We deep dive into the world of Chromebooks and find an answer to the question : Can you survive on a Chromebook. We walk you through the possibilities and limitations of the Chromebook. We enlighten you on how to use it for work, connect back to your home network and how to use your Chromebook to entertain you. If thats not enough we go beyond the design specifications and sideload Linux on your Chromebook turning into a low budget sliders dream machine. All of that and more .. in Kw905 : Life on a Chromebook. Catch the live recording of this podcast in the Youtube video below and see if you can catch Sulu the dog as our Podcast assistant.
- The Acer C730
- First impressions
- Hardware – Software
- Taking the Chromebook to work (Article)
- Using the Chromebook to entertain you (Article)
- Connecting back to your home network via a Socks5 proxy over SSH (Article)
- Dual Booting your Chromebook with Linux (Distroshare.com)
- Sideloading your Chromebook with Crouton (Youtube instruction video)
Today’s tip in our “Privacy week” is geared a little bit towards the more advanced geek .. (Who am I kidding, you are ALL advanced Geeks here). In our every lasting quest to ensure our privacy when surfing on “foreign networks” like the one at work, the one at your dorm or the free wifi hotspot at Starbucks , we try to find more ways to make sure all your web traffic is encrypted and your privacy is kept safe.
Enter SSHuttle ( NOOO , not the STAR TREK Shuttle) , A brilliant little transparent proxy application that directs ALL or PART of the network traffic from your trusty Linux or Mac machine (the laptop you use on the road) through an SSH tunnel to an SSH server of your choice (perhaps your own server at home). That way your traffic is completely (or partially) obscured from whoever is trying to sniff your traffic on an untrusted network. An added bonus is however that it is a transparent proxy ! This means your computer will actually think it is directly connected to the network where the SSH server is running. It is like running a very very very long cable through the internet straight from your machine to the network where your SSH server is located.
So let’s start cooking.
- Laptop with a version of Debian Linux installed or a Mac running a recent version of OSX.
- An SSH server. ( Follow along our VERY OLD but still accurate manual on how to setup your own Linux SSH Server)
- A static IP address for your internet connection. (Or if you have a dynamic IP you can follow along with THIS great tutorial on how to use No-IP.org)
- Forwarding the correct port on your router. (Open up the port you are using for your SSH server from your router to the IP of the machine on which you are running the SSH Server)
How to install SSHuttle on your client machine.
- Install SSHuttle on your Linux machine using the command : sudo apt-get install sshuttle
- Install SSHuttle on your Mac by first installing HOMEBREW APP. (Installation instructions) and then typing brew install sshuttle
Shuttle is simple but VERY powerful. It will create an encrypted tunnel between your laptop and the SSH server you setup at home. Depending on what kind of traffic you want to shove through that tunnel you can do different things like :
- Just tunnel your browser traffic through the tunnel,
- Shove all of your web traffic through the tunnel (including dns requests),
- Shove ALL of your traffic through the tunnel.
- Set up a “site 2 site” VPN between the network you are working on and your network at home.
- … and more crazy stuff.
So how does it work ?
Once installed using SSHuttle is pretty simple. SSHuttle works from the command line and depending on the “switches” it will do different things for you. So on your client laptop , fire up your terminal and start typing.
sshuttle --dns -r email@example.com:2222 0/0
Enter the command above to push ALL of your traffic through the SSH tunnel towards your server at home. This is the example of running a virtual network cable THROUGH the internet towards your switch at home. All of your traffic is sent through this encrypted tunnel. USERNAME = A user you have created on your SSH server at home. YOURREMOTESERVER.COM = The external ip address (or Dynamic DNS name) of your home router. 2222 = The port on which you have your SSH server running. In this example I took a non-default port.
- sshuttle -r firstname.lastname@example.org:2222 192.168.0.0/24
With this command you can create a site to site VPN. Instead of typing 0/0 is going to send ALL the traffic through the tunnel. Typing the network range of your home network (in this case 192.168.0.0) tells SShuttle to send all the traffic that needs to go to the 192.168.0.0 domain through the tunnel, while sending out the rest of your traffic through whatever network gateway you are connected to. The /24 is your subnet mask ( you know , the 255.255.255.0 subnet number of your network).
There are a lot of other switches that you can use , but if you use the two commands we mentioned above you will have a LOT of power at your fingertips. I love using the second command. It allows me to connect to the exchange server at work for my work stuff, but also lets me quickly open up the web interface of my home router (on the LAN SIDE) to do some tinkering. SSHuttle is a very very nice tool that keeps you connected .. and keeps your privacy .. private.
Find out more about SSHUTTLE in this HAK5 episode.
Who do you trust ! That is of course the main question in most of the topics of this weeks “Privacy Week” on our blog. When you connect to the internet on your tablet or mobile phone, you have a choice between different networks and carriers. You can go directly via your mobile phone’s dataplan (if you have one) or connect via Wifi. In both cases “somebody” is going to connect you to your internet. For your cell connection that will be your Telco, for your Wifi connection that will be your ISP or the kind person/company who set up the wifi hotspot you are using. The question is : Do you trust them ? As we told you in our first post : Sniffing unencrypted traffic is very very easy on a network. So when it comes to those open networks in a coffee shop, you never know who is watching. So why not “tunnel” your mobile traffic too.
Hotspot Shield VPN is my FREE application of choice. It allows you to tunnel all your traffic through their VPN tunnel and lets it emerge somewhere in the US. So anyone who wants to sniff you (either your telco, your local ISP or the dingy kid in the corner with his laptop running Wireshark) won’t be able to make out what you are doing. But because you “exit” to the internet on AnchorFree’s network (they make the app) , THEY will.
Hotspot shield VPN is free and easy to use. Its not always fast and it comes with adds. Opinions about this service might be mixed, but I regularly use it when I take my IOS or Android mobile device onto an open wifi network that I do not trust. Hotspot Shield also comes with a paid plan with “Monthly and Annual subscriptions available for faster connection, better cost savings and enhanced security. All subscriptions provide unlimited VPN bandwidth and NO ADS” So you can even pay if you want to. Keep stuff safe in a simple way, but remember that every connection (no matter if its through your ISP, the hotspot or these guys) requires ‘trust’ in whoever is carrying your data.
The TOR network, better known as “The Onion Router” network is mesh of “endpoints” all over the world, interconnected by a encrypted connections. Much like a network of Wormholes, traffic can go in on one end and leave the TOR network in a completely different (and random location) to “go on the internet.” I know some of you might be wondering what this is for, so , imagine being in China and wanting to watch something on Youtube. The Chinese government does not only block a lot of “Western” websites, it also keeps track of the traffic its citizens generate. Enter the TOR network. Using this network our Chinese Youtube enthousiasts sends his traffic through the TOR network. The actual request “emerges” onto the internet in some random country (where Youtube is not blocked) AND its encrypted along the way. So he gets to watch his favourite catvideo AND the government does not have a clue what he is doing.
So how can this work for you ? Whenever you are on a public hotspot or on a network you do not trust, you can use the TOR browser. Your browsing behaviour will not only be completely opaque to whoever is trying to watch your movement on that network , it ALSO will circumvent URL and content restrictions.. because if they look at your traffic .. they will only see an encrypted tunnel between you and whatever TOR endpoint you are connected to. Nobody can sniff you, Nobody can block you. Eat that Starbucks Script-kiddy !
The TOR browser is a “mutated version of Firefox” that lets you surf DIRECTLY on the TOR network. It is available for Windows, Linux and the Mac and is COMPLETELY PORTABLE (you don’t even have to install it). So carry it around with you on your USB stick and be absolutely sure that, next time you are logging in on that Wifi network in the Hotel Lobby .. nobody can “follow along”.