If you’re like most people, you don’t think much about your Wi-Fi router. It’s probably sitting in some dusty corner of your house right now, only to be consulted when you have a problem.
But neglecting your router comes at a high price. This year, Russian intelligence hackers (APT28) exploited neglected home routers across 23 US states to build a shadow network, intercept network traffic and steal credentials. This coordinated attack confirms that your “set it and forget it” hardware is a primary target.
That’s because your home Wi-Fi router manages (and sees) every piece of data entering or leaving your home. “It plays a crucial role in what it allows the outside world to understand,” says Stephen Boyce, professor of cybersecurity at Duke University and CEO and president at The Cyber Doctor. “It really is that gateway for data coming in, as well as data going out.”
That means your router is critical to your online privacy (who can see your data) and security (keeping out bad actors).
Here’s what you need to know about this often overlooked piece of hardware — and how you can turn it into an ally in your online privacy strategy.
Your Wi-Fi router acts as the single critical gateway for all your data, managing the connection between the internet and every device on your home network, from laptops and mobile phones to tablets and desktop computers.
What your router knows about you
So, what exactly does your router see and understand about your internet activity? Well, as it turns out, quite a lot. Here’s a breakdown.
Device fingerprinting: A router keeps track of every device currently on its network (or that has been on it). That includes everything from phones and computers to smart fridges and baby monitors. Your router might also be able to detect what types of devices these are and treat them accordingly.
Traffic metadata: Even if your traffic is encrypted (with HTTPS), your router will still collect some metadata. For example, when a device is connected, the router can determine how long it’s online and how much data it’s using.
Connection logs: The timestamps of when you connect your devices can help your router understand when you’re home, when you wake up, how much time you spend online and, generally, your overall data patterns.
Almost all modern routers have a mobile app that lets you view and control which devices are connected to your network.
Hidden dangers: Who wants your router data?
OK, so your router knows a good bit about you. But who else might be seeing all that data?
Internet service providers: These companies can see quite a lot. ISPs use the data collected by your router for two reasons, according to Boyce: one, to comply with the law and detect any illegal activities; and two, for commercial reasons of selling anonymized user data to advertisers. “ISPs have a lot of great data that can be utilized — or misused,” Boyce says.
Hardware manufacturers: Your router’s manufacturer also has some “telemetry,” or the ability to see and measure internet traffic. This primarily enables hardware manufacturers to provide firmware updates and troubleshoot connection issues, according to Boyce.
Third-party apps: Most modern Wi-Fi routers include mobile apps for setting up and managing connectivity. These apps need to access and use data from your router to function properly.
Common privacy vulnerabilities
The amount of data your router manages, along with the many parties who can see it, poses real privacy risks. Here are some of the most common vulnerabilities.
UPnP or “Universal Plug and Play”: This common router feature allows devices to quickly connect to your network and communicate with other devices on it. This is convenient, especially if you want to easily string together some smart home devices. But allowing this automatic connectivity also creates “holes” in your privacy wall, because any connected device can see any other connected device.
WPS or “Wi-Fi Protected Setup”: This router feature allows you to automatically connect devices without a password using an easy-pairing button. Like anything that makes connecting easier for you, it can also make connecting easier for bad actors.
Legacy encryption: The router world is shifting away from the old Wi-Fi security protocol, WPA2, toward the enhanced WPA3. If your router is more than five years old, it might not support WPA3 — leaving you more vulnerable to the older standard that can be more easily bypassed.
DNS leaks: When you use a VPN, all of your “address book” requests (that is, your requests to visit specific websites) are encrypted. But sometimes, a low-quality or improperly configured VPN can “leak” this data, allowing your router and ISP to see your specific browsing history.
A DNS leak test can demonstrate how your ISP can still see your requests, even when you’re using a VPN.
How to optimize your router privacy
Don’t get too discouraged by all the potential privacy risks of your internet router. There are plenty of ways you can harden the security of your data gateway.
Change default credentials: Boyce recommends immediately changing the default Wi-Fi password with a new, strong login credential. This is one of the most common ways that hackers gain access to your router, and it has been used in several high-profile attacks over the past several years.
Keep your firmware updated: Like any piece of software, routers will eventually have vulnerabilities that hackers seek to exploit. The best tool that router manufacturers have to fight this is issuing security patches through firmware updates. Many routers install these automatically, but you can also download the latest updates by logging in to your router through the manufacturer’s web interface or app.
Consider a third-party router: You can buy your own router rather than renting one from your internet provider. Renting a router from the ISP gives ISPs more power to use router data (especially when a customer turns in the hardware later on), Boyce says.
Guest networks: If you’ve got lots of smart home devices, it’s a good idea to create a second “guest” Wi-Fi network that you use only for devices such as light bulbs or smart speakers. This means your computer and phone will be connected to your primary network, while other devices are on the guest network. That way, if a bad actor tries to leverage a smart device to wreak havoc on your network, they can’t reach your computers or phones.
Custom DNS providers: Your ability to easily surf the internet relies on domain name services, which translate domain names like “CNET.com” into numeric codes that can be read by servers. Usually, your router uses the DNS servers provided by your internet service provider. But these can be slow and vulnerable. Switching to a privacy-focused provider such as Cloudflare or NextDNS can improve both your security and your internet speeds.
VPN at the router level: It’s also possible to install a virtual private network at the router-level, meaning it will apply to every device on your network. This is great because it creates “always on” protection for your entire home, including smart home devices that might otherwise be impossible to shield with a VPN. The downside, of course, is that a VPN can cause your internet speeds to be slightly slower.
Advanced privacy: Open-source firmware
For more advanced protection, you have the option of installing custom firmware (basically, an operating system) on your internet router. DD-WRT or OpenWrt, for example, are types of open-source firmware that can offer better security and performance.
Benefits: Custom firmware overrides manufacturer features that may pose security risks and can be updated frequently for optimal protection. It can also give you more granular control over your data.
Risks: There’s a technical learning curve to installing open-source firmware on your router, and doing so improperly can risk “bricking” your device — basically rendering it totally unusable.
Router privacy myth: Set it and forget it
An internet router isn’t something that you can ignore if you want to ensure your online privacy.
“The misconception is that routers don’t require engagement,” Boyce says.
Indeed, internet privacy is an ongoing process, not a one-time setting. Boyce says you should absolutely take the basic steps upfront (such as changing the login credentials and considering a VPN), but you also need to revisit your router every so often.
With Wi-Fi technology changing so fast, Boyce even recommends upgrading your router every 12 to 18 months for enhanced security. If you never change your router, it will become less secure over time. “It’s a lot different than a front-door lock,” Boyce says.
Stephan is the sports journalist for the Maple Grove Report.
