• Subscribe by Email!

Enter your email address:

Delivered by FeedBurner


Secure Wireless in Costa Rica (and Elsewhere)

December 2nd, 2009

crookI have wanted to cover this topic for some time as I get a lot of questions from people who use a wireless connection (inalámbrico(a)) to access the Internet. This post will be a bit long… be patient.  It will be worth it.

There was no wireless when I arrived here many years ago  and just a few hotspots (wireless locations) until maybe 2-3 years ago. Since then, wireless has “gone viral” and has become available in numerous locations, especially in the central valley around San Jose. Nearly every hotel offers wireless and/or direct connects in the rooms. Internet cafes offer wireless as do bagel shops and pizza parlors.  More and more people are getting familiar with wireless both for home and for “on-the-road” use and they ARE using it.  A lot!

Sadly, the vast majority of the people I deal with think wireless is is a reliable, convenient, safe and secure form of communications. Reliable and convenient? Maybe. Safe and secure? Absolutely 100% NOT.

This is one of the topics I cover in my REAL Costa Rica Tour, and it is so very important, I have decided to add it here. Also, I cannot cover it sufficiently during a tour, so this will be a reference for my tour clients.

If this topic is of interest to you, (and it should be!), read on.

Let’s start with a quick video from The Discovery Channel!  Just click this link to open in a new window!

Scary huh? Well read on for some ideas on how to protect your (virtual) life!

It is a bit technical, but I will try to explain it in layman’s terms so far as possible. If you intend to use a wireless connection, whether in your home, an Internet cafe, a hotel, or anywhere in any country, (not just Costa Rica), then I would urge you again to read this post. I will tell you why it is not safe and secure and then I will teach you how to make it secure… or as secure as today’s technology can make it.

Let me start by repeating that using wireless, while wonderfully convenient, is just plain incredibly dangerous. In essence, what you are doing is sending information from your computer (email, files, photos, passwords, etc) through the air as a radio signal. As with any radio signal, all one needs to listen to what you are sending is a “radio”. The radio a bad person uses costs nothing.  They are free for the downloading on the Internet, and they are called “sniffers‘ or more formally, packet analyzers, network analyzers, or protocol analyzers.

With a sniffer and some other tools, also free, a semi-knowledegeable person can see pretty much everything you are doing. Some people think that protected network will save them. While there are password protection schemes that are more difficult to crack, I can assue you that most can be opened by a pro within minutes, and it is the pro who will be after data that can compromise your identity, your finances and your privacy. With a sniffer, they can see almost everything you are sending and receiving.

People think that their firewall will save them… or their anti-virus. This is not a virus we are discussing. this is invasion of your privacy. Firewall?  No help.  The bad guy is reading your data from the air.  As a side issue, most firewalls protect from attacks from the outside which is not the case here, right?  Windows XP firewall would be an example. What about data being sent FROM your PC?  It is incredibly easy for someone to put a small program on your computer, without your knowledge, that captures every keystroke you type (even if to a “secure” connection like a bank). This is then sent to the bad guy!  This little program is called a keylogger and can be downloaded for free from the Internet. It may surprise you that some companies place these on the computers of their employees to monitor their activity.  Doubtfully legal… but true. OK back on topic!

Once your data is compromised, for instance someone gets your email password, they can read all your incoming AND your saved email. Saved email (never a good idea), may contain logins and passwords to other services you use.  It may also contain stuff you prefer not be public.  Now, you have real issues.

How easy is it to know if a free hotspot is legitimate?  It is not.  Here is cool but easy trick!  A semi-knowledegable person can sit outside a hotspot (a location that offers a wireless connection) and from the comfort of his car, in some cases parked blocks away, logs in to any free service. He then creates his OWN open wireless network.  It is quite easy. You then go to the coffee shop, restaurant, etc, and you see an open network, let’s call it “Beetles Bagels Free Access”, and you login thinking it is service offered by that bagel shop.

You just logged into that person’s PC and everything you send and receive is piped right through his computer… and you never knew it.

OK…. you think you are safe because you check into an hotel and connect directly to the Internet (no wireless). As soon as you login, your data can be captured by another person on another room using the same network. Seldom do hotels or other hotspots have the hightened security required to protect guests from such intrusions.  In fact, it is likley your home connection is more secure.

Last, any time you connect to the Internet, you are connecting through the Internet Service Provider (ISP) that is used by that location to provide Internet service, and they too can see everything you send or receive. This, in reality, is pretty unlikely, but certainly is possible.

You use Voice Over IP (VOIP) to make calls, send info etc thinking they are private calls.  Think again.  These too can be easily “sniffed” and decoded.

Have I got your attention? Scary huh?

So is there any way to protect yourself…. especially when using wireless? The answer is yes, and it is really very, very effective. It does cost a bit of money, often about the same or a little more  than a good anti-virus program.  It is called a Virtual Private Network or VPN.

VPN’s

Many companies use VPN’s to protect their employee’s data when accessing the Internet from outside the office. It is common practice, but few people think of setting up such high security for themselves.  If your company has a VPN, that is fine, though many companies prohibit personal use of the Internet through the company connection (VPN).

So what does a VPN actually do? In as simple words as possible, a private network (a VPN) is created within the main network that you are using (hotel, hotspot, Internet Cafe where you connect directly not using their PC’s etc.).

The geek word for this is an “encrypted tunnel”. You have probably used a VPN and never knew it as such.  When you shop or bank online, you may be using an HTTPS:// connection to protect your data. With your own VPN, you open a secure “encrypted tunnel” from your computer the instant you login.  Therefore, it is not tied to any particular web site that you go to. Your security and privacy is always ON regardless whether  you see that  https:// or not.

Further, a VPN protects every piece of data you send and receive including VOIP, email, instant messaging, and of course browsing. All data is encrypted instantly, send to the VPN where it is decoded and sent on. Any data sent to you is likewise encrypted before coming back to you! You computer decodes it and you then see it as “normal”. Does this slow things down? Nope.  I use a VPN on my laptop and have found no significant loss of speed. As all data is decrypted in a secure data center, it is virtually impossible for your information to be intercepted.

So now you have true Internet security, whether from a hotel room or at a wireless hotspot!  Remember the guy who created his own “fake” network outside the bagel place?  No worries. He cannot even access the tunnel and even if he could, he sees nothing but highly encrypted data.  He gets nothing!

Other Benefits

I’ll mention here a few more items of interest.  A good VPN also provides you with a new IP address.  Your IP address identifies you, where you are located, your country, town, etc. Is this a problem?  It can be.  If you are in Costa Rica, you may have issues shopping online as when you order, your location is provided by your IP and often companies will not accept a credit card issued in one country if you are using it from another country. My VPN gives me a US IP address, so I now have no issues!  Any one checking see me as being in Dallas.  Further, companies like Netflix.com and others will not permit viewing of their material if you are outside the USA.  With your new US IP address, you will have no problems.  These companies “see” you as being in the USA.  Some VPN services will offer you an IP in Europe or even in Hong Kong (though I suspect you would notice a service degradation if using a VPN in Hong Kong from Costa Rica.

For you privacy/conspiracy nuts (and I know who you are!) Google, Yahoo and in fact all search engines track and record all your searches and tie them to your IP address.  So…. If they don’t have your real IP… heh, heh!

Finally, there are still countries that limit access, censor, monitor content, block VOIP services (SKYPE, etc), or restrict Internet access. A good VPN handles those issues completely. Now you can travel to Cuba!

Expensive??

You decide.  Mine costs $60.00 per year.

$5.00 per month to protect my identity and the security of my data, my email, my passwords, etc., is, quite frankly, not even worth my consideration.

Hard to set up?

I use a MacBook Pro, and setup time was 9 minutes (including the time to download the software). It was a 100% no brainer. I have not tried it on a Windows machine, but I expect it is equally as easy. I am a bit of a geek, but really, this was NOT hard.

Where do I get one?

Use a search engine.  Google, Yahoo, Bing, etc.  this:  “personal vpn service” (quotes not needed).

You will see several companies offering VPN’s.  Check them ALL out and compare their service offerings.

Summary

I truly hope I have gotten your attention… especially but NOT limited to you wireless users. You really are at risk.

This is really important stuff, and I would urge you to consider protecting yourself. If you don’t feel comfortable doing this yourself, find a pro to help you with the install, but please, do not do nothing.


16 Responses to “Secure Wireless in Costa Rica (and Elsewhere)”

  1. Jim Gaudet on December 2, 2009 9:05 pm

    Tim,

    The only other issue when using that VPN would be latency. I would think that all of your traffic would have to pass through the VPN in order to be secured by the encryption (ESP / SHA1 or MD5 most likely).

    Meaning, if you have an IP address from the US, then your DNS queries have to go there first, which could change your latency.

    Maybe you could do some speed tests for us and compare the difference in Ping Time, Download and Upload speeds. That would be the final selling point for me.

    Great information by the way,

    Jim

  2. M.Valle on December 2, 2009 11:57 pm

    We use a VPN account at our home with our 4MB ICE Internet connection. We can appear to be in the United States and watch streaming video on sites like hulu.com, which is blocked outside of the United States. Right now I am catching up on nine seasons of Star Gate and watching the new V miniseries.

  3. Tony Penny on December 3, 2009 5:12 am

    Recently made a small internet purchase of some cel phone reload, only cost about $3, but my UK bank saw a transaction between the UK and USA and decided to hammer me with a 90% International transaction fee. I don’t think VNP can hide that one, any comment on that? I’m really pissed off that the banks can do that.

  4. Jim Gaudet on December 3, 2009 8:28 am

    Very cool M. Valle. I use HotSpotShield for Free that allows me to get my US ip. But, sometimes it can be slow, even though I pay for the 4MB/1MB Amnet Internet.

    Would you mind telling how good is your ICE 4MB connection? And what the upload speed is as well as the price?

    I am looking for a backup line, thanks,

    Jim

  5. Tim on December 3, 2009 10:18 am

    Jim

    I visited the web site. I am olde… and ANYTHING that is free makes me very skeptical. No info on connection points, encryption methods, access point or points if more than one. This seems more like a proxy server though they do say it is a VPN.

    Guess the “something for nothing” thing just does not play in my brain. This is just too important. A VPN, while conceptually simple, does require maintenance, bandwidth and redundancy plus if it is not run out of s secure data center (also expensive) then this thing could be in some teeny bopper’s basement.. Mine gives me maybe 15 connect points world wide. Somebody has to be picking up the tab for expenses and when there is no explanation, I am just to cautious to use such a service. It is like those many useless free virus protection programs. No info about the company, contact email, and NO SUPPORT for the non geeks. Sorry… not for me.

    Glad it is working for you though!

    I would never (willingly) use ICE for Internet connection, though I guess I’d consider it as a backup I suppose. Therefore, I can give you no personal reference.

  6. Tim on December 3, 2009 10:21 am

    Seems like it is between banks and not because of where you were located when you made the transaction. A UK IP address IS available though. If it is a bank thing… the answer is probably not. Change banks.

  7. Tim on December 3, 2009 10:25 am

    Latency is not an issue. Speed tests and pings seem unaffected whether I choose NYC, Wash DC Dallas LA or San Francisco. I stream video and see no issues and cannot note ANY service degradation, though logically there must be some.

    I have not tried Hong Kong or Europe though, but I would bet I’d see some lag there.

  8. Jim Gaudet on December 3, 2009 12:36 pm

    Thanks Tim, I will look into some VPN systems, maybe you can email me the one you are using so I know where to start.

    Iuse TrueCrypt to protect my data on my hard drives and use an encrypted browser to browse the net. This way I do not need a VPN, I only use HotSpot to watch streaming video..$60 is pretty cheap for a year….

  9. Charlsey Cartwright on December 3, 2009 2:44 pm

    Thank you for your excellent article. I have started a dialogue with my Mac consultant and will let you know what VPN solution I decide on.

  10. Thomas on December 7, 2009 1:42 am

    Tim,

    Great article and it really got me thinking. Would you be willing to share what VPN provider you chose? There are so many out there and I just want to get started. Yours seems pretty good priced for what you get. Maybe you can email me directly if you do not want to publish in your blog.

    Thanks!

  11. Tim on December 10, 2009 3:42 pm

    No Problem. I used: http://www.witopia.net/

  12. dana j on December 21, 2009 6:41 pm

    Tim, something my banker recommended is a little program called Key Scrambler. It encrypts your keystrokes while you are using IE or FireFox. So even if you had a keylogger on your system, it would only record random seeming keystrokes.
    I’ve been using it and it seems to work pretty good.

    Dana J

  13. Ed Reames on January 7, 2010 2:45 pm

    When necessary I use one of two different free VPNs. ItsHidden or HotSpot Shield. Both work okay so far.

    Thanks for the recommendation for the paid service.

    What with free WiFi becoming more available, a VPN is an absolute must.

  14. Brendan on March 24, 2010 3:35 am

    It is good to know that latency does not appear to be significantly degraded when using your VPN service, Tim. I have been reluctant to try a VPN since experiencing significant slowdowns after setting my home router to encrypt all transmissions. Maybe I can find a paid service with a money-back guarantee or test period.

    Dana, i’ve been using KeyScrambler Personal (which is free) for a few years and conceptually it is great for defeating software keyloggers. However I have not thought of a way to test the concept yet. I also note that KeyScrambler has 2 paid levels of service that encrypts keystrokes in other applications besides IE & Firefox.

    BTW, regarding VOIP services, Skype reputedly uses professional-grade encryption to encrypt all outgoing or ingoing transmissions.

  15. Don Dillon on May 14, 2010 4:58 pm

    I just installed Witopia on my MacBook Pro based on Jim’s recommendation. It works great. I can change my IP address to just about anywhere in the world as many times as I like. We’ll be moving to Panama later this year, so this, along with my Magic Jack, should keep me in contact with family back home AND keep my private info (and conversations) PRIVATE! (We were going to retire in Costa Rica, but Panama’s pensionado program is hard to pass up! We’ll still be visiting Costa Rica a lot, though, so I want to keep receiving your blog!)

  16. Robert Maguire on July 19, 2015 6:05 am

    Hi, Tim! Found this as I was poking around your website. I’ve always known about VPN, but I thought it was something that was only available to businesses! Silly me!

    Once I read your blog post, I went straight to the net and signed up Maggie and me for a VPN service.

    I told you my background yesterday. Trust me when I say onne cannot be too careful. Trust no one!

    Have a great day!