Input on privacy goal

Nicolás Alvarez nicolas.alvarez at gmail.com
Mon Jan 22 01:09:20 UTC 2018


> On 19 Jan 2018, at 14:58, Sandro Knau� <sknauss at kde.org> wrote:
> 
> Hey,
> 
>>> Here are some thoughts on threat models for this, as a possible way to
>>> better capture what we want to achieve.
>>> 
>>> (1) Public Wifi
>>> 
>>> Assume anyone can see your Wifi network traffic (e.g. via recent
>>> vulnerabilities in WPA2). Using your device in such an environment should
>>> be safe and not compromise your privacy any more compared to using a
>>> wired network at home.
>>> 
>>> Possible counter-measures: Encrypted communication, VPN.
>> 
>> Since (I think) iOS 10, the Wi-Fi configuration gives pretty loud warnings
>> if you connect to an unsecured Wi-Fi network. Perhaps the Plasma
>> NetworkManager applet needs similar UI improvements in that area.
> 
> just to mark all non encrypted Wifi as insecure and mark everything with WPA2 
> as secure is too simple. The most bars I now have also a WPA2 secured Wifi, 
> you the the password by asking are looking into the papers laying around. But 
> I never would trust those encrypted Wifis. Everyone you have the password can 
> see my traffic, and as those bars never changing their password...

This is not quite true. Being in a WPA2 network where everyone knows the password is not equivalent to being in an unsecured network. If it's unsecured, traffic is in plaintext (unless, of course, higher level protocols do their own encryption, such as TLS). A WPA network transmits traffic encrypted with negotiated keys, and you can't passively intercept it and decrypt it even if you know the password.

It *might* be possible to do a man-in-the-middle by running your own access point with the same SSID and password, and get the victim to connect to you instead of the real one, but it's much harder to pull that off.

> I would 
> like to see a way to tell the computer "kontact and owncloud-client should 
> only be active for my home by default". Otherwise ask me, if they should go 
> online. And at second level it would be nice to say, if I'm not at my home 
> connection kontact should use this VPN to connect...

Ohh, I'm interested in this feature too, for a different reason: choosing which apps can connect to the network when I'm tethered to my phone and using my horribly limited 3G plan.

-- 
Nicolás


More information about the kde-community mailing list