Is using the router and modem my cable company provided for my internet putting my privacy at risk? And if so, I have heard of openWRT routers but it seems like there’s quite a bit of a learning curve with that but even if I got one would I need a non cable company branded modem as well? Any specifically that anyone here would recommend?
Tl;Dr: screw ISP modems. If cash is tight, go with a 3rd party router you can slap ddwrt/openwrt. If you’ve got some money and time, go with something a little more robust.
Modems aren’t really a big deal, all they really are is an interface to the cable system’s RF signaling, as well as subscription enforcement (speeds, if you paid your bill, etc). Any thing leaving your router is going to be seen by the ISP either there or at the headend, so it doesn’t really matter. They make 3rd party modems, but performance increases may be minimal.
Routers on the other hand, I wouldn’t trust their gear as far as I could throw it. Perhaps I have a tinfoil hat on, but I wouldn’t put it past them to log all traffic before it hits my VPN and phone home, let alone hold and handle my configuration correctly (looking directly at you, Spectrum). I recently got Frontier fiber and they provided an Eero router, and I don’t care for that thing (primarily because they’re owned by Amazon, and I don’t trust Amazon even more than my ISP). For my networks, I pass all traffic through a VPN on the router level so that all my ISP sees is a big blob of encrypted blah (with the exception of streaming apps, whom are isolated on their own network with very strict firewall rules and are not allowed anywhere near my trusted network, only because some get cranky when used over a VPN and they’re data vacuums). Additionally, ISP-provided routers have a tendency to lack configuration options, even port-forwarding (useful for gaming, servers, etc). Not entirely sure where your networking skills are at, but I’m guessing you might have some basic familiarity given that you’re here and asking.
Most 3rd party routers will give you better performance and configuration options than your ISPs nonsense, and maybe a better degree of privacy (though maybe not). If privacy is your concern, all your traffic needs to be encrypted out of your router through a trustworthy VPN, and steps on your local network need to be taken to ensure that traffic is handled appropriately. Do your research on the brand and company of any gear you’re looking to buy, and make sure they line up with what you’re looking for.
I haven’t messed with dd-wrt/openwrt in probably 10+ years, but they were a great option for consumer-grade hardware back in the day, and I’d hope they still are. The software simply did it’s job of routing packets and that was it, no shenanigans. There is a bit of technical knowhow involved, but their guides were great and very thorough. As long as you understand basic networking concepts, it should be reasonably straightforward to set up a basic network.
If you have the money and time to learn, I’m personally a fan of Ubiquiti (when I’m paying for it) and Ruckus (when a client/someone else is paying for it). These are much more involved networking hardware companies and there is a good sized learning curve (and cost), but if you want something to play with and a streamlined network, they’re awesome. Ubiquiti has a pretty decent wizard to get a basic network going, and from there you can mess with it at your leisure. Their Dream Machine (UDM) is a great all-in-one router/wifi AP, but it’s also almost $300, depending on your money situation.
Dude thanks for sharing, I’ll be sure to check out more into Ubiquiti devices. Any suggestions on VPN providers?
Mullvad is very nice
No worries. Be warned, their customer support is absolutely non-existent. For VPNs, Mullvad.
Would using something like a Glinet Beryl travel router increase privacy in this scenario if you just used WiFi repeater mode and only connected to that router or would your cable provided router still be able to decrypt all of your traffic due to being unable to change their DNS settings? To be honest I know very little about networking I just want to increase my privacy to the fullest extent possible
I would hardwire that Beryl unit to your ISP’s router (Beryl WAN to ISP Lan, or even just skip the ISP’s router entirely and plug the Beryl into the modem) and pretend their wifi doesn’t exist. Do you have physical access to the network gear and/or roommates that might be weirdos about it?
I did hardwire it to the modem and it’s been awesome once I figured out what I was doing lol thank you so much for all of your help! Someone else mentioned changing the DNS settings is important for privacy, would you recommend to edit the Netmask and Gateway as well (I’m just using the same ones the ISP gave me in DHCP) or is changing the DNS enough?
Changing DNS is a good idea, but leave the netmask and gateway alone.
Where do you live? Whether you can use your own modem or not may differ. What the isp can or must do differs too.
I’ll interpret “privacy at risk” as normal user privacy, with responses reasonable for normal citizens in a western/EU region (I can’t confidently speak for others).
A modem is usually a “stupid” device or component. It is configured for the adequate transmission settings. It’s not a concern.
The router is often rented and managed (and updated) by the isp. Replacing it with your own, a bought product not from the isp, and managing it yourself is a reasonable and relatively simple thing to do. I wouldn’t call it necessary. It’s the extra with extra effort. Installing your own open firmware is extra extra.
The simplest, most effective thing you can do for privacy is change the dns server of your devices. Instead of using your default routers isp provided one, use a privacy focused/mindful one. You can use one that does not resolve ad hostnames for additional significant benefit.
When you don’t use the isp dns and use secure connections the isp already has no open protocol to snoop through. If they or another party at their endpoint wanted to snoop they can only use IP addresses which may vary in usefulness or attempt other more sophisticated tracking and analysis. A VPN would hide even the IP addressing - which is usually not necessary.
The simplest, most effective thing you can do for privacy is change the dns server of your devices.
This can be the reason to switch router, my ISP delivered router doesn’t allow me to change DNS delivered by DHCP or DNS used by the router. If I must setup my own DHCP server I might as well setup an opnsense and add crowdsec/suricata or zenarmor.
Is editing the DNS settings enough or do I need to edit the Netmask and Gateway that were provided by the ISP as well? Also in order for me to change the DNS settings I had to set up a static IP address, is this still a private setup?
When you talk about network setup and IP addresses you have to differentiate between your local network (between your end devices and router) and the “outside”. Your devices connect to the internet through the router.
The IP gateway setting is your end device setting of which gateway to send packets through. You set it to your router. Whether this is done automatically (via “DHCP”) or not doesn’t make a difference in the end.
The netmask defines the network address space size. It’s also something you don’t need to change to set/change a DNS.
Where did you try to change the DNS setting? On your end devices would be enough. On your router it should also be a simple setting independent of other and of IP settings. (If the router allows configuration of it.)
(Did you set a static IP on your router, facing your local network, or the internet (would have to be provided by the ISP), or your end device within the local network (this is not necessary for DNS)? Either way I don’t see why it would be necessary to set a static IP address anywhere.)
For privacy, any ISP can technically see everything you do online including phone using wi-fi unless a device or syatem uses a VPN, Tor, or i2p, but that does not mean the ISP is keeping records of what an account does online. They may have no interest.
For security, you definitely need your own router. If you can build a system to use as a router running OpenBSD or pfSense, at leaat use a router with open source firmware so your router traffic is not going to someone else and an open source router will give you a lot more extensive network functionalities.
For privacy, any ISP can technically see everything you do online including phone using wi-fi unless a device or syatem uses a VPN, Tor, or i2p, but that does not mean the ISP is keeping records of what an account does online. They may have no interest.
Not really correct. The ISP can see which sites you are visiting but thanks to https not what you are doing on it.
Just use OpenWRT. It supports about 1600 devices and is secure by default (low attack surface due to minimal design and hardened kernel)
I use OpenWRT and I love the ability to tightly control my network. It also has very good performance.
With that being said, if you don’t have a good familiarity with Linux and Networking it could be a struggle for the more advanced functionally. If you’re just a average home user you can flash it and then go to wireless and create a new wireless network. Luci shows network hardware that’s available to it so you may need to look up which one is the 5Ghz band and which one is the 2.5 GHz band.
Another thing, make sure you get on the OpenWRT security mailing list. Its fairly rare for a security issue to affect OpenWRT but when it does it will require a manual update. If you want to upgrade your device to the latest update that also is a manual process.
It’s been a long time since I had cable but at the time I bought a modem because I could get a really good one and not paying the cable company’s rental fee for a modem, it paid for itself in about a year or so. I seem to remember that the cable company still took control of updating firmware and such on it, though, to maintain compatibility. So I don’t know if it buys you much from a security standpoint, but that’s also an area where I have no expertise.
When it comes to privacy (and also security), using a router provided by the cable company is a concern, because that router can see and access all devices on your local network and you can’t be sure that security issues are patched in a timely fashion if ever… Using a modem provided by the cable company on the other hand is not much of an issue, because you have to trust the company anyway, when it comes to your traffic to/from the Internet. These days most of the Internet traffic is encrypted (except DNS, which is often still unencrypted), so that is not a big deal. Of course there can be other reasons to use a different modem.
In either case, it makes sense to switch to a non-ISP DNS server, preferably an encrypted one (DNS-over-TLS or DNS-over-HTTPS), so the ISP can’t see which websites you are accessing.
Apart from just privacy, 3rd party routers offer way more features and customisation especially if they can also run 3rd party router software.