Go Back  FlyerTalk Forums > Travel&Dining > Travel Technology
Reload this Page >

Travel router security without VPN?

Travel router security without VPN?

Reply

Old Jun 24, 19, 10:49 am
  #1  
Original Poster
 
Join Date: Apr 2000
Location: Wash DC
Posts: 95
Travel router security without VPN?

Hi, I understand the benefits of using a travel router to share connections where you might pay/connection. I understand using a VPN to get around geographic limitations.

But is there any security benefit to using a travel router WITHOUT a VPN, say in a hotel or coffee shop? This is where I get confused. Are they only helping protect me from other people (not the hotel operators or coffee shop owners, who, let's say we trust) if and only if I am also using a VPN?

So as far as security --- does a travel router with no VPN = connecting to public or hotel wifi directly?

Thanks
InfrequentFlyer is offline  
Reply With Quote
Old Jun 24, 19, 11:12 am
  #2  
FlyerTalk Evangelist
 
Join Date: Nov 2002
Location: PWM - the way life should be
Posts: 11,624
There is no security impact on using your own router vs connecting to the underlying wifi/ethernet directly.

Your browsing and transactions are secured either way using TLS (addresses that start with https). That's the important thing.
gfunkdave is offline  
Reply With Quote
Old Jun 24, 19, 11:53 am
  #3  
Original Poster
 
Join Date: Apr 2000
Location: Wash DC
Posts: 95
So if I connect my laptop to the hotel wifi, there's no (security) benefit of using a router in-between the connection, unless I also use a VPN?
InfrequentFlyer is offline  
Reply With Quote
Old Jun 24, 19, 1:56 pm
  #4  
FlyerTalk Evangelist
 
Join Date: Nov 2002
Location: PWM - the way life should be
Posts: 11,624
Originally Posted by InfrequentFlyer View Post
So if I connect my laptop to the hotel wifi, there's no (security) benefit of using a router in-between the connection, unless I also use a VPN?
Correct, and your internet provider (VPN, hotel, Comcast, whatever) can always see your unencrypted traffic. Actual security is accomplished via encryption between your computer and the website/service you're accessing.
gfunkdave is offline  
Reply With Quote
Old Jun 24, 19, 2:09 pm
  #5  
Original Poster
 
Join Date: Apr 2000
Location: Wash DC
Posts: 95
thank you for the courteous reply. i already bought a little travel router and just signed up for a free VPN to try it out the next time we go on vacation.. if nothing else, it will make connecting our 2-4 devices easier, and give me a project to learn about..
InfrequentFlyer is offline  
Reply With Quote
Old Jun 24, 19, 8:10 pm
  #6  
 
Join Date: Mar 2016
Posts: 1,015
Wouldn't there be some NAT advantage, keeping other users on the same WiFi from seeing your devices? Not talking about sniffing traffic, more about poking at any ports that might be open.
InfrequentFlyer likes this.
Qwkynuf is offline  
Reply With Quote
Old Jun 25, 19, 7:15 am
  #7  
FlyerTalk Evangelist
 
Join Date: Nov 2002
Location: PWM - the way life should be
Posts: 11,624
Originally Posted by Qwkynuf View Post
Wouldn't there be some NAT advantage, keeping other users on the same WiFi from seeing your devices? Not talking about sniffing traffic, more about poking at any ports that might be open.
Sure, but tablets/phones/PCs these days default to having their firewalls block everything anyway. Also the network engineer in me is forced to say that NAT isn't intended as a security feature. The main issue is people either sniffing unencrypted traffic or tracking what you're doing. But with how pervasive TLS is becoming, that becomes less and less possible.
InfrequentFlyer likes this.
gfunkdave is offline  
Reply With Quote
Old Jun 25, 19, 2:26 pm
  #8  
 
Join Date: Jun 2019
Posts: 29
Originally Posted by InfrequentFlyer View Post
So if I connect my laptop to the hotel wifi, there's no (security) benefit of using a router in-between the connection, unless I also use a VPN?
"Travel routers" use 4G, same tech as a cell phone, not the wifi.

No real security benefit though. If a site uses HTTPS you are protected regardless of who listens.

VPNs can be helpful in some cases, but if you don't think anyone is targetting you specifically it's probably sufficient to install the HTTPS Everywhere extension.

(It makes sure sites like Gmail and FT that use FT won't fall back to plain, unencrypted HTTP).

Personally I choose to use a VPN when travelling, since so many sites (even ones you'd think are important) either don't use HTTPS, or have "mixed content". It's also hard to tell sometimes if a certificate error is due to an improperly configured captive portal (the thing you click "I agree to the TOS" or log in on), or a malicious attack.

Originally Posted by gfunkdave View Post
Sure, but tablets/phones/PCs these days default to having their firewalls block everything anyway. Also the network engineer in me is forced to say that NAT isn't intended as a security feature. The main issue is people either sniffing unencrypted traffic or tracking what you're doing. But with how pervasive TLS is becoming, that becomes less and less possible.
Also if you're especially paranoid, DNS leaks where you're visiting. It's my understanding that a good VPN does DNS on their end, hiding where you're visiting from the network operator.

Metadata can give a lot of information, so I choose not to
InfrequentFlyer likes this.
Castoreum is offline  
Reply With Quote
Old Jun 25, 19, 7:31 pm
  #9  
 
Join Date: Jul 2007
Location: San Francisco/Sydney
Programs: UA 1K/MM, TK Elite, DL Gold, Hilton Diamond, Marriott Platinum, IHG Gold, Hertz PC, Avis First
Posts: 6,827
Originally Posted by Castoreum View Post
"Travel routers" use 4G, same tech as a cell phone, not the wifi.
Travel routers, in the sense that the term is normally used, definitely use Wifi. Wifi on the "client" side (normally encrypted Wifi), and either ethernet, Wifi (normally unencrypted public wifi) or possibly (but rarely) 4G on the uplink side.

Originally Posted by Castoreum View Post
No real security benefit though. If a site uses HTTPS you are protected regardless of who listens.
No, not really. (As you clearly understand given your mention of HTTPS Everywhere). You are protected as long as your communication to the site uses HTTPS. Your bank might use HTTPS, but if someone is intercepting your traffic then it's possible you were silently redirected to a different site that's not using HTTPS, or is using HTTPS, but is not your bank. Rather than repeat what I've said here before, I'll just point to this previous post.

HTTPS Everywhere certainly helps with this problem, as do new things like HSTS (which forces your browser to always use HTTPS for specific sites automatically, without HTTP Everywhere), but for the average person it's still far too easy to have your traffic going somewhere other than where you're expecting and not realize it...
InfrequentFlyer likes this.
docbert is offline  
Reply With Quote
Old Jun 25, 19, 9:30 pm
  #10  
 
Join Date: Dec 2006
Location: SJC
Programs: Bonvoy Tit Forever, AmEx Plat, National EE, WN CP, CLEAR
Posts: 3,634
Originally Posted by Castoreum View Post
It's also hard to tell sometimes if a certificate error is due to an improperly configured captive portal (the thing you click "I agree to the TOS" or log in on), or a malicious attack.
Yup. Every now and then the WN elite free-WiFi login page throws an cert error and because it's way too easy to spoof that I keep retrying 'till the lock comes up.

I should probably plug "NeverSSL" here- as it eponymously states, it doesn't use SSL so it's perfect for being the first site you open after connecting to a captive-portal network to bring up the TOS page (if any).
InfrequentFlyer likes this.
kennycrudup is offline  
Reply With Quote

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Thread Tools
Search this Thread