Comment by chimeracoder
1 month ago
One takeaway from this is that there's a strong privacy case for disabling the built-in wireless network from your ISP-provided modem/router and using your own, to reduce the number of ways that your ISP can surveil you.
My home ISP's cell router (because no other internet reaches our area anymore) has almost no configurable settings (just wifi name/password/hidden), and actively forbids you from disabling wifi even though I only use it through the wired connection.
(And what limited configurability it provides is only through the app, which requires you to agree to their "molest your privacy policy". I had been content with just not installing the app , but my threat model hadn't considered this new development ...)
That’s always a good idea, but they’ll still be able to tell when someone is home because the outbound internet traffic will increase.
And don’t forget to set your DNS to a non-ISP resolver.
SNI is not encrypted.
You need a box downstream of your ISP devices that encrypts all traffic out over a VPN. This is what I do.
So you need fake upstream downstream traffic, put your router in a lead box, use DNS over https, and then all that for nothing because the Amazon router was backdoored by the NSA too
> That’s always a good idea, but they’ll still be able to tell when someone is home because the outbound internet traffic will increase.
Sure, but not necessarily who is home, since they won't have the MAC address of your device(s) connecting.
Also, traffic volumes are a lot noisier of signals than you might think, given how much automated and background stuff we have these days.
Even better, don't use the Comcast router at all. It's a rip off anyway
Don't they hand out combination modem/routers? What's a cheaper alternative?
Buy your own DOCSIS modem, opt out of renting theirs. It'll pay for itself after a few billing cycles (the modem rental fee is $15 per month)
3 replies →
I bought a DOCSIS modem+wifi AP on amazon a decade ago for $50. Its been working like a champ and I have control over it.
although for the best control it is recommended to buy modem separately and wifi AP separately, because Comcast can send C&C commands to your modem over the copper cable
If it lets you. I think Bell modem+router+AP devices always broadcast a TV network with no way of disabling it whether you have TV service or not.
That's what a good-ol' Faraday cage is for.
Or unplugging the internal antennas. Only on equipment you own, of course.
This is piled on top of the existing strong case for all Comcast wifi equipment being hot garbage. If some confluence of poor regulations has led you to being stuck with Comcast, the least you can do for yourself is get your own DOCSIS modem and routers and access points that you control.