Greenwood2
Member of DD Central
Posts: 4,376
Likes: 2,780
Member is Online
|
Post by Greenwood2 on Nov 2, 2024 13:57:25 GMT
Virgin in their infinite wisdom have sent me a new router and want me to return the old one. I think this has security implications in what information might be stored on the old one. Anyone know how worried I should be about that and how to wipe any information I wouldn't want anyone to have access to?
|
|
|
|
Post by bracknellboy on Nov 2, 2024 14:19:39 GMT
Virgin in their infinite wisdom have sent me a new router and want me to return the old one. I think this has security implications in what information might be stored on the old one. Anyone know how worried I should be about that and how to wipe any information I wouldn't want anyone to have access to? I'm not sure what information would be stored on a router, other than passwords. Which are not terribly useful if the router is returned. However, I would expect that you can do a factory reset ? Whether you can do that without it being up and running I don't know. I think with mine it would be a case of logging into the router as Admin and then performing a reset: but I haven't looked and checked, just an expectation.
|
|
|
|
Post by mostlywrong on Nov 2, 2024 14:20:30 GMT
Virgin in their infinite wisdom have sent me a new router and want me to return the old one. I think this has security implications in what information might be stored on the old one. Anyone know how worried I should be about that and how to wipe any information I wouldn't want anyone to have access to? Before you go any further, make certain that you have the account name and the password for your Virgin account clearly written down on a piece of paper in your hand...
Two ideas:
Somewhere on the back or side of the router, there will be a reset button, sometimes recessed. With the router powered on, press and hold that button for a few seconds.
Let it start up, and it will try to connect to your provider and will ask you for your account name and password. That will indicate that you have successfully wiped the router's memory.
Or:
Access the router home page from your computer/phone and look for the "Factory Reset" setting. Mine is under Advanced Settings/System/Factory Reset.
The address in your browser might be: 192.168.1.254 but that will vary. You might also need an account name and password. If you have not set one, try "admin" and "password".
Let it finish resetting. It should finish by asking for your Virgin account name and password. Again, that indicates that you have successfully wiped the router's memory.
At the risk of being wrong, I would not worry too much as the router is "just" a gateway. It lets you onto your provider's network (which needs an account name and password) and stops the bad guys from getting in to your system. A Factory Reset will clear the account name and details. I doubt that any of your data in the router will survive a Factory Reset.
But, as always, I am:
MW
Edited to add: Some clarification of the process.
Of course, if we never hear from you again, my instructions were incorrect. Sorry and all that...
|
|
benaj
Member of DD Central
N/A
Posts: 5,591 
Likes: 1,735
|
Post by benaj on Nov 2, 2024 20:28:26 GMT
Virgin in their infinite wisdom have sent me a new router and want me to return the old one. I think this has security implications in what information might be stored on the old one. Anyone know how worried I should be about that and how to wipe any information I wouldn't want anyone to have access to? What information stored in the router? Well, nothing too sensitive. Just some router software, configuration (includes Admin ID and Admin password, network IDs and password) and log files if you don't wipe it. Even if you wipe it clean, the router software and default configuration stay.
|
|
michaelc
Member of DD Central
Say No To T.D.S.
Posts: 5,677
Likes: 2,974
|
Post by michaelc on Nov 2, 2024 20:57:19 GMT
I guess it _could_ store DNS information if you use it as your primary DNS source. If it stores its cache that would mean someone else could see which websites and apps on your phone you've used. Suspect that's unlikely but don't know.
|
|
|
|
Post by mostlywrong on Nov 2, 2024 22:02:15 GMT
I guess it _could_ store DNS information if you use it as your primary DNS source. If it stores its cache that would mean someone else could see which websites and apps on your phone you've used. Suspect that's unlikely but don't know. As far as I can see in my domestic router, none of that is stored in the router. Only on the computer/mobile.
Although my previous routers have required me to maintain the software configuration, this one does all of that work.
My router log is full of devices attaching and detaching and, in the last hour or so, an attempt by a Taiwan based IP address to force its way in. It failed.
I will add that I have little doubt that someone/something will penetrate my defences at some point. So, all they will find is my Windows x installation.
I try not to leave anything personal on an internet exposed computer.
I run a completely separate network for my personal stuff. And that does not even know that the internet exists!
MW
|
|
angrysaveruk
Member of DD Central
Say No To T.D.S
Posts: 1,309
Likes: 775
|
Post by angrysaveruk on Nov 2, 2024 22:05:32 GMT
Virgin in their infinite wisdom have sent me a new router and want me to return the old one. I think this has security implications in what information might be stored on the old one. Anyone know how worried I should be about that and how to wipe any information I wouldn't want anyone to have access to? I wouldnt worry too much about it, the law requires your internet activity to be logged by your ISP and put on a database that the police, HMRC, government etc can access when they want. I would be pretty sure anything your router has stored on it will already be logged in this database by your ISP. If you dont want your router, ISP or the authorities looking at your internet history use a VPN based outside the UK in a country with better privacy laws such as Switzerland.
|
|
michaelc
Member of DD Central
Say No To T.D.S.
Posts: 5,677
Likes: 2,974
|
Post by michaelc on Nov 2, 2024 22:59:47 GMT
Virgin in their infinite wisdom have sent me a new router and want me to return the old one. I think this has security implications in what information might be stored on the old one. Anyone know how worried I should be about that and how to wipe any information I wouldn't want anyone to have access to? I wouldnt worry too much about it, the law requires your internet activity to be logged by your ISP and put on a database that the police, HMRC, government etc can access when they want. I would be pretty sure anything your router has stored on it will already be logged in this database by your ISP. If you dont want your router, ISP or the authorities looking at your internet history use a VPN based outside the UK in a country with better privacy laws such as Switzerland. Firstly, from a technical perspective, I don't see how the authorities would know given 99% of websites these days use ssl. Worst case if you didn't give it a second thought you might well give away which sites you are visiting. Point to point means that realistically the only devices that have any interesting information are the ones you use (your phone, your laptop etc) and the destination website. Secondly, I personally am not interested or whether authorities here or elsewhere could access all the stuff I do. I definitely appreciate freedom of speech etc but from a personal standpoint it doesn't bother me. If a computer in Beijing wants to process my data then so what. If one in the UK wants to do it too that's also fine. There are some extremely nasty people and I'm glad there is some pressure on them. What are the legitimate use cases for accessing somewhat hidden networks like on the "dark web" ? Perhaps if you are a journalist or dissident or something like that but it would seem a tiny proportion of use cases. I would guess most of what goes on there is about drugs and abhorrent and highly illegal pornography otherwise why not conduct business on the regular internet?
|
|
angrysaveruk
Member of DD Central
Say No To T.D.S
Posts: 1,309
Likes: 775
|
Post by angrysaveruk on Nov 3, 2024 8:17:39 GMT
I wouldnt worry too much about it, the law requires your internet activity to be logged by your ISP and put on a database that the police, HMRC, government etc can access when they want. I would be pretty sure anything your router has stored on it will already be logged in this database by your ISP. If you dont want your router, ISP or the authorities looking at your internet history use a VPN based outside the UK in a country with better privacy laws such as Switzerland. Firstly, from a technical perspective, I don't see how the authorities would know given 99% of websites these days use ssl. Worst case if you didn't give it a second thought you might well give away which sites you are visiting. Point to point means that realistically the only devices that have any interesting information are the ones you use (your phone, your laptop etc) and the destination website. Secondly, I personally am not interested or whether authorities here or elsewhere could access all the stuff I do. I definitely appreciate freedom of speech etc but from a personal standpoint it doesn't bother me. If a computer in Beijing wants to process my data then so what. If one in the UK wants to do it too that's also fine. There are some extremely nasty people and I'm glad there is some pressure on them. What are the legitimate use cases for accessing somewhat hidden networks like on the "dark web" ? Perhaps if you are a journalist or dissident or something like that but it would seem a tiny proportion of use cases. I would guess most of what goes on there is about drugs and abhorrent and highly illegal pornography otherwise why not conduct business on the regular internet? From what I understand it does not include the data it is basically a log of the IP address you access date and time and amount of data transferred. Obviously it would not be practical for the ISP to log all the data itself and as you say a lot of it is encrypted these days anyhow - although I understand the authorities can request that everything you do online is recorded if you are under some kind of surveillance. As for not wanting the authorities to be able to track you online I would say a lot depends on how much you trust the government, police etc. If you look at some of the journalists who are being arrested under the terrorism act in the UK part of the grounds of arrest have been they have been accessing web sites in the middle east run by proscribed organisations or been in communication with individuals from proscribed organisations online. I would say if your web browsing (although legal) matches a certain pattern* it could certainly end up putting you on a watch list somewhere. Once you are on a watch list you are a marked individual for life to a certain extent even if you have not actually done anything - this might for example stop you getting certain jobs or mean you regularly get stopped and questioned when travelling internationally. I am surprised there has not been a move to ban VPNs in the UK since they obviously circumvent a lot of the governments ability to do mass surveillance on the population. * for example I would say if you were looking at pro-russian, pro-palestinian, right wing or anarchist websites. For example when I was researching the Ukraine and the current middle east conflict I used a VPN tunnel to switzerland and then connected to the Tor Network incase I came across a site that would trigger government interest.
|
|
michaelc
Member of DD Central
Say No To T.D.S.
Posts: 5,677
Likes: 2,974
|
Post by michaelc on Nov 3, 2024 13:56:51 GMT
Using Tor aka "the dark web" is over the top just to read some articles IMO but I respect your freedom to do so. Be careful not to mistype your search.
Re IP addresses, they mean a lot less than many people think. They _can_ be fairly static but typically those based on cloud services such as aws can be quite dynamic without record of which service was using which IP and when. In your case, your ISP could see you are accessing onion services but obviously wouldn't know what you were doing beyond that. VPNs are used extensively in the UK mostly for employees to access work based services.
I access the Russian press quite a bit and am not worried about any repercussions. I would worry much more if I lived in Russia and was accessing US and UK publications on a regular basis.
|
|
angrysaveruk
Member of DD Central
Say No To T.D.S
Posts: 1,309
Likes: 775
|
Post by angrysaveruk on Nov 3, 2024 14:23:19 GMT
Using Tor aka "the dark web" is over the top just to read some articles IMO but I respect your freedom to do so. Be careful not to mistype your search. Re IP addresses, they mean a lot less than many people think. They _can_ be fairly static but typically those based on cloud services such as aws can be quite dynamic without record of which service was using which IP and when. In your case, your ISP could see you are accessing onion services but obviously wouldn't know what you were doing beyond that. VPNs are used extensively in the UK mostly for employees to access work based services. I access the Russian press quite a bit and am not worried about any repercussions. I would worry much more if I lived in Russia and was accessing US and UK publications on a regular basis. I do not use TOR to access the "Dark Web" I use it to access the regular internet but use it as an additional layer of protection. My ISP would not be aware I am using TOR since I connect to a VPN then from the VPN to the TOR network or "TOR over VPN". I would say connecting to TOR directly would probably attract attention from your ISP and should be avoided because of its links to the "Dark Web". Probably it is a bit overkill but it doesnt cost anything to do and makes my online footprint totally invisible - or as close as I am going to get.
|
|
michaelc
Member of DD Central
Say No To T.D.S.
Posts: 5,677
Likes: 2,974
|
Post by michaelc on Nov 3, 2024 15:27:01 GMT
Using Tor aka "the dark web" is over the top just to read some articles IMO but I respect your freedom to do so. Be careful not to mistype your search. Re IP addresses, they mean a lot less than many people think. They _can_ be fairly static but typically those based on cloud services such as aws can be quite dynamic without record of which service was using which IP and when. In your case, your ISP could see you are accessing onion services but obviously wouldn't know what you were doing beyond that. VPNs are used extensively in the UK mostly for employees to access work based services. I access the Russian press quite a bit and am not worried about any repercussions. I would worry much more if I lived in Russia and was accessing US and UK publications on a regular basis. I do not use TOR to access the "Dark Web" I use it to access the regular internet but use it as an additional layer of protection. My ISP would not be aware I am using TOR since I connect to a VPN then from the VPN to the TOR network or "TOR over VPN". I would say connecting to TOR directly would probably attract attention from your ISP and should be avoided because of its links to the "Dark Web". Probably it is a bit overkill but it doesnt cost anything to do and makes my online footprint totally invisible - or as close as I am going to get. All about definitions. You're sort of implying that the "dark web" is the bit of the tor/onion network that is only the illegal bit whereas I was thinking that ALL of tor is the dark web. Either way, I certainly did NOT mean to imply a good upstanding Saver like yourself would be using it to access any illegal parts of it.
|
|
angrysaveruk
Member of DD Central
Say No To T.D.S
Posts: 1,309
Likes: 775
|
Post by angrysaveruk on Nov 3, 2024 16:03:28 GMT
I do not use TOR to access the "Dark Web" I use it to access the regular internet but use it as an additional layer of protection. My ISP would not be aware I am using TOR since I connect to a VPN then from the VPN to the TOR network or "TOR over VPN". I would say connecting to TOR directly would probably attract attention from your ISP and should be avoided because of its links to the "Dark Web". Probably it is a bit overkill but it doesnt cost anything to do and makes my online footprint totally invisible - or as close as I am going to get. All about definitions. You're sort of implying that the "dark web" is the bit of the tor/onion network that is only the illegal bit whereas I was thinking that ALL of tor is the dark web. Either way, I certainly did NOT mean to imply a good upstanding Saver like yourself would be using it to access any illegal parts of it. The only illegal thing I access on the internet is this forum.
|
|
adrianc
Member of DD Central
Posts: 9,978
Likes: 5,131
|
Post by adrianc on Nov 4, 2024 8:24:18 GMT
Another vote here for "don't sweat it".
Remember, a router... routes traffic. That traffic is then routed from your router to your ISP's network. They already have all the same traffic logs that are on your router. Anything over SSL does indeed have the traffic secured, with both the router and the ISP's network getting the same access to it.
The only additional piece of information that'll be on the router but not your ISP's network is your devices' MAC addresses. And they're fairly public anyway. Every time you connect to any wifi network, you do so using those addresses. They're not state secrets.
|
|
|
|
Post by GSV3MIaC on Nov 4, 2024 8:33:28 GMT
It might have your wifi passwords if you don't reset it. Factory reset solves most problems.
|
|
