How To Protect Your Wireless Surfing With Sidestep

I’m a huge Starbucks junkie. About two or three times a week I’ll spin by the local Starbucks store to work in the coffee-smelling, jazz-music-playing, over-stuffed-chair-filled environment. The wonderful aspect of most coffee shops is the free Wi-Fi hotspot. However, the open wireless hotspot is a dangerous space for everyone.

Today we’ll be taking a look at Sidestep, a simple utility that aims to automatically lock down your computer whenever you’re using an open Wi-Fi network. It’s a really fantastic idea, and definitely worth reading more about!

The Problem

Whenever you are surfing on an open wireless network, your data is being sent insecurely over the air. Because you cannot control who has access to the wireless network, you can’t be sure that the data you are sending isn’t being sniffed by some nefarious laptop user – possibly sitting at the table next to you.

Most websites don’t use high enough encryption that would protect you from start to finish, which gives these ‘hackers’ free reign to sniff through the data that you send to your webmail service, social network or even what you search on Google.

Firesheep, a popular way to sniff around open networks

Firesheep, a popular way to sniff around open networks

Now, this can be initially mitigated by the site’s use of the HTTPS protocol. This encrypts the data sent between your computer and the server – preventing people from reading it when you’re surfing on an insecure network.

Most banks use this by default, and some services allow you to enable it in the settings area of the web app. This includes popular services like Google and Gmail. However, whenever you leave the safety of these encrypted sites, your online data is open to the public.

Gmail HTTPS Settings

Gmail HTTPS Settings

Google search with SSL enabled

Google search with SSL enabled

The Fix

Sidestep is a super easy to use application that allows you to instantly redirect all of your internet traffic through a proxy server.

What’s a proxy server you ask? Well it’s essentially another computer that is connected to the Internet. Instead of sending your data directly to the web via Starbuck’s router, you send your data through this server first. The best part is that you have the ability to use this proxy server as HTTPS tunnel.

One of my internet pals explained it this way: if you’re in a room full of Cookie Monsters and you need to get your stack of cookies out without them seeing them, you’d set up a big hose and send the cookies outside through the hose.

Then the Cookie-Monsters would be none the wiser that you either had cookies to begin with, let alone were sending them out of the room. Just replace cookies with passwords and Cookie-Monsters with hackers…

The Setup

I’m going to go into setting up a proxy server with Sidstep. It’s pretty easy to do, once you have a proxy server of your own.  In this instance, I’m going to assume that you don’t have a computer at home… instead we’ll set up the proxy server using the donation-ware Silence is Defeat service.

If you’re really into security, using a donationware service means you’ll have to trust them with your data. Instead, you could use the server hosting your website, your computer at home, or for about $0.50 / month, you can set up an Amazon EC2 Instance that can act as your proxy server.

First off, you’ll need to download the Sidestep application. It sits in your menu bar and gives you a pretty good idea of whether or not your data is being re-routed through the proxy server.

Sidestep Download Page

Sidestep Download Page

Sidestep sits in the Menubar

Sidestep sits in the Menubar

Second, head over to Silence is Defeat and sign up for an account. To get an SSH account, which is what we’ll need, you will need to donate $1 or more. It’s a good idea to give a little more if you plan to use this as your primary internet service, say, if you travel a lot. It’s a one time fee, so be as generous as you can afford!

Silence is Defeat Welcome Screen

Silence is Defeat Welcome Screen

After giving the Silence Is Defeat system a few minutes to set itself up, you’ll get a welcome e-mail. Finally, enter your login credentials into Sidestep’s Preference window. Remember to use ssh.silenceisdefeat.com as your hostname. Give the server a quick test, and you should be on your way.

Setting up Sidestep with Silence is Defeat

Setting up Sidestep with Silence is Defeat

Other Features

Besides making it dead simple to setup a proxy server for surfing in open waters, Sidestep offers a few other little features that makes it easy to fall in love with the program. Sidestep is built into the menu bar and will change the icon when you are connected to a Proxy server.

SideStep Proxy Enabled

Sidestep Proxy Enabled

SideStep Proxy Disabled

Sidestep Proxy Disabled

It can also automatically connect you to the proxy server whenever you enter a unprotected network. This is a super awesome feature that takes remembering to turn on the service out of your head. Plus, everyone should be protecting their home network with a password, making it a no brainer to turn this on.

Automatically reroute traffic through a proxy server

Automatically reroute traffic through a proxy server

Backup Plans

Another similar service that you can setup is called Tor (The Onion Router). It’s a freeware service that routes your internet connection between a number of computers before actually allowing it to hit the world wide web. This way, there isn’t a way to track your online activities easily – as most of the time Tor sends your data across countries and continents.

The Downsides to Sidestep

While there isn’t anything wrong with the Sidestep app, it has everything to do with Proxy Servers as a whole. There is a noticeable delay in between say, clicking a link, and the page actually loading.

It isn’t that the internet is slow, the latency is just a bit higher now that your connection is being sent through another computer (this is even more of a problem with Tor).

Wrap-Up

Sidestep and similar proxy services make it super easy to protect yourself from the evil world out there. However it is important to continue to watch your back.

While Sidestep will prevent people from doing packet sniffing, it won’t prevent people from gaining access to your data in other ways. It is important to use different passwords for each online service, and ensure that you have your firewall and other Mac security features enabled. Finally, make sure no one is standing over you when you type in your Gmail password!

Have you set up Proxy services? How else are you keeping yourself safe online? Let me know in the comments!


Summary

An amazingly easy way to set up a proxy server for your Mac.

9
  • Josh

    This looks like a fantastic piece of software for connecting to unsecured networks! I have set it up to connect through SSH of my webhost and will have a chance to give it a good test over the weekend.

  • Ian

    It doesn’t work for me. It says it is redirecting traffic but checking my remote IP with for example http://whatismyipaddress.com/ I see my normal IP address, not my proxy’s.

    • Alex

      Click on the menubar item and make sure you’ve clicked the option saying “Reroute Traffic Through Proxy Server Now” if you have it should say “Restore Direct Internet Connection” instead.

    • http://daemonomicon.com Daemonomicon

      If you are using Firefox to test it looks like the issue is that this is just setting the system wide proxy. Not forcing all traffic to go over the tunnel.

      This is an issue because apps like Firefox don’t obey the system wide proxy settings and instead use their own.

      With Firefox in particular you can go to [Settings -> Advanced -> Connection -> Settings] and change it to use the system wide proxy settings.

      As for other apps I don’t know.

  • http://thefreelancepinoy.com/ Stephanie

    I’d love to give Sidestep a try, but our Starbucks branches charge 100 pesos per hour, which is extremely expensive and only for those who really need to use their wifi connection. :(

    • http://sevenlayersdesign.com/ Andy Hutchins

      Wow that seems excessive. It seems like that would harm their business. The free WiFi is one of the main reasons I actually go into a Starbucks these days.

      • http://thefreelancepinoy.com/ Stephanie

        It is, and in my opinion a big rip-off considering the high price tags they put on their coffee. But I don’t think it’ll affect their sales anytime soon, since a lot of people think drinking coffee at Starbucks is cool and hip.

        Thankfully it’s not the only place to get free wifi.

  • Derek

    Do you plan to do an article on how to setup a proxy server on a home-based computer? I have a media server at home already that would be perfect for running a proxy server without having to pay for one online and trust that a third-party is going to keep my information safe. Would really be interested in an article like that!

    • Derek

      Nevermind, I see that the actual page for the software has a link to a Lifehacker article telling you how to setup an SSH server on a home Mac. Nice!

  • Alex

    Loving the look of this app but (and i know its more expensive) I prefer ‘Netshade’. Maybe do a review on it soon? its $29 firstly which gives access to the 3 very secure proxies (seattle, chicago and UK) and permanent access to many public ones in several countries. following that an extra $19 / year is needed for the licences (licenses?) of the 3 private netshade proxies. it gets updated reasonably often and atfirst there were some issues but as far as i can see theyve been sorted out. I use it to watch hulu from the UK and obviously it would let people in the US watch BBC iplayer as I have found that normal site proxies never seem to work for watching hulu (and maybe people in the US found the same about iplayer). Concrete app which i cannot get enough of! :) Alex

  • Richard

    My favourite app for secure connections while abroad is Viscosity, from http://www.thesparklabs.com Lovely software and only $9.

  • Stuart

    Would using Sidestep also secure email or do we need to change port settings in Mail too?

theatre-aglow
theatre-aglow
theatre-aglow
theatre-aglow