloud". Don't download and indiscriminately run apps without seeing what permissions they want, and turn off all permissions unless they make sense. Don't buy or accept as a gift an Alexa device, or enable Cortana, or whatever Google is trying to spread. Be suspicious of anything with the word "cloud" in it - assume it means that any data put in the "cloud" is accessible to anyone who's motivated, whether that's nation-states or marketing companies.

Absolutely not! I think those internet connected cameras, smart speakers, thermostats, and other IoT devices and appliances, while they are an interesting and novel idea, are not only a blatant invasion of privacy rights, but also a big red flag from a security standpoint, because it provides all kinds of exciting hacking opportunities that wouldn't otherwise exist.

And self-driving cars? I shudder to think of what kinds of messes that could cause. There is no known system that either a talented hacker or team of hackers can't find a way into, and so I can envision a time where everyone is "driving" these self-driving cars, and then suddenly, at peak rush hour, some hacker breaks into the central control network and instructs all the cars to crash into one another. This is a rather dystopian example I'll admit, but the theoretical possibility of something like this happening, however remote, can't be ignored.

Sure, we can't help satellite surveillance, but we can take control over our devices and networks.

Yep.

And install a DNS server

Right

So, how does one go about setting one up?

c

 

[johnklos]

For some people, a Pi-hole instance on a Raspberry Pi should be good, but it seems that nobody makes a simple, ready to go image.

I'll make a NetBSD image for any 32 bit Pi that will boot, get an IP from the local DHCP server, then run a recursive resolver with proper DNSSEC validation. You'd then point DNS for your local devices to the Pi's address, or you'd reconfigure your DHCP server to give out the Pi's address as the DNS server.

For the use that started this thread, it's really simple to add a zone for your own hostnames, so I'll include an example zone.

I'll work on that a bit tomorrow.

 

[cheesestraws]

Well this thread has thoroughly derailed itself .

DNS over HTTPS to CloudFlare's secure DNS servers

As someone who used to work for a series of ISPs and now works (roughly) in the CDN space, I would trust ISPs an order of magnitude more than I trust Cloudflare.  DNS over HTTP was not designed so that your ISP could *not* snoop on your DNS, but so that CloudFlare *could*.  Personally I'd go with something dead simple for LAN DNS and just forward on everything else preferably with DNSSEC (which I have reluctantly come around to).

Better yet, set up a Pi with Pi-hole, which filters out looks for advertising (I highly recommend it).  You can also add some LAN DNS to the setup:

This isn't so much feature creep, given the initial post of the thread, as a complete Coplanding of proceedings.  I suspect anyone who is running the collection of hardware/software that the OP is running and who knows about NIS is probably entirely capable of running their own DNS infrastructure if they wanted to.  Not wanting to is an entirely reasonable life choice.

 

[Cory5412]

if that were a real concern, we'd all be encouraged to use VPNs everywhere, and when some large company stands to make money doing that without breaking Netflix, that encouragement will come

Incidentally, I see VPN advertisements all over semi-technical (gamer stuff, some mac-focused channels) youtube, and I've even seen/heard-of ads on TV. I also regularly see people comment with things like "but it's fine, I'm using a VPN" and the like, For as much of a bummer as this is, I think it's fair to say that there is money in the "grifters sell you a VPN" market.

I'm also in the "I don't really believe my ISP has the technology or know-how to successfully ad-track me" camp but there are a few US ISPs that have said they can, one of them even started a deal where they had a special promotional rate on a speed package if you agreed to be tracked. (AT&T, in particular, with one of their fiber products, I don't know if it's universal or if it was one or two markets.)

Absolutely not! I think those internet connected cameras, smart speakers, thermostats, and other IoT devices and appliances

Quick note:

The reasons any given one of these things is a bad idea are largely unique to the particular device.

Ring, in particular, is bad because they sell access to footage from your front door to the local police departments.

Which is different from the potential security risk posed by, say, a thermostat or a smart speaker, which themselves are different from the risk posed, say, by an unpatched home router or an unpatched desktop or server system.

For the most part, IOT devices' threat to your network isn't any different from the threat of a Windows XP box or an old router that hasn't been patched in a while. It's a device making HTTP requests and there's the potential that it can be compromised.

Enthusiast-grade LAN systems are starting to feature VLANs, and that's one way to separate IOT devices (and appliances you don't trust) from your regular home Internet traffic, and something from, say, Unifi seems so far more likely to receive security updates for longer than your average retail home networking gear. Building your own is another option.

But, I want to pretty explicitly caution against talking about the security risks of IOT devices without thinking about the security risks of bigger, more capable, and much more performant computational devices left online using insecure/unpatched software.

The main difference, of course, would be that we can craft firewall rules to disallow traffic to/from the outside and, say, an OS X 10.6 box or a Windows XP box, where an IOT device is going to be pretty explicitly designed to talk to the outside. (Which is to say, they're both threats that need to be considered, even if the consideration is different.)

I'm not sure if this is true, there is this annoying trend where sometimes an app or device, if it detect that it's out of date, will actually shut itself down and won't let the user do anything until it gets updated to the newest version.

I'm curious to hear more about this, because I've never heard about this being a real thing.

Please consider finding out whether or not there are literally any documented instances of this and reporting back. I'd love to hear more.

Another option, regarding smart TVs, depending on the size range you want, is to use a computer monitor instead of a TV set. There are a couple 24-27-inch Dell UltraSharp displays that have audio output for the HDMI connectors, for example, so if you didn't need surround sound (or: your source hit an amplifier before it hit the display) you could use that as a display for whatever streaming device, computer, or TV/cable box you were using.

However, the only way, it seems, we can block say, for instance, tracking-by-credit card, is by simply not having a credit card,

I'm extremely curious as to what you mean by this.

Incidentally, there are services that let you spin up additional account numbers, but the main use case there is to safegaurd against a particular vendor having its information dumped. (i.e. you pre-authorized a charge of $50 to a temporary card number for something from a store that looked bad, to avoid sharing your "real" credit number, or worse, a debit card number, with an un-trustworthy vendor.

However, I feel the writing is on the wall on this one, as the likes of Google and Facebook will likely force the whole industry to switch to it (as they appear to have done with HTTPS and TLS1.2+, a move ostensibly done to promote better security).

Gonna argue that of all the things Google et al have done to make computing more annoying for people with technical know-how, these particular things are among the least bad. Arguably, good even. The browser vendors marked older SSL standards as deprecated or less secure for good reason, mostly that it's possible to brute force that type of encryption. If you look around, that kind of thing isn't uncommon. SMB1 is well and dead within Windows, yuo have to dig pretty hard to be able to get to it and turn it back on, and SSH servers and clients have by default moved to stronger algorithms and ciphers. That's all in addition to things like pulling plain FTP and telnet servers out of things, where possible.

Those changes all make really long-term inter-operability slightly more difficult, but they make things much more secure for everyone else.

In addition, it's not impossible to re-add/re-enable support for older less secure technologies in lots of scenarios. It's a bad idea, but it can usually be done if there's some reason to.

*(Incidentally has anyone heard of any effort on an updated build of MacSSH?)

So like, I would argue that the "ostensibly" isn't merited here, for a lot of these kinds of changes.

Perhaps the only one I'll really agree with is the move toward demoting HTTP-only results of plain web sites with no interactivity or login. That feels punitive, especially in an environment where people using hosting services generating an SSL certificate for you doesn't appear to be a given.

 

[pcamen]

Perhaps the only one I'll really agree with is the move toward demoting HTTP-only results of plain web sites with no interactivity or login. That feels punitive, especially in an environment where people using hosting services generating an SSL certificate for you doesn't appear to be a given.

Yes, exactly, it penalizes the less sophisticated people adding content to the web, like individual bloggers and individual e-commerce website owners (like me).  It is a constant battle to overcome this stuff.  One week it is responsive sites the next it is https and then it is single page applications.  I spend way too much money on keeping up with that stuff for the amount of sales I have.

However, the only way, it seems, we can block say, for instance, tracking-by-credit card, is by simply not having a credit card,

For me it's like with a VPN service.  I use a VPN service when I want stuff to be anonymous, like torrenting.  Otherwise, if I don't care to as much of a degree, I just use my normal browsers in non-incognito mode. 

Same with credit card.  If it is something I'd rather not have tracked, I pay cash. 

Smart TVs are horrible, but you can simply not connect them to the Internet. Really, that's all. Just don't connect them.

Yes, exactly. That's what I do.  My AV guy is telling me how good the apps are but I still say, no way, it's just the Apple TV for me. 

Now imagine the end result: Every application can, and does, use DoH instead of OS level resolution. Resolvers can be anywhere, such as random addresses all throughout Amazon AWS or other "clouds". Now how do you stop anyone from exchanging anything with anyone? How do we stop a virus or Trojan from sending captured files, credentials, video, audio, whatever? We can't. TCP-over-DNS can run just fine over DoH, so DoH represents an unblockable way to have two-way traffic that can't be examined and can't easily be blocked, because it's indiscernible from normal https traffic.

I don't see how DNS over a secure connection makes this any worse.

Right now the DNS queries go to my own local DNS server / Pi-Hole setup, and then from there they go to the secure DNS provider of my choice.  If a trojan is using a normal DNS lookup, I'll have it in my Pi-Hole logs.

If they aren't, then they are using an IP address for a DNS lookup which is no worse than doing anything with any IP address like they already do.  By keeping the HTTPS between my resolver and the DNS service of my choice, I still get transparency within my own LAN. 

I haven't heard of browser vendors like Google and Firefox talking about DoH that you can't turn off.  Unless I missed that. 

 

[CC_333]

Smart TVs are horrible, but you can simply not connect them to the Internet. Really, that's all. Just don't connect them.

Proper attribution for this quote goes to @johnklos , not me The sentiment, however, is the same.

I'm not sure if this is true, there is this annoying trend where sometimes an app or device, if it detect that it's out of date, will actually shut itself down and won't let the user do anything until it gets updated to the newest version.

I'm curious to hear more about this, because I've never heard about this being a real thing.

Please consider finding out whether or not there are literally any documented instances of this and reporting back. I'd love to hear more.

Of course. I apologize for posting such an unsubstantiated statement. There are no big, obvious instances of this occurring that I know of; the only one's I've seen are where some iOS apps refuse to work when they detect that they're out of date (a fair precaution, I suppose, as an older version will have security vulnerabilities).

However, the only way, it seems, we can block say, for instance, tracking-by-credit card, is by simply not having a credit card,

I'm extremely curious as to what you mean by this.

Incidentally, there are services that let you spin up additional account numbers, but the main use case there is to safegaurd against a particular vendor having its information dumped. (i.e. you pre-authorized a charge of $50 to a temporary card number for something from a store that looked bad, to avoid sharing your "real" credit number, or worse, a debit card number, with an un-trustworthy vendor. 

This statement is based on this article, which makes sense to me.

c

 

[johnklos]

I don't see how DNS over a secure connection makes this any worse.

Right now the DNS queries go to my own local DNS server / Pi-Hole setup, and then from there they go to the secure DNS provider of my choice.  If a trojan is using a normal DNS lookup, I'll have it in my Pi-Hole logs.

I have no problem with that. My problem with DoH is that when applications, not OSes, not resolvers, do DoH, we won't be able to see lookups, nor will be able to block them easily.

Right now, on most of the networks I administer, all attempts to connect to port 53 anywhere on the Internet are redirected to the local resolver. This is so that things like split DNS work regardless of whether 8.8.8.8 is hardcoded in to Android phones & apps or put there by people intentionally. When you have 100 people in the office who're bringing their own phones to work and their work laptops home, you can't easily go and reset everyone's DNS for them.

With DoH in applications, that will become extremely difficult if not impossible.

 

[johnklos]

I suspect anyone who is running the collection of hardware/software that the OP is running and who knows about NIS is probably entirely capable of running their own DNS infrastructure if they wanted to.  Not wanting to is an entirely reasonable life choice.

I absolutely agree. Sometimes, though, it's more about how to do something that's not necessarily interesting to you easily, quickly and cheaply. I'll ask for a few test volunteers for a simple Raspberry Pi image soon.

 

[Cory5412]

.

on most of the networks I administer, all attempts to connect to port 53 anywhere on the Internet are redirected to the local resolver

That's definitely a neat trick and would fix a lot of errors I (used to, at least) see where someone can't find an on-site server (for ex. the NAC or the network registration system) because their DNS queries aren't completed and/or because that system isn't in public DNS. Probably beyond the needs of most home networks, but worth investigating in an SMB scenario where you wanted some more control of people on-site or needed to show a NAC/registration page.

the only one's I've seen are where some iOS apps refuse to work when they detect that they're out of date (a fair precaution, I suppose, as an older version will have security vulnerabilities).

Ah. I'm curious as to what kinds of apps you've seen that on. I've only seen it in games and it typically happens when the game's features have changed enough that it doesn't make sense, because these are online/multiplayer games, to be playing the old version.

World of Warcraft has been doing that since like 2004. (There's typically an allowance of a couple sub-versions, but IME as of ~2015 or so you're always running the latest program version, even if you're not running the latest content expansion.)

It would arguably be a big story if TVs start doing it, but that kind of thing has to come from the factory that way, so I kind of suspect it won't, but we'll see. I've kind of suspected lots of things over the years.

This statement is based on this article, which makes sense to me.

Ah, so, the normal "the payment card industry is very open to sharing with advertisers" stuff. That kind of capability is more or less something that's been around since credit cards have, although I'd agree that it's probably been in the last ~20 years that it's really taken off to sell analyzing or extending a particular vendor or card issuer's copy of that data. 

I hate to suggest outright undue worry but the solution here isn't to use cash, it's arguably to push legislators to do a better job of regulating the financial interest. Something requiring account issuers of all types to act in fiduciary interest of the account holder (and giving an appropriate agency or set of agencies enforcement powers with real teeth) would likely go a long way to solving a couple different problems.

In some countries, nationalized payment/banking services are available through the post office. USPS OIG has actually reported on its potential to do that and they're pretty optimistic they could do a good job, if allowed. There's some other bad regulations USPS is under that should arguably be revised before moving forward on that, but it could create a financial services company with a responsibility  to act in its customers interest. (Or: whose customers aren't advertisers.)

(Calling back to the original issue of networking: the post office wouldn't be a bad place to put all the telcos either either, some countries have or have had their post office and telecoms providers co-convened. Japan and England went Full TA1996 and split their nationalized telcos into infrastructure and services providers, with the infrastructure providers being required to allow open access to the network using PPPoE (or similar) so there wasn't a need to install duplicate physical lines and datacenter hardware. In the US, TA1996 still applies except in a case where the provider has managed to get it re-classified as an entertainment service and then uses an auth/access system that doesn't easily allow for third party ISPs. A similar model to look at in the USA would be UTOPIA in Utah.)