At risk of sounding stupid, I need some pointers on how to set up a Wi-Fi router and make it as private and secure as possible.

To sound even more stupid, I don’t really know what PiHole is, or why some people route their traffic through a VPN. I suppose my main questions are these:

  • What Wi-Fi router should I get?
  • How do I configurate it as somebody who is somewhat privacy-conscious but not very tech-savvy?

I don’t really know how regular Wi-Fi routers work, what the common worries are, how/if data is at risk of being leaked, and so on. So, any pointers would be appreciated! Feel free to direct me to any privacy guides, as well. Cheers!

  • pezhore
    link
    fedilink
    arrow-up
    14
    arrow-down
    1
    ·
    edit-2
    4 months ago

    The brand/type of wifi router is more of a technical requirements discussion than privacy discussion.

    For instance, I live in a two story townhome rental with the modem in the basement - so I picked up an Orbi mesh system to bounce wifi up to the second floor. I also have a fairly complex network with IoT VLAN, DMZ (for remote VPN) and other network segments - again the orbi doing different VLANs per SSID was a deciding factor.

    I’ve also only used the Orbi as an access point, relying on a dedicated firewall/router for that stuff.

    If you’re looking at a flat network (e.g. everything on one segment - the typical home user setup), pretty much any WiFi router from Best Buy or equivalent will do the job. Check your current devices to see if you can take advantage of WiFi 7 technology - otherwise save a few bucks and go WiFi 6.

    For security purposes, change the default SSID (the wireless name) to something unique - and change the password to something from correcthorsebatterystaple.net. You don’t need the default jumble of letters and numbers to be secure.

    Lastly, getting to your privacy concerns, look at the DHCP settings - that’s what hands out IP addresses to your devices so they can reach the internet. Change the DNS servers to something other than your ISP. This looks like a good starting point.

    The big things are to make sure you don’t expose your router management to the Internet (the default shouldn’t do that) and to make sure you periodically check for firmware updates.

    If you want to up your game, you could look at spinning up a self-hosted DNS server like Pi-Hole - but that can be a bit more advanced to get setup and troubleshoot if something goes wrong.

    • a Kendrick fan
      link
      fedilink
      arrow-up
      2
      ·
      4 months ago

      and change the password to something from correcthorsebatterystaple.net.

      i wonder how secure or private it is to use a password generated online. You should use a password manger instead. They have built-in password generators

      • pezhore
        link
        fedilink
        arrow-up
        1
        ·
        4 months ago

        Ideally, sure use a password generator - but I wouldn’t worry about the security of a password generator like the one I linked.

        1. There’s no linking of the password you generated to whichever account you are creating.
        2. There’s no guarantee from the web operator’s perspective that you are actually using the generated passwords for anything at all.

        Again, use bitwarden’s generator - or equivalent - for passphrases, but in the absence of that correcthorsebatterystaple.com is good enough for a non-shared password.