I have been spending a fair amount of time working in coffee shops in Hangzhou. The culture seems to be that buying a coffee also buys me several hours sitting in a table doing whatever I damned well please. It’s a nice change of scenery from my apartment. They usually have wi-fi, but it would be pragmatic to assume that whatever traffic goes over that connection is beamed directly to a billboard outside. I generally feel the same way about hotel internet, free airport wi-fi, and other dodgy connections: I just don’t trust that they have any interest in protecting my privacy.<\/p>\n
I really want to encrypt all of my traffic over those links. I always encrypted my mail client connections anyway, and SSH is inherently encrypted. That really leaves my browser as the weak link in my average-day networking.<\/p>\n
After considering some options, I ended up with just about the simplest solution, although it does take touch of technical know-how to get going. The basic idea is that SSH can provide an encrypted SOCKS server<\/a>. Using it basically involves setting my browser to use the SOCKS tunnel for everything<\/a>, and starting up the SOCKS tunnel with a command like this:<\/p>\n It’s also possible to do this on Windows with PuTTY<\/a> and on a Mac from the Terminal<\/a>.<\/p>\n In theory, this can speed up a slow connection a little. It removes the TCP handshake from their network, and the compression ( Of course, you need a server to SSH to. If I’m working, I use a computer in the department at SFU. I figure that’s kosher. Another option is Amazon: a Amazon Web Services free tier<\/a> should stay free if you use a micro instance and keep the bandwidth under control. As I recall, I just used their most generic looking Ubuntu image and changed just about nothing.<\/p>\n You privacy is, of course, only as good as your endpoint. Sooner or later, your unencrypted web traffic has to get out there into the big-bad internet. It’s not that I particularly trust Amazon, but I don’t trust any other provider much more.<\/p>\n I have also experimented with sshuttle<\/a>. It pushes your entire network interface over the SSH connection. That’s technically better, but the SOCKS tunnel usually passes the “good enough” bar for me.<\/p>\nssh -C -D 1080 userid@someserver.example.com<\/code><\/p><\/blockquote>\n-C<\/code>) might help for the right kind of traffic.<\/p>\n