Wireless sans wifi
In my last post, I pointed out that public wifi is too dangerous to use. Web/2.0 is fundamentally insecure around eavesdroppers. It allows hackers to break into your accounts and/or your computer.
One option is "mobile broadband", or "tethering" your computer to a 3G mobile phone's Internet connection. The speeds are competitive with public access points. It's a bit of security-through-obscurity, though. It's safer because robust hacking tools to eavesdrop and interact with 3G don't exist. However, since hackers haven't been testing it, 3G is likely no more secure than wifi was in the early days with WEP. Thus, it's not really a good long term security solution.
Anyway, I signed up for a 3G phone service with a Blackjack from Cingular. It's not going to be the first thing that hackers attack when I go to conferences, and it's actually a lot more convenient. I can hook-up/tether the Blackjack mobile phone to my computer, then surf the web from my computer like I was connected to a public wifi.
Setting up tethering was a bit of a pain. Even though this feature has been around for many years, phone companies don't really support it well. While going through the support process, I found some poorly (or not all at) documented features. Typing *#1234# is the secret code to get your version on the Blackjack, *#2222# is the secret code for getting the hardware revision, and pressing the "up" button on the nav-wheel while powering on will completely reset the device (wiping out your data).
I wanted to be able to tether with Bluetooth as well as USB, which was particularly problematic. I could only do so after removing the Toshiba Bluetooth stack and replacing it with Microsoft's Bluetooth stack on WinXP SP2. Then, following the instructions found on the Internet, I was able to get it to work. Tethering via Bluetooth is a bit slower than USB, and of course, a lot less safe. However, I lose cables quiet often while traveling, so having that as an option is pretty important to me. Otherwise, I was going to buy a new computer with 3G like HSDPA or EVDO built in.
Speed is good. I suppose I should measure ping times and DSLtest reports, but I'm too lazy. All I want to know is that I can surf the web, pull up maps, read mail, and do my normal activity. It does this quiet well. It seems that the latency is a bit higher, but the bandwidth is just as good. I'll have to wait until I get into crowded areas like airports to see how well it degrades as more people are using it. EDIT: Most importantly, the phone works while surfing (most other tethered phones cannot both receive a call and surf the web at the same time).
I'm exploring other options than just changing from wifi to 3G. A lot of Web/2.0 companies support SSL for full access, they just don't advertise it because they don't have enough crypto acceleration. You can often find the SSL option if you search enough. Another option that doesn't seem to be used much on the public Internet is automatically establishing an IPsec session between two machines: this is well supported in Windows, but it's never turned on. VPNing back to home, then surfing out from there is really a desperate measure: Web/2.0 should really be secure enough such that it's not necessary.
As a side note, Cingular wanted to my SSN, and of course I didn't give it to them. I got the same reaction I usually get. It's usually an option to provide a deposit instead of an SSN, but they consider that so unreasonable they never tell me about it. They aren't hiding the option, they just assume that nobody would ever choose it. In the case of Cingular, when the sales guy told me that I had to give him my SSN, I said "ok, then I won't buy the service" and was walking out the door before I remembered to ask about the deposit. He was willing to let me go rather than suggest the option. I often wonder why customers think that paying a deposit is such an unreasonable alternative to disclosing your SSN. Does anybody know? Also: everyone in the cybersecurity community refuses to disclose their SSN, right?