Bolt On Privacy and Security at Home for Less Than $50

Introduction

Ever had that tingly feeling that someone is watching you? Something you chatted about or searched a few days ago starts popping up on various websites? I hate to break it to you, but…

You are being tracked… right now.

What you are looking at, where you have been, what you have searched, where your mouse hovered over a little too long and even as creepy as what part of the video you keep rewinding back to are all trackable attributes leaking out of your computers and smartphones. Don’t believe me? Dennis Anon over at Privacy.net has put together a great tool for showing you just how leaky your browser may be.

Over the holiday break I decided see if I could miniaturize and consumerize some of the network security capabilities I practice, into a cost effective, set it and forget solution for the home user. I chose a Raspberry Pi for the hardware platform and combined several existing open source software projects to deliver BetterInternetPi.

So, if you have a Raspberry Pi laying around or about $50 burning a hole in your pocket, and want better privacy and security at home… and maybe a little American Netflix too: read on!

→ Goals

• Create a secondary wireless network which will provide users with transparent privacy and security protections

• Reduce advertisements, privacy invading trackers and malicious content

• Obfuscate your public IP address and physical location

• Prevent your ISP from tracking what websites you visit and potentially filtering your Internet access

• Provides you with an American IP address to access region restricted content such as Netflix, Hulu, etc.

• Increase visibility on your network

→ How it Works?

The intent of this project is to build out a secondary wireless network appliance which will provide DNS filtering and route all traffic across a VPN through a small, cost effective Raspberry Pi platform. This project has combined several open source software projects, below are the major ones:

• Raspberry Pi and Raspberry Pi OS

  • a low cost, lightweight computer and operating system which includes a built-in wireless antenna

• Hostapd

  • An open source software project that leverages converts the Raspberry Pi into a wireless access point

• OpenVPN

  • An open source software project that provides highly configurable SSL VPN capabilities

• Pi-Hole

  • An open source software project that provides DNS filtering and DHCP services

→ Caveats

• Performance

  • Raspberry Pi hardware isn’t powerful and with even the newest Raspberry Pi 4 I was only able to get about 65 Mbps symmetrical over the VPN on my 1 Gbps Internet link

  • The Raspberry Pi’s CPU does not have hardware acceleration for encrypting and decrypting wireless and VPN traffic which is the bottleneck.

  • Pushing all your home network traffic through a Raspberry Pi will likely cause a bottleneck, so consider occasional use, IoT devices only or building this project on beefier hardware.

• Ultimate Privacy and Security?

  • Hardly, this project helps filter advertisements and malicious domains through a technique called DNS blackholing. However, both advertisers and hackers alike are getting wise to these techniques and are getting around it.

  • As with all risk management tactics, it is prudent to layer your defenses and use, antimalware and something like Brave Browser or other privacy plug-ins to layer your defense.

• Will This Break My Internetz?

  • Possibly! While small, there is risk that this project could have unintended consequences which may interrupt your home Internet. Most problems can be resolved by disconnecting the BetterInternetPi and doing a round of reboots on affected systems. Below are the two areas where this project may impact your network:

    • DNS

      • Blocking DNS via the Pi-hole usually doesn’t affect your Internet experience, however there are some cases where it will. In those edge cases the Pi-hole can be configured to not block for a prescribed amount of time or you may consider whitelisting the blocked website if it is appropriate to do so.

    • DHCP

      • This guide attempts to minimize the risk of network disruption by creating a separate wireless network from your home network, however if you misconfigure DHCP within Pi-Hole to offer IP addresses to your home network, you are bound to have some unhappy home users one way or the other.