When it comes to privacy issues, the best advice is the simplest advice: Don’t mix work and play. That means no installing BitTorrent on your work laptop; no browsing for naughty things when connected to your company Wi-Fi (or VPN) and no forwarding company secrets (or inappropriate memes) using your work email. No, no, no.
These are easy rules to follow, but people still fail to follow them all the time and wind up getting fired (or worse). The situation gets a little murkier in the world of higher education, however, and we’re going back to the ivy-adorned walls of your alma mater with this week’s Tech 911 question.
How do I encrypt everything I do so my wife’s company can’t see it?
As Lifehacker reader Dean writes:
“My wife is a big shot at a university and we are moving into accommodations managed by the university and served by a university-provided internet and Wi-Fi system. I am high desirous of keeping some measure of anonymity and would like my Alexa requests, Nest camera images and browsing history private. I have heard of services like Express VPN, but would value your advice.”
The benefits and drawbacks of using a VPN for everything
I completely understand your desire for privacy. When your home internet connection is being provided by an employer—and it’s not even your job on the line—the last thing you want to do is upset the waters by running a BitTorrent, asking Alexa to play the fight song of your university’s rival or shitposting on on Reddit.
I kid, but I also recognise there are very valid reasons for wanting to conceal what you do from the company you or your partner rely on for sustenance. Unfortunately, your wife’s employer runs the internet for your entire living situation, which complicates things.
However, having worked for a well-known Silicon Valley university—as well as in the IT department of a much smaller Chicagoland university that can never manage to win a football game—I have some good news: Your university’s IT department has much better things to do than look up what you’re looking up online.
Some bored IT worker doesn’t care if you’re wasting time online (usually)
I’m assuming your wife’s university has granted you access to the internet with no strings attached or firewalls in place. That means you don’t have to log in to an account to get started, for example, nor do you have to install any certificates on your system(s) to enable Wi-Fi or Ethernet access.
If you do, then yes, your wife’s employer could see what you’re doing on those computers. Again, they probably don’t care, so long as your browsing history isn’t full of “how to make a bomb” or “kid nudez” searches. The university’s network setup could conceivably be set up to flag certain keywords and record the IP address of the requesting system, but given how many requests go through a university’s servers in a given day, I think a reasonable approach would be to flag only the most problematic and/or repeat violations of a university’s policies. That’s probably not going to apply to most people (even porn-hungry undergrads).
Otherwise, if you just have raw access to the internet—plugging your router into a university-provided Ethernet port in the wall, for example—then I wouldn’t sweat it. Your web searches should be protected by HTTPS, even though the university could still theoretically log your DNS requests to see where you’re going online. I feel like your campus IT crew has better things to do, unless you’re living at one of those ultra-right-wing universities that prohibits dancing and fun.
If you are taking about the kind of place that would expend an irrational amount of resources to ensure you aren’t streaming a show with adult content in it (or wizard swears), they’ll probably be pissed off with any measures you use to circumvent their spying; you’re better off paying for a Wi-Fi hotspot to keep your sacrilegious searches entirely off their network.
So, what about a VPN?
Your idea of using a VPN is solid; VPNs are a great way to conceal what you’re doing online. This isn’t a perfect solution in this case, however. Most consumer routers don’t come with a mechanism for routing all of your traffic through a VPN. They might offer a way for you to connect back to them—essentially creating your own VPN that you can use when you’re on the go—but that traffic ultimately goes through your ISP (your university, in this case).
Routers that can pass all of your traffic through a VPN exist, but you’ll have to make sure said router supports a “VPN client” mode, not a “VPN server” mode, which is the setup I just described. This is a feature you’ll find most often in Asus routers, but that’s not to say that there aren’t other options to explore.
Which router is the best choice? Generally speaking, I would suggest cross-referencing any “VPN client” routers you’re considering against any performance reviews you can dig ip. If you’re buying a new and potentially expensive router, you’ll want to make sure it’s at least halfway decent in terms of range and speed.
Resist the urge to buy a “VPN client” router packed with way more wireless firepower than you need, as you might be paying a premium for connectivity that doesn’t matter. Great speeds across a worse range aren’t as impressive as reasonable speeds you can use from any location in your home. If a single router you’re looking at costs more than $US200 ($314) or $US300 ($471), consider whether there’s a cheaper solution that performs nearly as well for your setup.
As a former reviewer of many routers, it pains me to give general advice instead of specific recommendations, but there simply aren’t enough people doing the right performance tests on all the routers you could potentially purchase. It’s going to take a little work to find the perfect router for you, but it’s not impossible.
Third-party firmware can give you the VPN you seek
If you can find a great router that also supports third-party firmware—DD-WRT, specifically—you can always flash the router with the new firmware to unlock its VPN client functionality. It sounds like a complicated process, but it shouldn’t be any more difficult than what you’d normally do to update a router’s firmware manually. In other words, anyone can do it. It might void your router’s warranty, however, which makes the process sound scary.
There are plenty of guides available to help you get your VPN service up and running on your DD-WRT router. Said service might even have a guide specific running DD-WRT. You’ll need to do a little digging, but it should be easy enough.
Using a VPN for everything might cause some frustration
Even if you get a VPN set up, there are a few drawbacks to your plan to run all of your traffic through one of them. For starters, using a VPN for everything might slow down your (likely very fast) connection, depending on the quality of the service you’re using. You might also encounter hiccups along the way: Your streaming service might fail to work because it detects you’re on a VPN, for example, or you might not be able to use an app to pull up your home security cameras when you’re away because you’ve locked your network down.
And if your VPN is having hiccups or connection issues, you won’t have the internet at all. I’m hoping your router is smart enough to simply deny all connections in that case, rather than simply allowing your traffic to go through as it normally would, sans VPN.
There’s a lot to think about when you’re using a VPN, let alone using one to encrypt your traffic 24/7. I’m not saying don’t do it; the sense of privacy provided might be worth a little technological discomfort. Honestly, though, I think it’s overkill.
Some better alternatives to a 24/7 VPN
What would I do? Well, I wouldn’t worry about what I tell my Amazon Echo—that’s end-to-end encrypted, and I haven’t heard of any instances of companies (or universities) breaking through to see what people are telling their smart assistants. I believe you’re similarly safe on your Nest camera. As Google told CNET:
“The information that passes between Nest Detect sensors and Nest Guard is encrypted at multiple levels, including encryption during transmission, additional encryption that’s specific to the home the products are in and encryption between our products and the cloud”
I’d be more worried about someone breaking into your Google account or exploiting a vulnerability on an unpatched camera than anything else. So that leaves us with your web traffic. I presume most of what you’re searching for online is boring; in those few instances where you’re looking up things that might get you or your wife into trouble, just use Tor.
It’s a lot easier to switch over to a private browser for a few minutes (or day) than to mess with a perma-VPN. If you need more protection than that—maybe you’re downloading BitTorrents or doing something else that the university would frown upon—sign up for a trusted VPN service and run your shenanigans through that. You only really need it for the devices you typically use for whatever it is you’re doing; devices like your smart TV, Amazon Echo and Nintendo Switch don’t need the protection of a VPN.
In fact, I feel pretty confident in saying that as long as your web traffic isn’t eating up an extreme amount of resources or otherwise forcing the university to deal with copyright takedown notices or other legal requests, your wife’s employer more than likely doesn’t care about what you do on the campus network. Running a file-sharing server for the internet at-large is a great way to get noticed; googling your kink won’t get your wife fired—so long as you’re not doing it after logging into her account, or on her work laptop, or in her campus office.
Do you have a tech question keeping you up at night? Tired of troubleshooting your Windows or Mac? Looking for advice on apps, browser extensions, or utilities to accomplish a particular task? Let us know! Tell us in the comments below or email [email protected].