Encrypt all the things!

Why is netguard using a vpn

It isn't but is pretending to be one (please excuse the high level tech vocab). That is the way it can be a passthrough for all traffic so it can monitor/block as per user setup.

No excuses needed that was pitched at my level of technical comprehension!
Thanks @aggi @salmonchild that makes sense.

Ive got a load of family photos on phones and tablets i'd like to store somewhere securely and long(er) term. Whats my best bet. Flickr/ photobuckety type website, hard drive, both?

Flickr has limited the number of photos you can store on its free tier.

Personally I'd go with Google drive or OneDrive.

The google photos app is very good and no storage limit either if you choose the auto file size option. MEGA and Dropbox are good to but charge over certain storage limits.

I realise that the Apple Airport I bought in 2011 might not cut it anymore.
Any suggestions for my next WiFi router?

Anything from this lot

https://www.ui.com/products/#unifi

I have their AC wifi (https://www.ui.com/unifi/unifi-ap-ac-lite/) (and a edge router). rock solid, fast, and reasonably priced

Be aware they'll take a bit more setting up than a standard bit of kit though.

The initial setup is a bit of a ballache if you're not particularly IT literate. It's certainly not plug and play.

Thanks. They seem to get great user reviews in online shops.
What is special about these things? They got security advantages over other WiFi routers?

It's more that they are roughly the same price, but have a lot more features and way more powerful.

The downside is, they are not a combined "easy to use" wifi router.

I use

https://www.ui.com/edgemax/edgerouter-x/ for my router

with the Unfi AP AC lite for wifi.

Easily max out my line, the router tends to tap out around 800->900Mbps.

Configuration is ok, if you can follow a guide (or work in networking). I honestly have very little set up, but I have an ethernet connection for internet.

Note: the router does NOT have a DSL/Cable modem in it, so you might need one of those ontop,

The main benefit I've found from them is that once set up they are very stable. I've had other routers where I've had to restart them every so often as devices can't connect or the internet stops working. The Ubiquiti I had on for 8 months without restarting.

That's important to me as often I'm not at home and if it stops working there is loads of stuff I can't access and I'm not there to reboot. May not be as big an issue to others.

I use

https://www.ui.com/edgemax/edgerouter-x/­ for my router

with the Unfi AP AC lite for wifi.

Could the smaller and cheaper PoE injectors work as an alternative to that router?

Possibly, but if Unifi is too pricey for you, take a look at Draytek's offerings.

Their PoE switches start at about £150 I think.

They're just power supplies.

Having recently changed some of my stuff around I do have a ubiquiti router and wi-fi AP (I'm not sure which one) I'm planning to sell if you're interested.

I'd be interested in those if @starfish&coffee doesn't want them

Maybe I misunderstood, assumed that the Unifi router that you were recommended supported PoE and that was a feature that you require. As @aggi says, they're just power supplies.

Thanks for the offer but you’d have to post them to forrin lands so not really worth the hassle. Off to @hamrack they go :)

More big brother at work

https://www.wsj.com/graphics/company-tracking-employees/?mod=article_inline&mod=hp_lead_pos5

Yay! @aggi do let me know if/when you're planning to move those along :)

Tempted to dedicate a morning to reading this entire thread to get clued up, having discussed data and encryption with a chap at a bike coop we both volunteer at.
Does anyone use signal over whatsapp? Just watched 'The Great Hack' tonight and its really scary being so naive

Which makes me tempted to spend a day writing up how I do the internet.

A summary would be:

• Pi-hole at home with almost all lists subscribed to and DNS-over-HTTPS configured against Cloudflare.
  
• NetGuard on my mobile in a default deny config and I have manually allowed every domain from every app - only web browser use is allowed by default
  
• Disable notifications on most apps (prevent background processing)
  
• Use an app like Bouncer to grant app permissions like location temporarily rather than permanently
  
• Delete most apps... just save links to their website on your device. i.e. Guardian app is riddled with tracking and adverts, but a link to the website that launches in Brave with JS disabled is not only faster but shows zero ads, and tracks nothing
  
• Different browsers everywhere: Chrome = Google properties only, Brave with JS disabled by default = most browsing, Firefox for things I care about and want long sessions on (i.e. LFGSS), Firefox Focus = must have full JS but zero trust
  
• Get off Facebook, Twitter, etc
  
• Disable automatic image viewing in Gmail
  
• Consider Protonmail if you want to go Google-less
  
• I prefer Signal or Keybase. I tolerate WhatsApp and Slack (but no privacy on Slack - so professional use only). I won't use Telegram, kik, others.
  
• I use BitWarden for password manager.
  
• 2FA with dual-yubikeys on every service that allows it
  
• Unique emails with every website - I'm a bit nuts and have wildcard aliases on multiple domains, but just using a couple of Google accounts and using the + separate is good enough in most cases: first.last+lfgss@gmail.com but if you have a few Google accounts that you use according to level of trust that is better (because websites will normalise email and some remove the + suffix)
  
• Only use Google sign-in on sites I absolutely trust (LFGSS, Philips Hue, etc)
  
• Only use home automation that functions without a working internet
  
• Bluetooth disabled whenever I'm not actually using it (i.e. wireless headphones)
  
• Google Maps timeline, Google Fit, etc... all disabled. The value is very minor but the data you provide to them is huge.
  
• Garmin Fenix configured not to upload to Garmin Connect - reduces utility but you still have a watch with info, and can get the data files for activities and use offline - I do the same with my Hammerhead.
  
• Use Plex and continue to buy and rip music and films and own your own copy
  
• Don't connect your "Smart TV" to a network, if you have you should factory reset it
  
• Connect games consoles and the like to your guest network
  
• Have a guest network... either the one that a decent networking device supplies, or if you're an advanced user VLAN that stuff
  
• If you can live with it, use a Linux - Ubuntu is good enough
  
  

Of all of that... the things you should care about and do most:

• Get off social media
  
• Use unique email addresses
  
• Use multiple browsers (uBlock in all) with JS disabled by default in the one you browse the web with
  

I'll grant that doing all this from scratch is really hard... it seems overwhelming.

The key to it is to consider it a habit, like brushing your teeth and washing your hands... it's good hygiene done automatically.

Every time you interact online, make a change at home, install an App... just do the hygiene thing and it becomes zero cost to you after a while and a lot of benefit in security and privacy.

NetGuard

Very cool. Not heard of that one before. Any idea how it works without root? Does it pretend to be a VPN?

It pretends to be a VPN, and the only thing it does is serve up a DNS endpoint, whilst monitoring the processes on the phone to associate DNS queries to specific apps.

Why games console on guest network?