Obviously I still want to be able to use free hotspots in places like starbucks. To be secure, I typically use the following setup in my mac to keep my stuff off snooping eyes. Here is a very short HOWTO on how to you use an ssh tunnel to do secure web browsing in a Mac (this will work in Windows and Linux as well with small tweaks)
- openssh (I installed openssh using mac ports: port install openssh)
- Firefox add-on called quick proxy (https://addons.mozilla.org/en-US/firefox/addon/1557/)
- a shell account with ssh access (this could be your hosted account or if you are a geek perhaps a dd-wrt router at home)
- Create an ssh tunnel to your server. If you have private/public key pair setup, this will be quick and easy
/opt/local/bin/ssh -D 9999 user@host
- Now create a proxy configuration in firefox->Preferences->Advanced->Network->Settings
Click on the Manual Proxy Configuration and set just the SOCKS host to localhost and Port to 9999
- Now install the QuickProxy add-on to be able to switch between the proxy being on and off.
- To avoid people from knowing where you are surfing or from having the malicious one do a DNS phish, change in the following setting by typing in about:config in firefox address bar and then search for network.proxy.socks_remote_dns
network.proxy.socks_remote_dns = true
- When you are in an insecure wifi hotspot , simply turn the proxy on in the status bar of firefox. This will make all traffic go through the ssh tunnel created in step 1.
- Go to http://www.whatsmyip.us to see what the server sees as your IP Address. you will notice that when the proxy is on, all traffic flows through the SSH tunnel (encrypted) and the IP address is different from when you connect directly.
- Remember that only your browser is using the SOCKS proxy.