Hey
Still not understanding.
Been looking at a few guides and seeing enough info.
Modems ? I understand saving money by using my own but what are the privacy/security benefits of buying my own ?
I am hearing about the Pi Hole and im loving it.
Also heard the term ‘sink hole’ and OpenWrt being thrown around. Hearing you can have software like VPN’s ran with in the modem ?
Suggest any plug and play routers/modems ?
Probably should just get this out of the way first: Do you know the difference between a modem and a router?
Nope.
I do sorta know they are different.
From what i understand they can come 2 in 1.
Most ISP provided modem have both router and fiber modem integrated in the same device. Unfortunately they provide the cheapest mass produced ones, because of course profit is prioritized.
Theoretically, you could ask the ISP to provide the pertinent setting details to skip their modem if your router have its own SFP port if you own something like a Protecli router but you will need to buy your own SFP module and it has to be compatible to whatever fiber standard your ISP is using.
A modem basically just converts something into Ethernet. A DSL modem converts phone lines into Ethernet. A DOCSIS modem converts cable into Ethernet. An ONT (technically they don’t call it a modem) converts fiber into RJ45 Ethernet.[1]
The point is that modems are pretty dumb.
A router actually manages your local network, and for consumers is typically a 3-in-1 device that does routing, firewalling, and WiFi.
This is what you don’t want to have controlled by your ISP, and you want to make sure is secure.
True, but you’d usually want to avoid this, because if your ISP says you need a new modem then you’d have to replace the whole thing at a moment’s notice.
Likewise, if you wanted to upgrade your router but you don’t upgrade your internet speeds then you have to replace the whole thing which typically costs extra.
Also, 2-in-1 devices typically come in far fewer models and from fewer manufacturers, so you have little choice.
It’s usually best to have a separate modem and then plug your own router into it.
If you do this it doesn’t really matter who owns the modem. You’d only have to buy a modem to avoid rental charges if your ISP does that, but if they include a free modem you could just use that and plug your router into it and be fine, security-wise.
My ISP uses a managed switch like a modem, but they’re kind of weird. ↩︎
…so whats a good ‘privacy’ focused one ?
Apparently installing pi-hole is essential. Suppose one that comes with a ‘sink hole’…What is a sinkhole ?
Any one comes with a way to install a vpn with in the router ?
Thanks!
These are the only plug and play options that I see people generally recommend:
The Wi-Fi range on this is bad though so you would probably also want to add something like:
If you don’t mind a bit of reading and learning, openwrt (the open-source, firmware that can be installed on compatible routers) has a lot of documentation online.
They have a thread w/ a lot of cheap recommendations for example:
Alternatively, a good channel for understanding networking a bit better is Dev Odyssey and he often responds to comments if you have followup questions. Below are two videos on sink holes and what an insecure router looks like:
There was a thread about a similar topic but some mod moved and scattered the post across like three threads so whatever, I’ll just type the important parts again:
Your combined ISP modem-router has access to these:
They can do various “malicious” or malicious actions with these:
Now, the first class of data can only be solved with a VPN (since ofc the ISP can just observe the same data at the other end of the cable). The rest can however be eliminated or mitigated by reducing the role of the ISP device. The following solutions can be similar in privacy but generally preferred in the listed order for sanity of network config, performance, not-getting-hackedability, etc., however not all might be available for your ISP:
Assuming the right configuration, this should be able to solve the rest of the data classes, since your internal traffic no longer hits ISP devices, the ISP router is firewalled off from your internal network, and you can configure DNS upstream to be encrypted.
I haven’t used any of the ready-made automatic solutions like Firewalla, but they might be easier to set up, especially if you don’t care much about performance.