this post was submitted on 17 Aug 2023
351 points (100.0% liked)

Privacy Guides

16865 readers
68 users here now

In the digital age, protecting your personal information might seem like an impossible task. We’re here to help.

This is a community for sharing news about privacy, posting information about cool privacy tools and services, and getting advice about your privacy journey.


You can subscribe to this community from any Kbin or Lemmy instance:

Learn more...


Check out our website at privacyguides.org before asking your questions here. We've tried answering the common questions and recommendations there!

Want to get involved? The website is open-source on GitHub, and your help would be appreciated!


This community is the "official" Privacy Guides community on Lemmy, which can be verified here. Other "Privacy Guides" communities on other Lemmy servers are not moderated by this team or associated with the website.


Moderation Rules:

  1. We prefer posting about open-source software whenever possible.
  2. This is not the place for self-promotion if you are not listed on privacyguides.org. If you want to be listed, make a suggestion on our forum first.
  3. No soliciting engagement: Don't ask for upvotes, follows, etc.
  4. Surveys, Fundraising, and Petitions must be pre-approved by the mod team.
  5. Be civil, no violence, hate speech. Assume people here are posting in good faith.
  6. Don't repost topics which have already been covered here.
  7. News posts must be related to privacy and security, and your post title must match the article headline exactly. Do not editorialize titles, you can post your opinions in the post body or a comment.
  8. Memes/images/video posts that could be summarized as text explanations should not be posted. Infographics and conference talks from reputable sources are acceptable.
  9. No help vampires: This is not a tech support subreddit, don't abuse our community's willingness to help. Questions related to privacy, security or privacy/security related software and their configurations are acceptable.
  10. No misinformation: Extraordinary claims must be matched with evidence.
  11. Do not post about VPNs or cryptocurrencies which are not listed on privacyguides.org. See Rule 2 for info on adding new recommendations to the website.
  12. General guides or software lists are not permitted. Original sources and research about specific topics are allowed as long as they are high quality and factual. We are not providing a platform for poorly-vetted, out-of-date or conflicting recommendations.

Additional Resources:

founded 2 years ago
MODERATORS
 

This is very troubling, and I'm not even sure where to start. I recently received an email message from my ISP which alerted me to an incoming update. I didn't worry too much since this is obviously not the first update they've ever pushed through.

However, after this update, I noticed that my guest connections and some other things had changed / disappeared. I logged on to my router, and I immediately noticed my custom password had been reset to the default. No problem, I entered it.

At this point, I saw that all of my options were greyed out. I could change the password, which I did, but nothing else. I immediately called my ISP.

I was told that I would have to use their app now, so as much as I dislike using proprietary phone apps, I conceded and installed the app through the Play store.

However, the agent was not entirely honest with me. I still can't bifurcate my 2.4g and 5g connections, nor can I add or remove any guest connections. I immediately enabled "privacy mode" via the app, which purportedly prevents information from being collected by something called "HomePass," and I "Delete[d] Guard events" whatever the hell that means, but this seems really troubling. I can no longer access my modem/router settings via the normal interface, but have to use an Android app?

There is only one other ISP in my area. They have much worse/slower service, but should I switch, or is this just the "new normal"? Does what I'm describing even make sense? I'm not a tech expert, but I feel like I've self-taught myself how to navigate these settings, and learned from others in online forums, but now ... an Android app?

I'd appreciate any advice. I'd even be willing to purchase my own modem/router instead of using the one from my ISP, if that fixes this mess.

Edit: So I need my own router, at least. I did some research, and these are the ones I can get locally that are within my budget:

  • TP-Link Archer AC1900 Dual-Band Mu-Mimo Wi-Fi Router with Gigabit Port

  • Linksys AC1200 Dual Band WiFi 5 Router

  • TP-Link Archer AX1500 WiFi 6 Dual-Band Wireless Router | up to 1.5 Gbps Speeds

  • TP-Link Archer C54 | AC1200 MU-MIMO Dual-Band WiFi Router

  • NETGEAR - Nighthawk AC1900 WiFi Router, 1.9Gbps (R6900) I’VE BEEN WARNED AGAINST NETGEAR THOUGH IN OTHER FORUMS

  • TP-Link | AX1800 4 Stream Dual-Band WiFi 6 Wireless Router | up to 1.8 Gbps Speeds

  • TP-Link Archer AX3000 | 4 Stream Dual-Band WiFi 6 Wireless Router | up to 3 Gbps Speeds

  • Linksys E7350 AX1800 Wi-Fi 6 Wireless Router

Am I right in thinking the TP-Link AX3000 is best?

Edit 2: At first, I bought the Netgear AC1900, which seemed like a great deal. Turns out it was unusable without creating a netgear account, so I returned it in exchange for the TP-Link Archer AX1500, and it appears to be working! I got everything set up pretty close to the way it was before, except even better.

Once I save money, I'll also invest in a different modem and return this one to my ISP.

This was a big wake-up call for me in terms of privacy. I never listened to people saying not to use your ISP's equipment because I always trusted my ISP (it's not one of the big name ones). Never trust a company. Lesson learned. I appreciate all the responses I got! This community is great!

top 50 comments
sorted by: hot top controversial new old
[–] [email protected] 280 points 1 year ago (11 children)

Get. Rid. Of. Their. Router.

ISP provided networking routers are inherently garbage. They don't want users messing with that, because your average user doesn't even know what the fuck an ethernet cable is and will break everything by fucking around in it.

Run your own router and put theirs into modem only mode with routing and wifi disabled. If that's not an option ask their tech support if you can buy your own DOCSIS/fiber modem (or whatever hardware you use) and return their hardware. If they also don't allow that.... well, switch or just suck it and deal with it while the ISP rubs their nipples some more.

[–] [email protected] 21 points 1 year ago (24 children)

https://cdn.imgchest.com/files/j7kzcvmllm7.png

So I can't disable wireless mode. This too is greyed out, and it also doesn't let me disable wireless via the app. (When I try, it throws a popup that says "You must have at least one network."

So is my best bet to get my own modem with router built in, or could I still connect a router to this, but never use the wifi connection through their equipment? I don't have a lot of money, so I also want to be a bit mindful of cost.

[–] [email protected] 22 points 1 year ago (1 children)

I'd check to see if your provider has an approved modem list, buy one off that and then run your own router.

[–] [email protected] 6 points 1 year ago (2 children)

So I will want a separate router vs. buying one that has it built in? I can use whatever router I want, right? That part doesn't have to be from the list.

[–] [email protected] 14 points 1 year ago* (last edited 1 year ago) (2 children)

Any combo modem router is typically trash and you NEED separate modem because if you get a combo you will be in the same situation. They will flash the combo unit with the same firmware wether you own it or not.

You will want an aris modem from there approved list and a good wireless router. When you swap out your modem you will need to call in so they can flash it with thier firmware (which is fine). You can then configure your router as needed.

I can't recommend a wireless router because I have a Unifi household and have been out of the consumer space for a while. I hear netgear nighthawk are still creame of the crop though.

[–] [email protected] 7 points 1 year ago (1 children)

Wow, so ISPs can usually flash custom firmware on a 3rd party router? I'm surprised that capability exists, although I can kinda see the rationale for why it does.

load more comments (1 replies)
load more comments (1 replies)
[–] [email protected] 11 points 1 year ago (1 children)

You are going to get more functionality if you buy separate devices. A combo router is going to give you less flexibility in the future. That is why you keep getting that recommendation.

[–] [email protected] 6 points 1 year ago (5 children)

That makes sense, thanks. As much as I try to educate myself, I'm a soft sciences guy and a bit of a misfit when it comes to this type of thing :P

load more comments (5 replies)
[–] [email protected] 6 points 1 year ago

When I try, it throws a popup that says "You must have at least one network."

Sounds like it might allow you to disable it after you plug your own router in. If not, customer service might be able to do it. Ask them to put it in modem only mode.

load more comments (22 replies)
[–] [email protected] 11 points 1 year ago (7 children)

You could always do double NAT (put your own router behind theirs) as last resort. It's not that bad, I've done it a lot.

load more comments (7 replies)
[–] [email protected] 6 points 1 year ago (8 children)

Is the Unify Dream Machine a good option?

load more comments (8 replies)
load more comments (8 replies)
[–] [email protected] 84 points 1 year ago (1 children)

Use that shit as a modem and get another device for your internals.

[–] [email protected] 29 points 1 year ago (3 children)

So I just got off a chat with an agent who tells me if I provide my own equipment that I will be able to use the settings as normal and delete the phone app, but that I have to use one from their supported modem list.

I'm thinking about the Arris SBG8300.

[–] [email protected] 28 points 1 year ago (14 children)

Arris makes good stuff. But that is just the cable modem. It will NOT provide any router protection for your home network. Your network topology should look like this:

ISP -> your cable modem -> your router -> everything else

Honestly, if you don't have need for many ethernet connections, just get a wifi router with good reviews and the arris cable modem. Make sure the cable modem you pick up has the right DOCSIS version for the speed you are getting or plan to upgrade to. Your ISP will be able to tell you what version they are on.

[–] [email protected] 6 points 1 year ago

Arris makes good stuff.

Except when they hardcode the challenge for logging into the admin console into their web frontend. To call the firmware code quality subpar would be an exaggeration.

load more comments (13 replies)
load more comments (2 replies)
[–] [email protected] 69 points 1 year ago (1 children)

Run your own router. NEVER rent a router lol

[–] [email protected] 15 points 1 year ago (5 children)

If I gave you a list of the names of routers that are available to buy in my town and that are within my budget, do you think you would be so kind as to recommend one for me? There are so many and I really don't know where to start

I promise I wouldn't hold you accountable for my decision :P

[–] [email protected] 7 points 1 year ago* (last edited 1 year ago)

Those "lists" are likely non-exhaustive. Virtually any combo will work given it works with the internet-protocol your ISP offers. My team prefers TP-Link routers for their update times, but ASUS/Netgear are both solid options as well.

I use a $250 VPN router because of my team's interest in the dark web. I find it more helpful to put the entire network behind a wall than w/ each individual device. Imho?.. $250 was overkill for how much I pay my ISP for speeds. But this bad-boy is very future proof. https://www.tp-link.com/us/home-networking/wifi-router/archer-gx90/

Future-proof with at least a router (> WiFi 6) AND a modem. The combo-style ones are almost all bad (ymmv).

Many, many ISPs will lock internet to ONLY the mac-address of the modem/router, so make sure you change the address in settings. For instance, if a company ships you a router, the MAC of that router will be the only one that can connect from your address.

For TP-Link: 192.168.0.1 -> "Internet" Settings -> "MAC Clone" (Set the MAC address of your router. Use the default address unless your ISP allows internet access from only a specific MAC address)

Edit: Feel free to post any "options" from your ISP and what speeds/price they offer :)! If you're only paying for <100Mb/s, a $250 router will be stupidly-overkill.

Edit2: TP-Link AX3000 WiFi 6 Router is my vote because it also has VPN capabilities if you need that in the future.

load more comments (4 replies)
[–] [email protected] 36 points 1 year ago (3 children)

Never use their router. Obviously for the issue you're having now, but also for financial reasons. They charge ridiculous fees for renting their shit routers when buying one for like $120 will be a significant upgrade over there's and will start saving money like 6 to 8 months in. Also it's not tied to the company, so you get to keep it.

[–] [email protected] 6 points 1 year ago

I even had the tech try to install their own router after I'd told them I'd be using my own hardware, and then he ARGUED with me that theirs was better and faster. Didn't ask for your opinion, install the service the way I asked, I know what I'm talking about in this space.

load more comments (2 replies)
[–] [email protected] 27 points 1 year ago (3 children)

Never use the ISP provided equipment on your network. Even if you must use their modem and router, have them turn of the wifi, and connect your router to their garbage using the WAN port to connect from their LAN port with nothing else connected. If they refuse to turn off their wifi and you can't do so through the admin, cover their crap in a Faraday cage to kill the signal. Always enter your own DNS settings on your router, never use their DNS. Make sure to use an encrypted DNS to avoid them hijacking it.

load more comments (3 replies)
[–] [email protected] 21 points 1 year ago (1 children)

You should out the ISP by name. Fuck those guys

load more comments (1 replies)
[–] [email protected] 19 points 1 year ago (4 children)

Never ceases to amaze me just how awful US ISPs are. Why do they get to behave like this? Are they local monopolies or something?

[–] [email protected] 16 points 1 year ago (1 children)

Yes, they are local monopolies. They stay out of each other's territory, like gangsters.

load more comments (1 replies)
[–] [email protected] 12 points 1 year ago (2 children)

There's one other big provider here, but it's not nearly as fast or reliable, nor as easy to work with. Up until today, I always praised my ISP, but this is absolutely bonkers!

load more comments (2 replies)
load more comments (2 replies)
[–] [email protected] 19 points 1 year ago (2 children)

OP, people often mention openwrt, but you can also buy a FreshTomato compatible router and also try that. It's super user friendly, regularly updated, and has a significant amount of features you would likely never find on average routers, just like openwrt.

I really like using the VPN functionality and running an openVPN server and dynamic DNS setup so I can always connect my phones to a trusted VPN and backhaul my connection through home while I'm out and on a risky open connection.

As a Cybersecurity professional, I feel like it's got a lot of good things going for it that I really appreciate, and you can control it without the ISP being able to intrude on your network.

I run my wired connections through that and use the router for DHCP, and then also have a separate mesh system for my wireless. I can set up separate virtual networks as needed and have them separated/isolated altogether, or allow specifically how I want them to see each other, etc.

You can even set up entirely different networks by port on the back of the router. Cool stuff. Openwrt is good too, but most people don't know about FreshTomato I don't think, it spun off of Tomato several years ago when those devs quit updating it.

load more comments (2 replies)
[–] [email protected] 15 points 1 year ago (2 children)

Not worth the hassle, replace the stupid router with an openwrt one

[–] [email protected] 6 points 1 year ago

I was about to comment that I don't know how to do that, but it looks like openwrt actually has its own forums.

Still not ready to do this on the spot, but this is another thing worth educating myself about, thanks

load more comments (1 replies)
[–] [email protected] 13 points 1 year ago

That's unacceptable. I agree get a dumb modem from them and use your own Router/firewall/ access points

[–] [email protected] 13 points 1 year ago

Name and shame, dude. Your post is great and we need some proper nouns.

[–] [email protected] 10 points 1 year ago

Talk to your ISP about getting a modem only, without a built-in router, then purchase a separate router of your own. All-in-one modem/router combos are generally kind of crap anyway, and one that your ISP can control directly is obviously a problem on top of that. I get why they'd do that: most users don't know a damn thing about how to properly set up their network, and being able to change settings without walking the users through it would simplify things. Still crap, but I get why.

Even if you have to buy your own modem, definitely go for a modem-only device and a separate router. Personally I go the extra length of having a modem, a separate wired-only router, and a separate wireless access point for wifi. Combo devices have a habit of not managing memory well and needing to be reset more often.

[–] [email protected] 8 points 1 year ago

Change iSP if you can, ans un any case you should use your own router running OpenWRT to have full control over your own network

[–] [email protected] 8 points 1 year ago

I wouldnt say thats normal ... (at least here in germany).

Maybe consider using the isp device as modem only and use your own router?

[–] [email protected] 8 points 1 year ago (1 children)

I saw your edit are you able to get an asus router in your budget? Check Facebook and Craigslist. That's gonna be the best brand you can buy with the most features. I got a little usb drive hooked up and it has a built in encrypted torrent Downloader. Mine is pretty expensive but I'm sure you can find a used one.

load more comments (1 replies)
[–] [email protected] 7 points 1 year ago

Sounds like Comcast lol they suck. It sounds like you are using the router provided by your isp. Try getting your own equipment (router/modem).

[–] [email protected] 6 points 1 year ago

It sounds like what you want is to either get a modem (either rented through the ISP or bought 3rd party, if your ISP supports it) and then ensure that this modem is in bridge mode without any sort of router features. That said, most places will just give you a dumb modem if you have no intention of using their router.

Then the other gear would be a router with the feature set you want. I personally am quite fond of my Mikrotik hap ac2 but the ac3 looks good too. I don't use the Mikrotik for the wifi either (I use unifi for that), but it's decent enough for a small space in a pinch.

Basically you would need to find out from your ISP if they allow you to bring your own gear -- modem and/or router, with the router being the more important of the two and get their help to either swap your existing device into a bridge or getting you something that can.

[–] [email protected] 6 points 1 year ago (1 children)

Personally I would drop them out of principle. I don't feel like supporting assclowns. Its the same reason I started using Linux, Lemmy, Qwant, etc.

load more comments (1 replies)
[–] [email protected] 6 points 1 year ago

You could also look into OpenWrt and maybe get your device an open firmware. For a more advanced setup you can look into OPNsense, but you will probably need additional devices for WLAN, DECT, etc.

[–] [email protected] 6 points 1 year ago* (last edited 1 year ago)

Ask for bridge mode and install your own router. It’s the first and most important step towards privacy. Also sounds like you got plume devices. Only use them in Wi-Fi bridge mode. You retain some of heir functions and utilities but you’ll still be in control of your network.

[–] [email protected] 5 points 1 year ago* (last edited 1 year ago)

I never use their device for anything other then a transceiver/bridge. I would just get my own gateway and place it inside theirs. Do get one that has updates. Replacing theirs is not a bad idea too.

[–] [email protected] 5 points 1 year ago (1 children)

I have been running a TP-Link Archer C4000 for several years now. Super solid, great price, no complaints. For me the tri-band capability is more important than Wifi-AX, which isn't very useful unless you need incredibly fast network speed or if you have a ton of devices (which all need to be supporting AX).

load more comments (1 replies)
load more comments
view more: next ›