Networking and privacy query

LewieP

A friend of mine believes he may have had some sort of invasion of privacy, but is not certain. I'm not sure if what he is suggesting might have happened is technically possible, but I bet the hivemind of H/A knows.

Lets say Person A is visiting Person B's house. Person A has brought their own laptop with them, which Person B does not have any access too.

Is it at all possible for Person B, who runs the wireless network, to keep a record of Person A's browsing history without even having access to the laptop, just using the router and their own computer?

Echo

Yes.

CrystalMethodist

http://www.wireshark.org/

as long as they can connect to the same wireless network.

LewieP

Particularly easy to do?

japan

Not necessarily trivial, but easy enough it could be distilled into a step-by-step guide that wouldn't give a competent computer user much difficulty.

LewieP

Ok.

Well, I am guessing that is what has happened then. Given the circumstances that is the most likely explanation.

Bloody hell, that's bad (it is somewhere that he certainly should have expected to have some privacy).

Cheers guys.


Edit: One more thing, is this the type of thing that could be bypassed by a chrome incognito window?

Echo

LewieP wrote: »

Edit: One more thing, is this the type of thing that could be bypassed by a chrome incognito window?

No.

LewieP

Damn.

Cheers anyway.

japan

To defend against something like this, it would take something like Tor to disguise the destination of traffic originating at the machine, and a full-blown VPN to completely disguise the nature of the traffic.

For future reference, Hotspot Shield or similar can defend against surveillance by whoever controls the access point.

Daenris

LewieP wrote: »

Bloody hell, that's bad (it is somewhere that he certainly should have expected to have some privacy).

I'd just like to add that if you're using someone else's wireless network, you should never have an expectation of privacy.

Sir Carcass

Daenris wrote: »

LewieP wrote: »

Bloody hell, that's bad (it is somewhere that he certainly should have expected to have some privacy).

I'd just like to add that if you're using someone else's wireless network, you should never have an expectation of privacy.

I'm not really sure of the nature of the situation, but this. They shouldn't be able to grab passwords and the like, but if you're on someone's network, you shouldn't be going to websites you wouldn't want them knowing about.

vonPoonBurGer

Daenris wrote: »

LewieP wrote: »

Bloody hell, that's bad (it is somewhere that he certainly should have expected to have some privacy).

I'd just like to add that if you're using someone else's wireless network, you should never have an expectation of privacy.

Exactly. It's just like surfing at work. You're using someone else's equipment to access the internet, there's very little technical limitation on how much detail they can gather on your surfing habits, and absolutely no legal limitation on their ability to gather that data.

If person A and person B were friends, this would still be kind of a dick move on B's part to be so snoopy. I mean, it's not like all that logging and data gathering happens automatically, you usually need to spend some time and effort to set up things like that, especially on consumer grade hardware.

LewieP

I guess it's to do with the specifics of the scenario, it's somewhere that there is some implicate trust. It's also about what the have done afterwards once they have snooped the personal stuff.

LewieP

Oh, what about the content of MSN Messenger conversations? Is that stuff safe.

necroSYS

LewieP wrote: »

Oh, what about the content of MSN Messenger conversations? Is that stuff safe.

UDP packets with plain text contents, so no.

necroSYS

Man, it gets harder and harder not to use the "How about No?" bear all the time.

vonPoonBurGer

And then follow it up with some bears repeating.

JohnnyCache

LewieP wrote: »

Oh, what about the content of MSN Messenger conversations? Is that stuff safe.

It's the least safe shit ever.

CrystalMethodist

Seriously, download Wireshark and run it on your local network in promiscuous mode.

You see EVERYTHING. Try it at a Starbucks and read everyone's IMs...

Thomamelas

Unless you are using a VPN, you should assume any traffic you send over a network can be decoded and read. It's not always true but it's a good policy to work with.

Try it at a Starbucks and read everyone's IMs...

And commit a felony. There are exceptions in the law that allow for network admins to run packet sniffers on their own network to monitor their services. Wandering into a Starbucks and reading people's IM's doesn't count under that exception. If you want to set up a network and test it, do it at home on a network you maintain. That's legal and will accomplish the same thing.

JoeUser

LewieP wrote: »

Oh, what about the content of MSN Messenger conversations? Is that stuff safe.

By itself it's not safe, but luckily there are some IM encrypting programs.

Simp Lite from Secway is a neat free program, but it only works if you and your contact both use it.

underdonk

Thomamelas wrote: »

And commit a felony. There are exceptions in the law that allow for network admins to run packet sniffers on their own network to monitor their services. Wandering into a Starbucks and reading people's IM's doesn't count under that exception. If you want to set up a network and test it, do it at home on a network you maintain. That's legal and will accomplish the same thing.

What country are you from? Can you please cite a specific law? In the US, it's legal (and unpreventable) to receive any signal broadcast over the air. What you do with the data you've received once you have it is another matter entirely. So if you're really worried about your privacy in a situation such as this it's simply a matter of using something like an onion routing system. I would mention names, but it's againsT the rules of the fOrum to discuss those types of seRvices.

Echo

ITT underdonk tries to be clever.

underdonk

ITT Echo forgets he's not on Twitter.

Thomamelas

The US. The law in question is the Wiretap Act. Specifically the amendments made to it by the ECPA. You aren't allowed to intercept the contents of electronic communications except as required for normal maintenance to the network. It's one of the reasons why promiscuous modes for networking cards are generally disabled by default. So while you you may receive the packets via radio legally, viewing the contents of them isn't legal because the header of the packet points out that it's not for you.

underdonk

Thomamelas wrote: »

The US. The law in question is the Wiretap Act. Specifically the amendments made to it by the ECPA. You aren't allowed to intercept the contents of electronic communications except as required for normal maintenance to the network. It's one of the reasons why promiscuous modes for networking cards are generally disabled by default. So while you you may receive the packets via radio legally, viewing the contents of them isn't legal because the header of the packet points out that it's not for you.

That's exactly what I said.

underdonk wrote:

In the US, it's legal (and unpreventable) to receive any signal broadcast over the air. What you do with the data you've received once you have it is another matter entirely.

So here's the conundrum. How do you know whether or not you can look at the packet unless you look at the packet to see who it is destined for?

Thomamelas

underdonk wrote: »

Thomamelas wrote: »

The US. The law in question is the Wiretap Act. Specifically the amendments made to it by the ECPA. You aren't allowed to intercept the contents of electronic communications except as required for normal maintenance to the network. It's one of the reasons why promiscuous modes for networking cards are generally disabled by default. So while you you may receive the packets via radio legally, viewing the contents of them isn't legal because the header of the packet points out that it's not for you.

That's exactly what I said.

underdonk wrote:

In the US, it's legal (and unpreventable) to receive any signal broadcast over the air. What you do with the data you've received once you have it is another matter entirely.

So here's the conundrum. How do you know whether or not you can look at the packet unless you look at the packet to see who it is destined for?

Because the header of the packet states who it's addressed to. It's the same logic that looking at the address of an envelop doesn't make you guilty of tampering with someone's mail. You noticed I didn't say anything in my original post about receiving packets. If you go read my post, you'll note I was very clear to use an example of reading content. Or was your original post attempting to make some sort of argument that receiving the packet means you have a legal right to it?

underdonk

Thomamelas wrote: »

Because the header of the packet states who it's addressed to. It's the same logic that looking at the address of an envelop doesn't make you guilty of tampering with someone's mail. You noticed I didn't say anything in my original post about receiving packets. If you go read my post, you'll note I was very clear to use an example of reading content.

The Wiretap Act nor the ECPA make any differentiation between "headers" and "data". To date, there's not enough case law to provide any real guidance.

Thomamelas wrote: »

Or was your original post attempting to make some sort of argument that receiving the packet means you have a legal right to it?

No.

Echo

underdonk wrote: »

ITT Echo forgets he's not on Twitter.

Actually, that was me as a moderator telling you to knock it off with the Prime Minister bullshit.

Thanatos

Any further posts going off the topic of what is being asked are going to be infracted.

Also, while possibly a legal grey area, telling people how to intercept data other people believe to be private is skeevy, and also going to get you infracted.

LewieP

It's also not particularly helpful to me.

I'm pretty sure we are done here, thanks guys. Feel free to lock.