Looking for a portable VPN? Don’t pick these products.

I have been testing some interesting devices to help you set up VPNs when you travel. By now most of you know not to connect to open WiFi access points, because your Internet traffic can be monitored, recorded, invaded, and used against you. The way to avoid these issues is to use a VPN. Until recently, you had a few different choices to install some software or bring your own VPN device. Both are more suitable for corporate networks, and aren’t all that easy to install and configure. These three devices attempt to make things easier for consumers. Sadly, they all aren’t quite up to the task.

Both the Butterfly and eBlocker are small hardware devices. The Butterfly has a USB end that fits in any USB AC power adapter. The eBlocker is a cube two inches on a side with its own Ethernet and power cables to connect it up. The Webroot product is only software. You see I listed their prices above, and that is my first complaint: a consumer VPN should be priced transparently. Figuring out their prices shouldn’t take a combination of a CPA and a PI.

The appeal of the three products are their supposed ease of installation. However, I ran into problems on all of them. For example, the eBlocker is made in Germany, and the default menus are shown in German. If you want to change this to English menus, you have to learn enough German to navigate through the menu tree to find the switch to make this happen. The Butterfly (setup menu at left) is designed to operate with a simple open WiFi router. As you move about the world, you have to find and connect to one before you can establish your VPN connection. That is great, but you will have problems on other routers that aren’t completely open. For example, you’ll have issues if you connect to hotel or airport routers with captive wireless portals that require you to bring up a web form to acknowledge something. Also, there was no way to change the default password in any of its  configuration menus, which seems like a major security shortcoming. The Webroot VPN was the easiest to install, since it was just software that runs in the background, but it had issues that I will get to below.

On all three, you can select various VPN endpoints for your traffic to appear to come from. At right, you can see how you can do this with Webroot, by clicking on the locations shown in the list. That has a lot of appeal — if it really worked as advertised. With eBlocker, you can also set up your Internet traffic thru the TOR network for even more privacy. I had issues with all of them when verifying the IP addresses with a public service, such as WhatisMyIP.com. They didn’t always consistently work, and despite conversations with each vendor, I couldn’t exactly tell you why.

Webroot also allows you to select a particular VPN protocol (like IPsec or PPTP) if you need to connect to a corporate VPN. That is a nice touch.

All three also do more than just setup a VPN. Webroot does rudimentary content filtering. eBlocker can anonymize your originating IP address and block ads in your browsing sessions. It has this privacy discovery page where you can see what kind of information is being collected from your browser session, if you need reminding. Here is what its dashboard looks like:

Blocking ads seems like a great idea, until you run into lots of websites that won’t deliver any content to you until you unblock them. As an example, my hometown newspaper doesn’t allow any visitors from EU countries because of potential GDPR liabilities. (That is probably a canard, but still.) There is a whitelist to add sites to try to get around this, but it didn’t seem to always function as intended.

Using a VPN can also come in handy when you travel overseas and want to access content from the streaming video services. This is because the shows that we take for granted here in the US aren’t necessarily licensed for overseas viewing. For example, I was recently in Israel, where I was pleased to see that Amazon was streaming “The Man in the High Castle” but blocked just about every other one of their other original shows. However, none of the VPN services of the three devices would work reliably in this situation. And with Webroot’s VPN engaged, I couldn’t access any Netflix content whatsoever. It could be because of cookies set on my computer, or because of how I registered for the service, or it could be something else. The bottom line: if you want to securely access your content when you travel, you can’t depend on any of these devices.

And that is why I recommend you don’t buy any of these three items, at least until each vendor does a better job with fixing the issues I mentioned above. Consumer-grade VPNs are a great idea, especially if you travel frequently. But they are still a challenge, unless you have an IT department standing by to assist you when you run into snags on the road.

Netgear’s Arlo Pro security cameras: Better than before but pricey

This article is the latest installment in my smart home series. A natural addition to any smart home would be to use security cameras to monitor your entry points. I tested the latest Netgear Arlo cameras, including the Arlo Pro and the Arlo Go. Overall, my review is mixed.   

Netgear has had its Arlo line for several years. What is new with these two units is the rechargeable batteries, so you don’t spend a small fortune on replacing the ones in the cameras. The design goal with Arlo is that you can run them completely cable-free, so you can place them optimally without regard to wiring. By that they mean that you don’t have to run any wires to them, either for power or network connectivity.

But there are two different battery sizes for the Pro and the Go models. Go includes a slightly larger unit that comes with its own stand. Pro has a smaller magnetic attachment device to be mounted on the wall.Either Pro or Go batteries can be recharged outside the camera with an optional $60 charging dock, which is included in some of the multiple-camera kits.  

The older Arlo models used ordinary batteries that drained quickly. These newer models use rechargeable ones that last a couple of weeks, depending on usage, and connect via Wi-Fi networks (in the case of the Pro) or Go has its own AT&T SIM card. That means the Go can be placed anywhere that has a cell signal, and if you don’t have any indoor Wifi. You can see the signal strength on its web portal page. This is great for a remote cabin the woods, as long as it isn’t too far afield from a cell tower.

Both of the newer cameras can record ambient audio and can see a 130 degree video view in HD quality, along with night vision rather at 850 nm that can see things up to 25 feet away. You can also control a 8x zoom lens in real time. The original Arlo cameras has a 110 degree view and no audio capabilities.  

Camera setup is very simple. You connect the controller to your wired network, download the smartphone app, and press the button on the controller and then on each camera for it to be recognized by the system. You need to create a login ID with the web service. One ID per system only. Once you have setup the cameras with this login, you can use the smartphone app outside of your home network.

You can only be logged in at one location: either via the smartphone app or the web portal. This is a security feature. The web and smartphone app controls are almost the same, with the exception of geo-fencing mode that is available on the phone app only.

The cameras have four different detection modes: armed, schedule, geo, and disarmed. The schedule mode allows you to turn off the detection during the weekend or when motion sensing would kick off too many alerts. You can also set up your own custom rules for all the cameras connected to your hub or for particular Go cameras.

You can set various thresholds — for motion (the claim is 23 feet from the camera) or sound detection. Then the cameras record the next ten seconds. When you purchase the camera, you get a free week’s worth of video storage in the cloud, after that you have to purchase a storage plan if you want to keep the videos for any length of time. (You can access your video library easily at any time, shown here.) You can download these videos as MP4s, and also share them with Netgear. If you use the Pro models, they attach to a local controller, which has two USB slots where you can fit a USB thumb drive for local storage. The Go units have a microSD slot where you can store your video recordings.

The biggest new feature of the Pro/Go cameras is audio, and it is two-way so you can get an alert via email and then talk remotely to someone who has stopped by your lake house and knocked on your door when you aren’t home as an example. You can also set off a very loud alarm remotely if you see something amiss.

The Arlo setup comes with a free basic subscription plan. This covers up to five cameras and up to seven days of 1 GB of cloud storage for your recordings. There are a variety of paid consumer and business plans that up the level and duration of storage and the number of cameras per account, these start at $100/year per account. The cameras retail for $950 in a kit that includes six Pro cameras, several wall mount options, power chargers and a base station. A single camera system is $250. The Go camera on the Verizon cellular network retails for $350, plus $85 a month, provided you sign a two-year contract.

If you have an older Arlo setup, it probably isn’t worth it to upgrade to Pro or Go collection. If you are looking for a smart home webcam, you can certainly find cheaper models that will require some wiring, or use ordinary batteries. It might be worthwhile to have a single Arlo Pro or a Go in the case of the remote cabin without any Internet connection. If you don’t mind replacing batteries and don’t need the two-way audio, you should stick with the older Arlo models.

Securing the smart home, a guide to my reviews series

I began a series of reviews for Network World on securing the smart home. These three articles were published earlier this year:

Since then, I have written additional stories, but before I introduce those I want to take a step back and review the decision process that I would recommend in terms of what gear you should buy and at what point during your smarter home networking automation journey. And let’s also take a moment and review the decisions that you have made so far on hubs and wireless access points and how these decisions can influence what you buy next.

While there is no typical decision process for this gear, here are a series of five questions that you should have begun thinking about:

  1. Do you already own a smart thermostat? If not, make sure you pick the one that will work with your hub device. Nest doesn’t work with Apple’s HomeKit, for example. I will talk about my experience with Nest in a future installment. Also, you might also want to make sure that you can upgrade your older thermostat with something more intelligent, in terms of wiring and network access.
  2. Are you in the market for a new TV? If you are, consider what your main motivation is for buying one and which ecosystem (Apple, Google or Amazon) you want to join and use as your main entertainment provider. It used to be that buying a TV was a major purchase, but today’s flat screens are relatively inexpensive. Most new TVs come with wireless radios and built-in software to connect with Netflix, Amazon, and other streaming providers too.
  3. Are most of your cellphones Android or iOS? While many of the smart home products work with apps on both kinds of phones, that doesn’t necessarily mean that features are at parity between the two phone families. In some cases, vendors will prefer one over the other in terms of their app release schedule and that could be an issue depending on which side you are on. If you are serious about considering Apple HomeKit products, obviously you will need at least one Apple phone for managing its basic features. While Apple’s ecosystem supports the largest collection of smart home devices, overall, many of the smart home products will work on either Google Home or Amazon Alexa as well.
  4. Do you have sufficient wireless and wired infrastructure to support where you want to place all your devices? As I mentioned in my last installment, one of the major reasons for using a better wireless infrastructure like the Linksys Velop is because of its wider radio coverage area. Make sure you understand what your spouse is willing to tolerate in terms of wiring and AP placement too while you are assembling your new network requirements and scouting out potential AP locations around your home. As part of this decision, you might also need to upgrade your ISP bandwidth plan if you are going to be consuming more Internet services such as video and audio streaming.
  5. Do you have enough wired ports on your network switch? With all the devices that you plan on using, you probably are going to run out of wired ports. And while you might think that most smart home products are connected wirelessly, many require some kind of wired gateway device (the Philips Hue is an example here) that will consume a wired Ethernet port.

Those five questions should help get you started on your smart home journey. But before you purchase anything else, you might want to consider these security issues too.

  1. Do you understand the authentication requirements and limitations of each smart home app? One of the biggest limitations of the smart apps is how they set up their security and authentication. In many cases, the app can only use a single login ID and password. If you want multiple family members to use the app, you may have to share this information with them, which could be an issue. You might want to consider a document that lays out your family “rights management” — do you want your kids to be able to remotely control your thermostat or monitor your home security cameras? What about your spouse? This begs the next question:
  2. Who in the family is authorized to make changes to your smart infrastructure? By this I mean your network configuration and access to your computers, printers, and other IT gear. Again, in the past once this was set up it wasn’t often changed by anyone. But the smart home requires more subtle forms of access and this could be an issue, depending on the makeup of your family and who is the defacto family IT manager.
  3. You should plan for the situation when you (or another family member) loses their phone with all of your connected apps and authentication information. This is one of the major security weaknesses of the smart home: your apps hold the keys to the kingdom. Most of the apps automatically save your login info as a convenience, but that also means if you lose your phone, it can be a massive inconvenience. Some of these apps will only work when they are on your local network, but others can reach out across the Internet and do some damage if they fall into the wrong hands. Given how often your family members lose their phones (I know of one 20-something who loses her phone twice a year), this might be worthwhile. You might want to record the procedures for resetting your passwords on your various connected apps and other login information.
  4. What happens when one of your smart devices is compromised? The reports earlier this year about the compromised web server that comes with a Miele dishwasher are somewhat chilling, to say the least. How can you detect when a smart device is now part of a botnet or is running some malware? We will have some thoughts later in the series, but just wanted to raise the issue.

As you can see, making your home network smarter also means understanding the implications of your decisions and the interaction of products that now could create some serious family discussions, to say the least.

The remaining reviews in the series include:

Network World: Linksys Velop boosts home network throughput

I take a look at the Linksys Velop Wi-Fi access points. This is the third in my series of reviews for Network World on smart home devices. If you are going to invest in smart home tech, you want a solidly performing wireless network throughout your house. While I had some minor issues, the Velop delivered solid performance and I recommend its use, particularly if you have existing radio dead spots in your home or have to use multiple networks to cover your entire property. You can read the review here. 

Party like the Internet is 1994

BMW has this very funny ad where Katie Couric and Bryant Gumbel discuss the makeup of an Internet email address back in 1994.

To say that the Internet wasn’t mainstream enough for the Today show hosts is an understatement. Back then, few people had any idea of what it was, how email was used, or what the punctuation in the email address signified. Looking at the Today show this morning, things certainly have changed: live Tweeting of the snowstorm, Carson Daly and his magic touch screen surfing social media, and even some of the hosts reading off their laptops on air. We have come a long way.

But let’s go back to what we were all doing 20-some years ago. Back then it was hard to get online. We had dial-up modems: no Wifi, no broadband, no iPhones. PCs had PCMCIA cards, the precursor to USB ports. Other than Unix, none of the other desktop operating systems came with any support for IP protocols built-in.

Now it is hard to find a computer with a dial-up modem included, and without any Wifi support. Even the desktop PC that I last bought came with a Wifi adapter.

The communications software was crude and finicky: it was hard to run connections that supported both Ethernet (or Token Ring, remember that?) on the local office network and then switch to remote IP connections when you went on the road. I was using Fetch for file transfer (I still like that program, it is so dirt simple to use) and Mosaic, the first Web browser that came out that Illinois campus where a young Marc Andreessen was studying before he made it rich at Netscape. Companies such as Netmanage and Spry were packaging all the various programs that you needed to get online with an “Internet in a Box.” This was a product that was a bit different from that described in “The IT Crowd” TV show a few years later:

Back in 1994, I had a column in Infoworld where I mentioned that configuring TCP/IP was “an exercise in learning Greek taught by an Italian.” My frustration was high after trying a series of products, each of which took several days worth of tech support calls and testing various configurations with software and OS drivers to make them work. Remember NDIS and the protocol.ini file? You had to be familiar with that if you did a lot of communicating, because that is where you had to debug your DOS and early Windows communications strings. When they did work it was only with particular modems.

Finding an Internet service provider wasn’t easy. There were a few hardy souls that tried to keep track of which providers offered service, through a combination of mailing lists and other online documents. Of course, the Web was just getting started. Getting a dot com domain name was free – you merely requested one and a few seconds later it was yours. Before I had strom.com, I was using Radiomail and MCIMail as two options for Internet-accessible email addresses.

Indeed, mobility meant often using different modems with different software tools. When I traveled, I took four of them with me: cc:Mail (to correspond with my readers and to file my columns with the editors), Smartcom (to pick up messages on MCI Mail and others that I connected to from time to time), Eudora (for reading my Internet mail), and Versaterm AdminSlip (for connecting to my Internet service provider). That was a lot of gear and software to keep track of.

With all of these modems, if you can imagine, the telephone network was our primary means of connection when we were on the road. Of course, back then we were paying for long distance phone calls, and we tried to minimize this by finding collections of “modem pools” to dial into that were a local call away. Back then I was paying $100 a month for dial up! Then ISDN came along and I was paying $100 for 128 kbps! Now I pay $40 a month for broadband access. I guess things have improved somewhat.

Check your DNS, now!

Being the author of a mostly unknown home networking how-to book means that I have lots of insights into how people run their home networks. And even though the book is ten years old, things that I wrote about then that are still very much current, such as keeping your computers secure from infection.

I was reminded of this situation this week with the news that the FBI has taken down one of the largest botnets in history. The crime ring, based in Estonia, managed to steal somewhere north of $14 million by infecting millions of computers. I wrote the story this morning for ReadWriteWeb and you can click on the link at the end of this piece and read more details as well as navigate to links where you can find out whether your computers are infected.

While it is great that the bad guys were apprehended, it was somewhat bittersweet victory. Computer security vendors actually knew of their nefarious activities five years ago, when the DNSChanger exploit was first observed. And while you can fix a part of the problem, there is still no single simple method to disinfect your computers and routers from this scourge.

DNS refers to the Domain Name System, which was invented by Paul Mockapetris back in 1983, and he is still actively involved in selling DNS solutions today. (Paul and I served for several years together on the Interop conference advisory board, where I got to appreciate his rapier wit.) Every thing on the Internet, whether it is a computer, a mobile phone, a router, or some mundane embedded device, uses DNS to translate the alphabetical domain address, like strom.com into its numeric IP address, the collection of digits that we have run out of assigning earlier this year.

The nasty brilliance of the Estonian DNSChanger exploit was that it replaced the DNS settings of your computers – both Macs and Windows – along with common home routers. This meant that when you tried to go to certain Web destinations you would be directed instead to a phony one, or served up phony ads on legit sites. That is how they collected so much money, one click at a time.

If you bough a Linksys or Dlink or Netgear router and didn’t change its default password when you set it up, you should stop reading right now and rectify that situation.

Over 100 servers were located in data centers in New York and Chicago to handle the phony DNS queries. (So much for that shortage of IP addresses.) The FBI has published a list of these IP addresses, and you can check against that list (or use a Web form that they have set up) to see if your network has been compromised.

If you are mucking about with your network’s DNS, now would also be a good time to use a more secure DNS provider, such as OpenDNS.org. It is free and will also speed up your Web browsing too.

As I said, you can get more details, as well as the links to some of the stuff I mentioned, here.

Feel free to post comments on my RWW story too if you are so moved.

Computerworld: Six annoying router problems

These days, having access to wireless broadband is an absolute necessity for home offices and small businesses. And after more than a decade of innovations, you would think that the standard wireless gateway/router would be a picture-perfect product by now. Alas, no. While many routers offer good features, most still come with flaws that can make life a lot harder, such as confounding setups or limited security.

What follows are six router problems that, quite frankly, I find the most annoying. I looked for possible solutions, and while I didn’t find one router that addressed all my concerns, I did discover features — and routers — that could make things a lot easier. Read my article in Computerworld here.

Ten tips to secure your laptop

As more people use a laptop for their primary work PC, the chances for being compromised because of some wireless miscreant looms large. Here are ten how-to tips to protect yourself and make the best use of a wireless network, whether you are at home, at work, or in between.

Read the rest of the article posted today on Techweb/Information Week.com

Lessons learned from a home networking odyssey

I first met Mike Azzara about 18 years ago when I began creating the concepts and overall editorial plan for a new networking magazine called Network Computing. Alas, the magazine has come and gone, and Mike’s career at CMP is also a fond memory, but we are still in touch. Over the years, I have served as his personal IT support guy, but when I moved out of state, he could no longer drag me over to his Long Island, N.Y., home and feed me in barter for networking chores. I still did some support for his home network, and it dawned on me that our correspondence would make for a dandy series of articles that details every step he made in going from four computers and two printers with no real connectivity among them to DADNET, a unified network where the computers can all “see” each other and share each other’s printers and hard drives (on a good day).

The result is the following series that is posted on DigitalLanding.com describing his plans, progress, and triumphs. And as Mike says, if he could figure out how to crimp and create his own Ethernet cables, so can you!
Here are seven lessons we distilled from the experience:

  1. You can do it: I may be guilty of beating the proverbial dead horse, but if Strom had told me a year ago that I’d be stripping and terminating cat5 Ethernet cable, I’d have told him to quit the crack. But doing so, while daunting at first, became easy after some study and practice. (Here’s a link to the page that made it possible for me to wire my home network.)
  2. Plan, plan, plan: Planning ahead and thinking through each change, especially in terms of how it will affect everything else in a home network, is crucial to disaster avoidance. I spent the first half of the summer just thinking through various network scenarios.
  3. Check/verify each change: Plan in advance how to verify that a change has worked or had the intended effect. If you make multiple changes before verification, you’ll have a harder time pinpointing a problem. For instance, when I had problems with video chat, I changed just one item–the cable modem. Then I retested the video chat and it worked, so I knew it was the old cable modem that was the bottleneck.
  4. Persevere: Getting network software settings right is essentially voodoo. But any relatively intelligent person will eventually make sense out of the gibberish that passes for instructions in this industry and get most anything to work—as long as you stick it out.
  5. Google is your friend: Whatever you’re up to, you’re not the first. Google the words you imagine in the solution to your problem, or just ask Google your question and hit return. Sometimes you have to read several articles or forum posts before you can make sense of the solution, but you’ll get there eventually. I did. (See “Persevere.”)
  6. When all else fails, check the firewall: Yes, Norton keeps us safe–by preventing communications. Some firewall settings need fiddling before your computers can get intimate over your network, particularly the “Trust” settings in your firewall.
  7. Listen to your users, I mean your family: I saved a ton of time and trouble by not rigidly adhering to the model I originally planned, and instead left things the way my kids preferred. They’re perfectly happy with their printer being a whole floor away, something my wife and I can’t fathom.

You can read the first chapter of Mike’s home networking odyssey starting here.

Don’t try to get your laptop repaired in St Louis!

A local TV station had a consultant intentionally sabotage  their Dell laptop by removing its hard drive and putting a small jumper on the pins of the drive to keep it from booting. They took it to a series of local computer chains to see if they could diagnose and repair it, and only one, an independent shop, bothered to remove the drive and see that the jumper was there. Most charged for a test that wasn’t helpful and said to return it to Dell. Those of us that go into Best Buy and Circuit City and get their usual lousy support aren’t surprised by this, but it makes for some great viewing.