this post was submitted on 17 Aug 2023
334 points (100.0% liked)

Privacy Guides

17020 readers
367 users here now

In the digital age, protecting your personal information might seem like an impossible task. We’re here to help.

This is a community for sharing news about privacy, posting information about cool privacy tools and services, and getting advice about your privacy journey.


You can subscribe to this community from any Kbin or Lemmy instance:

Learn more...


Check out our website at privacyguides.org before asking your questions here. We've tried answering the common questions and recommendations there!

Want to get involved? The website is open-source on GitHub, and your help would be appreciated!


This community is the "official" Privacy Guides community on Lemmy, which can be verified here. Other "Privacy Guides" communities on other Lemmy servers are not moderated by this team or associated with the website.


Moderation Rules:

  1. We prefer posting about open-source software whenever possible.
  2. This is not the place for self-promotion if you are not listed on privacyguides.org. If you want to be listed, make a suggestion on our forum first.
  3. No soliciting engagement: Don't ask for upvotes, follows, etc.
  4. Surveys, Fundraising, and Petitions must be pre-approved by the mod team.
  5. Be civil, no violence, hate speech. Assume people here are posting in good faith.
  6. Don't repost topics which have already been covered here.
  7. News posts must be related to privacy and security, and your post title must match the article headline exactly. Do not editorialize titles, you can post your opinions in the post body or a comment.
  8. Memes/images/video posts that could be summarized as text explanations should not be posted. Infographics and conference talks from reputable sources are acceptable.
  9. No help vampires: This is not a tech support subreddit, don't abuse our community's willingness to help. Questions related to privacy, security or privacy/security related software and their configurations are acceptable.
  10. No misinformation: Extraordinary claims must be matched with evidence.
  11. Do not post about VPNs or cryptocurrencies which are not listed on privacyguides.org. See Rule 2 for info on adding new recommendations to the website.
  12. General guides or software lists are not permitted. Original sources and research about specific topics are allowed as long as they are high quality and factual. We are not providing a platform for poorly-vetted, out-of-date or conflicting recommendations.

Additional Resources:

founded 2 years ago
MODERATORS
 

This is very troubling, and I'm not even sure where to start. I recently received an email message from my ISP which alerted me to an incoming update. I didn't worry too much since this is obviously not the first update they've ever pushed through.

However, after this update, I noticed that my guest connections and some other things had changed / disappeared. I logged on to my router, and I immediately noticed my custom password had been reset to the default. No problem, I entered it.

At this point, I saw that all of my options were greyed out. I could change the password, which I did, but nothing else. I immediately called my ISP.

I was told that I would have to use their app now, so as much as I dislike using proprietary phone apps, I conceded and installed the app through the Play store.

However, the agent was not entirely honest with me. I still can't bifurcate my 2.4g and 5g connections, nor can I add or remove any guest connections. I immediately enabled "privacy mode" via the app, which purportedly prevents information from being collected by something called "HomePass," and I "Delete[d] Guard events" whatever the hell that means, but this seems really troubling. I can no longer access my modem/router settings via the normal interface, but have to use an Android app?

There is only one other ISP in my area. They have much worse/slower service, but should I switch, or is this just the "new normal"? Does what I'm describing even make sense? I'm not a tech expert, but I feel like I've self-taught myself how to navigate these settings, and learned from others in online forums, but now ... an Android app?

I'd appreciate any advice. I'd even be willing to purchase my own modem/router instead of using the one from my ISP, if that fixes this mess.

Edit: So I need my own router, at least. I did some research, and these are the ones I can get locally that are within my budget:

  • TP-Link Archer AC1900 Dual-Band Mu-Mimo Wi-Fi Router with Gigabit Port

  • Linksys AC1200 Dual Band WiFi 5 Router

  • TP-Link Archer AX1500 WiFi 6 Dual-Band Wireless Router | up to 1.5 Gbps Speeds

  • TP-Link Archer C54 | AC1200 MU-MIMO Dual-Band WiFi Router

  • NETGEAR - Nighthawk AC1900 WiFi Router, 1.9Gbps (R6900) I’VE BEEN WARNED AGAINST NETGEAR THOUGH IN OTHER FORUMS

  • TP-Link | AX1800 4 Stream Dual-Band WiFi 6 Wireless Router | up to 1.8 Gbps Speeds

  • TP-Link Archer AX3000 | 4 Stream Dual-Band WiFi 6 Wireless Router | up to 3 Gbps Speeds

  • Linksys E7350 AX1800 Wi-Fi 6 Wireless Router

Am I right in thinking the TP-Link AX3000 is best?

Edit 2: At first, I bought the Netgear AC1900, which seemed like a great deal. Turns out it was unusable without creating a netgear account, so I returned it in exchange for the TP-Link Archer AX1500, and it appears to be working! I got everything set up pretty close to the way it was before, except even better.

Once I save money, I'll also invest in a different modem and return this one to my ISP.

This was a big wake-up call for me in terms of privacy. I never listened to people saying not to use your ISP's equipment because I always trusted my ISP (it's not one of the big name ones). Never trust a company. Lesson learned. I appreciate all the responses I got! This community is great!

you are viewing a single comment's thread
view the rest of the comments
[–] empireOfLove@lemmy.one 268 points 1 year ago (8 children)

Get. Rid. Of. Their. Router.

ISP provided networking routers are inherently garbage. They don't want users messing with that, because your average user doesn't even know what the fuck an ethernet cable is and will break everything by fucking around in it.

Run your own router and put theirs into modem only mode with routing and wifi disabled. If that's not an option ask their tech support if you can buy your own DOCSIS/fiber modem (or whatever hardware you use) and return their hardware. If they also don't allow that.... well, switch or just suck it and deal with it while the ISP rubs their nipples some more.

[–] LinkOpensChest_wav@lemmy.one 18 points 1 year ago (9 children)

https://cdn.imgchest.com/files/j7kzcvmllm7.png

So I can't disable wireless mode. This too is greyed out, and it also doesn't let me disable wireless via the app. (When I try, it throws a popup that says "You must have at least one network."

So is my best bet to get my own modem with router built in, or could I still connect a router to this, but never use the wifi connection through their equipment? I don't have a lot of money, so I also want to be a bit mindful of cost.

[–] keeb420@kbin.social 22 points 1 year ago (1 children)

I'd check to see if your provider has an approved modem list, buy one off that and then run your own router.

[–] LinkOpensChest_wav@lemmy.one 6 points 1 year ago (2 children)

So I will want a separate router vs. buying one that has it built in? I can use whatever router I want, right? That part doesn't have to be from the list.

[–] Maximilious@kbin.social 14 points 1 year ago* (last edited 1 year ago) (2 children)

Any combo modem router is typically trash and you NEED separate modem because if you get a combo you will be in the same situation. They will flash the combo unit with the same firmware wether you own it or not.

You will want an aris modem from there approved list and a good wireless router. When you swap out your modem you will need to call in so they can flash it with thier firmware (which is fine). You can then configure your router as needed.

I can't recommend a wireless router because I have a Unifi household and have been out of the consumer space for a while. I hear netgear nighthawk are still creame of the crop though.

[–] anonymoose@lemmy.ca 7 points 1 year ago (1 children)

Wow, so ISPs can usually flash custom firmware on a 3rd party router? I'm surprised that capability exists, although I can kinda see the rationale for why it does.

[–] keeb420@kbin.social 4 points 1 year ago

No but to modems they can because the modem needs to talk to their equipment.

load more comments (1 replies)
[–] stupidfly@sh.itjust.works 11 points 1 year ago (1 children)

You are going to get more functionality if you buy separate devices. A combo router is going to give you less flexibility in the future. That is why you keep getting that recommendation.

[–] LinkOpensChest_wav@lemmy.one 6 points 1 year ago (1 children)

That makes sense, thanks. As much as I try to educate myself, I'm a soft sciences guy and a bit of a misfit when it comes to this type of thing :P

[–] gravitas_deficiency@sh.itjust.works 2 points 1 year ago (4 children)

Also keep in mind that you’ll be free of whatever rental fee they were charging you to use their modem/router.

load more comments (4 replies)
[–] roguetrick@kbin.social 5 points 1 year ago* (last edited 1 year ago)

I bought a refurbished cable modem for less than $30 off of amazon that's working well for me. I'd just go that route instead of using their equipment. Even if it breaks in a year, that's savings over renting ISP equipment.

[–] fraksken@infosec.pub 4 points 1 year ago (2 children)

That is literally fucked. There are some scenario's where I can imagine an ISP wanting to force wireless on. a mesh network for their customers sounds like the most straightforward reason. if you cannot replace the router, faraday the shit out of it. put your own router behind the isp router and don't forget to change the MAC address of the router (isp will probably block any 3rd party router macs on the network. seen it before)

[–] trafficnab@lemm.ee 6 points 1 year ago* (last edited 1 year ago) (1 children)

That shit would get thrown in a metal cage and treated as a radioactive DMZ network-wise if I was forced to use it

My ISP is the dumb pipe my internet comes from, it's bad enough that they inject bandwidth cap warnings into the raw HTML of webpages like some sort of adware virus, they can stay the fuck out of my local network

[–] fraksken@infosec.pub 3 points 1 year ago (1 children)

messing with html sounds very worrying to me. is that on https connections to any site they do not control? Do you have an isp application installed?

[–] trafficnab@lemm.ee 2 points 1 year ago (2 children)

Only HTTP, they intercept any unencrypted page in flight and inject a giant banner at the top that won't go away until you acknowledge it, no local application required

This is 100% legal in the US, and in fact, some small regional ISPs actually made money injecting actual ads into webpages, literal spyware

[–] fraksken@infosec.pub 2 points 1 year ago

that would immediately prompt me to use vpn for any connection. I'm sorry to hear that man.

[–] mrwiggles@prime8s.xyz 2 points 1 year ago

This is the result of the death of isps as net-neutral carriers.

load more comments (1 replies)
[–] nihth@programming.dev 4 points 1 year ago

All the router modem combos I have used have basically disabled most of the features including wifi if it gets set in modem only mode

[–] VelociCatTurd@lemmy.world 4 points 1 year ago (3 children)

Some ISPs will not let you put the modem into a true bridged mode. I would try to disable as much on it as you can. As long as the traffic can pass through from the modem to your router that’s the important part.

[–] Thermal_shocked@lemmy.world 6 points 1 year ago

Yup.iterally only use the modem to convert the signal, then run your own setup off that Ethernet cable.

[–] LinkOpensChest_wav@lemmy.one 3 points 1 year ago

That's what I'm thinking. I looked up how to use bridge mode for my router, and it does look like I am able to access that setting, at least for now.

load more comments (1 replies)
[–] some_guy@lemmy.sdf.org 3 points 1 year ago (1 children)

When I had Comcast, I had to call them and have them turn this stuff off for me, fwiw.

I've owned a TP-Link that frequently lost all my settings. I've owned two Netgears and they've been great. I've owned two Linksyses and they've been great. That's just my experience.

[–] LinkOpensChest_wav@lemmy.one 2 points 1 year ago

I couldn't even access the Netgear settings without creating a Netgear account, so I returned it. My friend who has a Netgear said this didn't used to be the case, but I could not bypass that requirement.

[–] doppelgangmember@lemmy.world 2 points 1 year ago

Fvck it, run your own router on top of that. Make a another local network and just connect it to the ISP Router, then connect all your devices to the new local. Voila.

Also run a VPN on the new router if you daisy-chain them.

[–] amithinkingright@lemmy.one 2 points 1 year ago (3 children)

Fun thought. I'd try wrapping their wifi router in a faraday cage of chicken wire, test that the signal isn't going out with a nearby smartphone, then plug ethernet from their to my own wifi router.

load more comments (3 replies)
[–] Wakmrow@lemmy.world 2 points 1 year ago (1 children)

Yes, get your own router, don't use the app. If you're technically inclined, the app will only restrict what you can do with the equipment. And with ISP owned equipment, they have api access to your equipment.

load more comments (1 replies)
[–] dinosaurdynasty@lemmy.world 11 points 1 year ago (3 children)

You could always do double NAT (put your own router behind theirs) as last resort. It's not that bad, I've done it a lot.

[–] anonymoose@lemmy.ca 5 points 1 year ago (2 children)

Out of curiosity, if your router is able to connect with their network, why do you then need to add their router back in front of yours?

[–] Devion@feddit.nl 11 points 1 year ago

In that case you totally don't. But many ISPs only allow their own routers/modems or require some very specific abilities from 3rd-party routers usually only found on more high end (expensive) models. So sometimes the last resort is double NATing (which is fine for most users).

[–] db2@sopuli.xyz 4 points 1 year ago

If you can't disable theirs.

[–] empireOfLove@lemmy.one 1 points 1 year ago (1 children)

yeah, double-NAT tends to break a lot of multiplayer games though so I heavily try to avoid it.

load more comments (1 replies)
[–] dingus@lemmy.ml 1 points 1 year ago* (last edited 1 year ago) (1 children)

Do you need NAT if their network supports IPv6 and your whole home network is set up in IPv6?

[–] dinosaurdynasty@lemmy.world 4 points 1 year ago

Probably, unless they have a static delegation or do prefix delegation properly, which if they did they probably don't suck enough to require double NAT^ lol

^single NAT for IPv6, assuming they don't NAT it themselves

[–] AlexisFR@jlai.lu 5 points 1 year ago (6 children)

Is the Unify Dream Machine a good option?

[–] Exusgu@lemmy.world 4 points 1 year ago (1 children)

If you're on the techy side and want an all-in-one solution? Sure, if you plan on expanding within their ecosystem later. Unifi's biggest benefit is the ecosystem, being able to manage everything from one place is nice.

[–] Thermal_shocked@lemmy.world 3 points 1 year ago

I worked on one clients unifi setup and loved it. Immediately got the usg 4 pro, 24 port switch and 3 pro waps. Highly recommend for a prosumer setup.support can be whack, but lots of YouTube and forums. Meraki too pricey for home setup but the support is top tier for critical business.

[–] Thermal_shocked@lemmy.world 2 points 1 year ago

I have the usg pro 4 with ap pros and love it.

[–] randombullet@feddit.de 2 points 1 year ago

It's good enough.

I'm running wired routers with their wifi systems. I have a lot of control over my network.

load more comments (1 replies)
[–] argv_minus_one@beehaw.org 5 points 1 year ago (1 children)

I have fiber here in my apartment.

There is an optical network terminal with an Ethernet port on it. The optical network terminal does not appear to do any routing, just conversion of the signal between the electrical and optical interfaces. An ordinary PC can be plugged directly into it, use DHCP to get its IP address, and that's it.

I was supplied a router by the ISP as well. It's spent the better part of the last decade gathering dust in a drawer.

[–] empireOfLove@lemmy.one 2 points 1 year ago (1 children)

lucky bastard, enjoying fiber optic internet with common sense hardware...

[–] argv_minus_one@beehaw.org 2 points 1 year ago

No kidding. I'm going to sorely miss this setup if I ever move out.

[–] tlit341569@discuss.online 2 points 1 year ago

my ISP didn't gave me the captive portal password and I'm afraid to reset it now because they've manually entered the WAN IP 😩

load more comments (2 replies)