If you have found yourself questioning whether you wish to participate in a surveillance state, then a TOR and VPN enabled router is an essential tool. I installed one such router myself once Australia started discussing its data retention laws (which went into effect recently), and after spending a year protecting my family’s digital privacy I thought I would share the results.
First though, a word of warning. VPN’s are not guaranteed to offer complete protection from prying eyes:
According to an NSA document dating from late 2009, the agency was processing 1,000 requests an hour to decrypt VPN connections. This number was expected to increase to 100,000 per hour by the end of 2011. The aim was for the system to be able to completely process "at least 20 percent" of these requests, meaning the data traffic would have to be decrypted and reinjected. In other words, by the end of 2011, the NSA's plans called for simultaneously surveilling 20,000 supposedly secure VPN communications per hour.
At best, enabling a VPN will make it more difficult for those looking to invade your privacy. There is no such thing as anonymity on the Internet, but you can even the odds.
In my own efforts to reduce my participation in my government’s surveillance, I purchased a ASUS RT-N66U router. This router had generally positive reviews online as a capable home router, but I was mostly interested in its ability to function as a VPN client.
One of the biggest problems I faced protecting the privacy of a modern family was the sheer number and variety of Internet enabled devices we have. There is a media PC, a desktop, a laptop, an XBox, 2 tablets (one iPad, one Android), 2 mobile phones (one iPhone, one Android), a printer, and two air conditioners. Installing VPN clients on each of these was simply not viable.
Routing internet traffic through a VPN at the router level was ideal because I could set it up once and all devices on our home network would automatically be protected without any client side software and user training (and by user training, I mean trying to tell my wife what a VPN was, how it worked and why she needed to use it).
Another benefit of the ASUS routers are the custom firmware. There is a developer going by the name of Merlin who compiles custom firmware for ASUS routers, and you’ll often get access to security fixes and new features via Merlin faster that you would from ASUS. To give you some idea, there was a vulnerability in infosvr documented on the 8th of January 2015. this was patched by Merlin in the 376.49_5 version of his custom firmware on the 9th of January 2015. You can’t beat that for turn around time.
The ASUS router was fairly easy to configure. Bear in mind that when I say easy, I mean from the point of view of someone who has been in IT for well over a decade. I wouldn’t expect anyone without a technical background to have any idea how to configure a router with a VPN, and the ASUS is not point and click. But if you are reading this article it’s probably safe to say that you have the technical know how to configure the RT-N66U.
Selecting a VPN provider was not as easy. It was almost impossible to find real world user experiences with VPN providers, and I ended up working through the list of providers from the TorrentFreak WHICH VPN SERVICES TAKE YOUR ANONYMITY SERIOUSLY? list until I found one that work reliably. I ended up trying around 5 different providers before settling on ExpressVPN. Obviously your results will vary, but I have been using ExpressVPN for a while now, and it been fairly painless.
As a ADSL user, I needed a ADSL modem in front of the ASUS router to actually connect to my ISP. This was not something I was aware of when I purchased the router, but it is not a deal breaker if you already have a modem. I ended up creating a double NAT configuration, where my modem was used as a NAT router, which was then connected to the ASUS router, which in turn provided NAT access to the rest of the network. You could choose to connect the ASUS router to your provider via PPPOE/A, but I found this configuration a little unreliable. The double NAT configuration has worked without a hitch though.
With the technical details out of the way, how does this configuration actually work in practise? I’m pleased to say that it works quite well.
We use the internet quite heavily, both for regular browsing and for media access with sites like NetFlix, and there is no real loss of performance. We can stream movies, download large files and make Skype and Hangout video calls without any issues.
Although I don’t spend a lot of time playing games online, I did find that I had to disable the VPN to get the kind of latency required for a decent online experience. If you are a big gamer, you may want to dig into the VPN client configuration to exclude certain IP addresses from being routed via the VPN.
I also haven’t noticed the VPN dropping out often. It has a couple of times, which is easily fixed by simply restarting the router. I made the home page on our media PC an IP address geolocation service, and it has just become a part of everyday life to double check that our digital position is nowhere near our physical location. Something as simple as a geolocation homepage has been incredibly effective, as even my wife (who is not particularly technically savvy) has spotted a few occasions when we were not protected.
For those looking for more protection than a VPN, the RT-N66U offers TOR routing.
I tried this briefly, and was impressed at how easy it was to configure. You literally just enable TOR and select which devices you want to protect (by specifying their MAC addresses), or protect the entire network. If you have ever had to install TOR software locally, you’ll know that it can be quite an inconvenience to ensure that it is running before you go online, and the process for enabling TOR differs between desktop PCs, tablets and phones, and I’m not sure is even an option on devices like an XBox.
Things become "catastrophic" for the NSA at level five - when, for example, a subject uses a combination of Tor, another anonymization service, the instant messaging system CSpace and a system for Internet telephony (voice over IP) called ZRTP. This type of combination results in a "near-total loss/lack of insight to target communications, presence," the NSA document states.
In the end I didn’t use TOR myself. While it worked admirably, it was noticeably slower, and all but killed video streaming services.
Overall though, once I found a reliable VPN provider, the whole experience of routing all internet traffic via a VPN at the ASUS RT-N66U has been incredibly seamless. The option of enabling TOR at the router level is nice, although it was too slow for our day to day internet usage.
Although solutions like TOR and VPNs provide only one piece of the privacy solution, I would highly recommend anyone who takes their privacy seriously invest in a device like the ASUS RT-N66U.