You are here

Homesafe

For anything relating to music-making on Windows computers, with lots of FAQs. Moderated by Martin Walker.

Homesafe

Postby ef37a » Wed Jan 16, 2019 2:51 pm

Just taken delivery of my Talk Talk router. Which say it is one of the best and I look forward to 24M+ download speed when my connection goes live on Friday.

Reason for the title is, TT stress that I install their Homesafe security package. Now I have used Ms SE for years now with the occasional sweep with Malware bytes, never had a problem. I am therefore rather wary of installing another app that might be a bloated nuisance? I shall in any event set a restore point (W7)

Anything known?

Dave.
ef37a
Jedi Poster
Posts: 10197
Joined: Mon May 29, 2006 12:00 am
Location: northampton uk

Re: Homesafe

Postby Eddy Deegan » Wed Jan 16, 2019 3:10 pm

Personally, I wouldn't install it. If your existing setup has been fine for the years you've been doing it then there's no need to change it just because a new router came along.

I'd be more inclined to install uBlock Origin on your browser (reduce ads and therefore the chances of browser based infections) and use safe practices; don't open dodgy attachments or links other than the ones you asked for or are expecting (such as password resets) in mails, and don't have anything to do with pirated software etc.

Antivirus software powers a huge and very profitable industry based largely on fear mongering, and the effectiveness of many of the offerings is questionable. Further, on several occasions the very presence of antivirus software has created vulnerabilities on systems that didn't have those vulnerabilities before.

Common sense and basic stuff like blocking ads (don't forget to whitelist SOS though!) is far more effective in my opinion. Malware bytes is a good scanner (or at least, it used to be - I've not used it for a while) so I'd say you have the essentials covered already.

EDIT: Looking quickly, it seems the homesafe is more of a parental controls web filtering thing than antivirus as such, although it does have an 'antivirus' setting. Assuming you don't have kids using the computer, I'd pass. They may try and pressure you into it but you can always politely inform them you're an adult and would like to make your own decisions ;)
User avatar
Eddy Deegan
Frequent Poster
Posts: 1828
Joined: Wed Sep 01, 2004 12:00 am
Location: Brighton & Hove, UK
Some of my musical works.
I had a weird time in Surrey once, but that was a drummer's fault.

Re: Homesafe

Postby mick.n » Wed Jan 16, 2019 3:32 pm

I have been offered Homesafe with replacement routers on a couple of occasions when I was with TT. I never bothered & stuck to my existing security software & firewall
mick.n
Frequent Poster
Posts: 866
Joined: Wed Sep 01, 2004 12:00 am
Location: It's grim up north.

Re: Homesafe

Postby Eddy Deegan » Wed Jan 16, 2019 3:34 pm

Ouch. It gets worse than that.

According to https://wiki.openrightsgroup.org/wiki/TalkTalk_HomeSafe it seems that they used to use DPI (Deep Packet inspection) to intercept and analyse your web traffic even if you'd disabled the setting to harvest lists of URLs 'for later testing'.

In the past, Talk Talk have even prevented you from accessing HTTPS versions of sites because they can't snoop on the data. That's outright insanity.

Looking at the current info at https://community.talktalk.co.uk/t5/Art ... -p/2205260 I see:

HomeSafe uses TalkTalk DNS servers to operate our filters. They can’t do their job if you’re using a third party DNS server (like OpenDNS or GoogleDNS).

and

HomeSafe can’t detect viruses hidden in files you receive or download to your computer – but you can use SuperSafe to do this.

Unless there was no alternative, I'd be looking for a different ISP :thumbdown: but if you're stuck with them, I'd disable every homesafe option there is and set my DNS servers to 8.8.8.8 and 8.8.4.4 (Google public DNS) or to CloudFlare's 1.1.1.1 (fast open DNS server). Your browsing speed will probably go up as a result of changing the DNS too.
User avatar
Eddy Deegan
Frequent Poster
Posts: 1828
Joined: Wed Sep 01, 2004 12:00 am
Location: Brighton & Hove, UK
Some of my musical works.
I had a weird time in Surrey once, but that was a drummer's fault.

Re: Homesafe

Postby ef37a » Wed Jan 16, 2019 4:28 pm

Oh! F*** Eddy! You have got me rattled now. I really don't understand much of that so what are the likely implications if I don't use Homesafe?

I have never and shall not install any TT software. I have been with them for about 5 years and have to say the connection has been almost fault free. Down/up has been 8.5M/0.8M all that time. A few weeks ago I "had" to change browsers from IE and chose Firefox. I don't like it much and intend to try Chrome.

There is a 30 day cooling off period on the package so what sort of things should I look/test for that could be a problem in the future please? If I were to break from TT I might go to EE?

Dave.
ef37a
Jedi Poster
Posts: 10197
Joined: Mon May 29, 2006 12:00 am
Location: northampton uk

Re: Homesafe

Postby Eddy Deegan » Wed Jan 16, 2019 5:08 pm

ef37a wrote:I really don't understand much of that so what are the likely implications if I don't use Homesafe?

I can't find any definitive information regarding whether they still currently use DPI technology. The big increase in online encryption has impacted the effectiveness of DPI so it may be that they no longer do (which is a good thing if so) but historically they have a pretty bad track record.

From the limited information I've seen, I think it more likely that they are using DNS to insert their shenanegans into your browsing sessions, but if you set your DNS servers to the Google or Cloudflare addresses you should be able to bypass that unless the Talk Talk router is doing shady things.

ef37a wrote:I "had" to change browsers from IE and chose Firefox. I don't like it much and intend to try Chrome.

It's no bad thing to stop using IE (though it would annoy me on principle if an ISP demanded I did as that would be overstepping the mark IMHO). It always was a troubled browser and is now consigned to history. Chrome is a nice browser - I use and like it a lot. Firefox is fine, and although not quite as widely supported you could also look at Opera, which is very fast.

ef37a wrote:There is a 30 day cooling off period on the package so what sort of things should I look/test for that could be a problem in the future please? If I were to break from TT I might go to EE?

I'd be inclined to ask their support these simple questions:

1) Does Talk Talk apply DPI (Deep Packet Inspection) technology to my traffic (ie above Layer 4) if I opt out of using Homesafe? If they do, what is that technology employed for?
2) Will Talk Talk prevent me from using alternative DNS servers such as those from Google or Cloudflare?
3) Is Talk Talk ever going to force me to use Homesafe whether I want to or not?

If the answer to 1 is 'yes' then I would be concerned, as there is no legitimate reason to apply DPI to your payloads in normal situations. Levels 1 and 2 are out of scope in all of this and can be ignored. Using it on layers 3-4 is fine, as that's required for things like routing and load balancing, which are legitimate needs (and in fact, most Internet infrastructure will use levels 3-4 for one reason or another anyway (they all have their own 'private' level 2 that you don't need to worry about), that's what they exist for). Levels higher than 4 however (they go up to 7), are poking into your data and as such should be avoided.

If the answer to 2 is 'yes' then I would be concerned as DNS is the means by which your PC determines the address of everything on the Internet, so if they are forcing you to use their 'special sauce DNS' then that is a massive red flag.

If the answer to '3' is 'yes' then I would be concerned for the same reason as 2.

As long as you are able to opt out of all the above, then if they work, sure, use 'em ;-)

EDIT: A quick addendum to describe the "levels" I mention above. Each network packet you send and receive consists of 'layers' of data, which are accumulated as the packet is prepared for transmission and shed as the receiving end decodes them.

Level 1 is the actual physical (even wireless is considered physical) link from your computer to the next device (ie: your router) and can be ignored - it is handled by your network hardware only.

Level 2 is the Ethernet protocol (usually, and certainly will be on your home network) and is a few bytes that your local network uses to get the packets from your computer to the correct device on your network (usually your router but could also be things like NAS or other local devices).

Level 3 is IP (usually, but for the purposes of this discussion that's enough) contains information about the ultimate destination (destination IP address) to which the packet should be sent

Level 4 is TCP or UDP (usually, not always, again lets keep this simple) and that contains state information that ensures a reliable connection (TCP only) and port numbers that allow many connections to a single IP address without confusion.

Levels 5-7 are your data that the packet contains and vary wildly (that data may contain further headers though that's not relevant here), but they should always be out of scope of ISP interest and not consulted (analysing or messing with these levels is where the "Deep" in "Deep Packet Inspection" applies).
User avatar
Eddy Deegan
Frequent Poster
Posts: 1828
Joined: Wed Sep 01, 2004 12:00 am
Location: Brighton & Hove, UK
Some of my musical works.
I had a weird time in Surrey once, but that was a drummer's fault.

Re: Homesafe

Postby ef37a » Wed Jan 16, 2019 5:54 pm

Thank you Eddy. I have just fired up the router. Bish-bosh no bother steady white LED in about a minute. Laptop similary found the wi fi signal and I put in the password and am on the web.
Quick check with Ookla returns 8.86M down and 0.88 up and that is the fastest it has ever been. Bodes well for Friday!

I shall let the upgrade proceed and see how things shake down over the weekend then I shall cut and paste your three questions Eddy to "concerns@tt....."

Re IE? I get a lot of people telling me how bad it is but I have used it for over 12 years and really don't see a problem? Will give Chrome a do in a week or so.

Thanks again.
Dave.
ef37a
Jedi Poster
Posts: 10197
Joined: Mon May 29, 2006 12:00 am
Location: northampton uk

Re: Homesafe

Postby Eddy Deegan » Wed Jan 16, 2019 7:07 pm

ef37a wrote:Re IE? I get a lot of people telling me how bad it is but I have used it for over 12 years and really don't see a problem?

It's not a single thing, rather a messy history. After a dodgy start where Microsoft tried to force it on Windows users, even going so far as to claim it was part of the Operating System and could not be removed (they lost the court case and were forced to stop being so intransigent), IE got a bad reputation in subsequent years for a few reasons, including (but not limited to).

  • Introducing Microsoft proprietary technologies (which did not work on other browsers)
  • Providing bad support for some existing web standards, leading to a nightmare for web developers as they had to write sites not only for different browsers, but different versions of IE as well
  • Terrible performance in some situations
  • Regularly horrified security testers with vulnerabilities that could be used to compromise the whole system
  • Only worked on Windows (for a while later it was available on OS X as well I believe)

... and I'm sure there are plenty of other issues one could add to this list if they wanted to and had a look around.

To be fair, some of these issues were alleviated to some extent in later versions but Microsoft have always had a big thing about backwards compatibility, which in and of itself is no bad thing but which led to some of the less desirable aspects of the browser polluting later versions.

In short, IE is, and always, was a real mess and often quite dangerous to use.

Even Microsoft knocked it on the head in the end, replacing it with Edge before recently acquiescing further and announcing that Edge would have many of its guts replaced with software based on Chromium (which is the DNA of Chrome).
User avatar
Eddy Deegan
Frequent Poster
Posts: 1828
Joined: Wed Sep 01, 2004 12:00 am
Location: Brighton & Hove, UK
Some of my musical works.
I had a weird time in Surrey once, but that was a drummer's fault.

Re: Homesafe

Postby Eddy Deegan » Wed Jan 16, 2019 7:16 pm

ef37a wrote:what are the likely implications if I don't use Homesafe?

Sorry - I just realised I didn't directly answer this question.

Basically if they don't force you to use their DNS and they don't apply DPI above level 4 to your traffic, there are no implications, so hopefully they'll respond positively to the questions I posed.

If you want a second opinion on any answers they give you, just let us know :thumbup:
User avatar
Eddy Deegan
Frequent Poster
Posts: 1828
Joined: Wed Sep 01, 2004 12:00 am
Location: Brighton & Hove, UK
Some of my musical works.
I had a weird time in Surrey once, but that was a drummer's fault.

Re: Homesafe

Postby mick.n » Wed Jan 16, 2019 8:12 pm

Having read through all of this post I'm glad I left TT to go to SSE ( my energy supplier, at the time)
mick.n
Frequent Poster
Posts: 866
Joined: Wed Sep 01, 2004 12:00 am
Location: It's grim up north.

Re: Homesafe

Postby ef37a » Wed Jan 16, 2019 8:19 pm

mick.n wrote:Having read through all of this post I'm glad I left TT to go to SSE ( my energy supplier, at the time)

Why did you do that pray?

Dave.
ef37a
Jedi Poster
Posts: 10197
Joined: Mon May 29, 2006 12:00 am
Location: northampton uk

Re: Homesafe

Postby Pete Kaine » Thu Jan 17, 2019 10:55 am

Eddy Deegan wrote:
ef37a wrote:I "had" to change browsers from IE and chose Firefox. I don't like it much and intend to try Chrome.

It's no bad thing to stop using IE (though it would annoy me on principle if an ISP demanded I did as that would be overstepping the mark IMHO). It always was a troubled browser and is now consigned to history. Chrome is a nice browser - I use and like it a lot. Firefox is fine, and although not quite as widely supported you could also look at Opera, which is very fast.

Well, to be fair, IE ceased being developed in 2016 and is getting extremely limited service patches at this point. They only include it now on W10 for backwards compatibility within internal networks where Edge hasn't been approved on corporate intranets.

Really, I think MS has reached the point of just wanting it to die, I wouldn't be blaming the ISP for this one.

Still, it's the only time I'm going to be defending TT's policies. They are known for aggressive traffic management and the DPI policy that Eddy refers too was certainly a thing last time I got tempted to switch as it's required to enforce that policy.

Whilst (still semi) on the topic of browsers, I'll throw in Brave and Vivaldi as other options.

Brave is Chrome based and security-focused with a load of anti-trackers and blockers built in already, One stop shop for being hassled less online whilst your browsing. I've only tried this one a few times, so I'm not going to recommend it outright, but certainly, one to be aware of.

Vivaldi is the project that the original Opera founders kicked off after selling Opera a few years back. Fast, customizable and well featured it's been my browser of choice now for a few years now, so quite recommended.
User avatar
Pete Kaine
Frequent Poster (Level2)
Posts: 2984
Joined: Thu Jul 10, 2003 12:00 am
Location: Manchester
Kit to fuel your G.A.S - https://www.scan.co.uk/shop/pro-audio

Re: Homesafe

Postby Folderol » Thu Jan 17, 2019 11:47 am

+1 on Vivaldi.
I use that for all my important financial stuff, but for general browsing I use a firefox derivative. I like to keep the two as separate as possible.
User avatar
Folderol
Jedi Poster
Posts: 8099
Joined: Sat Nov 15, 2008 1:00 am
Location: The Mudway Towns, UK
Yes. I am that Linux nut.

Re: Homesafe

Postby blinddrew » Thu Jan 17, 2019 11:51 am

Useful thread, thanks all! :)
User avatar
blinddrew
Jedi Poster
Posts: 6760
Joined: Sun Jul 05, 2015 12:00 am
Location: York
Ignore the post count, I have no idea what I'm doing...

Re: Homesafe

Postby mick.n » Thu Jan 17, 2019 12:07 pm

ef37a wrote:
mick.n wrote:Having read through all of this post I'm glad I left TT to go to SSE ( my energy supplier, at the time)

Why did you do that pray?

Dave.
Purely because of yet another round of price increases. My monthly cost for broadband, (10Mbps) & anytime free calls would have risen to over £40 pm had i stayed. With SSE i am paying £27 pm for fibre broadband (38Mbps) & anytime free calls.
mick.n
Frequent Poster
Posts: 866
Joined: Wed Sep 01, 2004 12:00 am
Location: It's grim up north.

Re: Homesafe

Postby garrettendi » Thu Jan 17, 2019 5:11 pm

We've just recently upgraded our broadband with Virgin. We've disconnected the phone line, so no line rental, and don't have live TV. We were on 50mb for £37pm but after a couple of short phone calls (the hold music was almost as long as the actual calls), we got upgraded to 350mb for £50pm + £5 activation fee.

The whole thing had gone live on our connection in less than 15 minutes and in our first few tests our speed wasn't far off from 400mb.

All in all, I'd definitely recommend Virgin.
User avatar
garrettendi
Frequent Poster
Posts: 1756
Joined: Sat Dec 10, 2005 1:00 am
"I mean, Led Zeppelin didn't write tunes that everyone liked. They left that to the Bee Gees"Wayne Campbell (Wayne's World)

Re: Homesafe

Postby ef37a » Thu Jan 17, 2019 6:31 pm

Pete Kaine wrote:
Eddy Deegan wrote:
ef37a wrote:I "had" to change browsers from IE and chose Firefox. I don't like it much and intend to try Chrome.

It's no bad thing to stop using IE (though it would annoy me on principle if an ISP demanded I did as that would be overstepping the mark IMHO). It always was a troubled browser and is now consigned to history. Chrome is a nice browser - I use and like it a lot. Firefox is fine, and although not quite as widely supported you could also look at Opera, which is very fast.

Well, to be fair, IE ceased being developed in 2016 and is getting extremely limited service patches at this point. They only include it now on W10 for backwards compatibility within internal networks where Edge hasn't been approved on corporate intranets.

Really, I think MS has reached the point of just wanting it to die, I wouldn't be blaming the ISP for this one.

Still, it's the only time I'm going to be defending TT's policies. They are known for aggressive traffic management and the DPI policy that Eddy refers too was certainly a thing last time I got tempted to switch as it's required to enforce that policy.

Whilst (still semi) on the topic of browsers, I'll throw in Brave and Vivaldi as other options.

Brave is Chrome based and security-focused with a load of anti-trackers and blockers built in already, One stop shop for being hassled less online whilst your browsing. I've only tried this one a few times, so I'm not going to recommend it outright, but certainly, one to be aware of.

Vivaldi is the project that the original Opera founders kicked off after selling Opera a few years back. Fast, customizable and well featured it's been my browser of choice now for a few years now, so quite recommended.

Thanks Pete, I think I shall give Vivaldi a go once the upgrade kicks in. Two hours ago Ffox would not let me attach a 15M driver for my son in France (gets a very flakey internet service) "Not allowed" or some such rubbish. Tried IE and that looks a though it would do it but after 5 mins said I needed to "enable javascript". AFAICT it WAS enabled but I downloaded it afresh and it also delteted an old version. IE still did not work "try another browser".
Back to FF and this time I followed the error line and it turns out they won't handle anything with .exe in it. I am sure I have attached such files in the past with IE?

Getting tired now....

Dave.
ef37a
Jedi Poster
Posts: 10197
Joined: Mon May 29, 2006 12:00 am
Location: northampton uk

Re: Homesafe

Postby Pete Kaine » Fri Jan 18, 2019 11:10 am

I don't quite follow, via what service were you the attaching of the file?

It does sound more like a problem with the service you were using not being able to interact with the browsers. I can understand with IE as newer versions of html5/flash or whatever it needs wouldn't be included and tend to be how those sites function.

The FF error just sounds like however you were trying to send it, didn't like the .exe file, which isn't uncommon at all. Most services like "yousendit" or "megaupload" have a blacklist of executables and installers for security purposes. There has been plenty of instances in the past where holes have been found in server security and if you have a program sat there in on the remote storage already, then triggering something to take advantage of these security holes is a primary avenue of attack.

Renaming it to "thisisaphotoorsomeotherblag.jpg" might work, or putting it in a zip in a RAR (2 levels) might too, although server-side scanning software isn't as easy to fool as it once was. Zip/RAR with a password should get around it more effectively, as it should stop the scanner on the server checking it.

I would say that you might have more luck with sending it via instant message, but I've had both skype and FB messager block me before and again I've had to rar them up and password them.
User avatar
Pete Kaine
Frequent Poster (Level2)
Posts: 2984
Joined: Thu Jul 10, 2003 12:00 am
Location: Manchester
Kit to fuel your G.A.S - https://www.scan.co.uk/shop/pro-audio

Re: Homesafe

Postby ef37a » Fri Jan 18, 2019 12:19 pm

It is all a complete mystery to me as well Pete!
I hardly know what I am doing regarding email and such but I have been sending son attachments for years with IE and cannot recall anything getting blocked before?

Firefox yes, since I have had it it seems very fussy about what is will and won't do. I did wonder if I stripped the .exe from the file and then told son to rename it his end whether that would work? In the event he has managed to download the drivers anyway.

One thing above all bugs me with Ff, bloody "Oath" adverts! How can such things be invulnerable to stopping and being deleted. I don't actually mind them, get many others but I can at least clean the rest up!

I am also going to give up my btinternet.com email address soon. That will save me 7quid a month for next to FA!

Dave.
ef37a
Jedi Poster
Posts: 10197
Joined: Mon May 29, 2006 12:00 am
Location: northampton uk

Re: Homesafe

Postby Pete Kaine » Fri Jan 18, 2019 4:27 pm

ef37a wrote:I hardly know what I am doing regarding email and such but I have been sending son attachments for years with IE and cannot recall anything getting blocked before?

Oh, so it's a webmail service?

If so, which one? Mail services will set their own block lists, so maybe they changed something?

ef37a wrote:I did wonder if I stripped the .exe from the file and then told son to rename it his end whether that would work? In the event he has managed to download the drivers anyway.

Yeah, probably would have. Keep it in mind for next time.

I am also going to give up my btinternet.com email address soon. That will save me 7quid a month for next to FA!

Crikey! Could get yourself a dedicated vanity address for £10/£20 and still make a solid saving.
User avatar
Pete Kaine
Frequent Poster (Level2)
Posts: 2984
Joined: Thu Jul 10, 2003 12:00 am
Location: Manchester
Kit to fuel your G.A.S - https://www.scan.co.uk/shop/pro-audio

Next

Who is online

Users browsing this forum: No registered users