A new way of configuring Android telephones for eduroam increases the safety of your connection.
Preface
Everyone with an ICT account of the university can use eduroam WiFi networks worldwide. If properly configured, a device, such as a telephone, will connect directly to an eduroam network. It then sends the login data through that network to the university for verification. Of course this happens encrypted, so this data can not be read. There are, however, ways in which criminals can get access to that data. The new configuration method strengthens security and also addresses a possible privacy problem.
Strengthening security
New Android phones can verify whether the server where the log-in data is going to, is the correct server. This is done with certificates similar to the ones producing the locks in browsers when visiting websites. Unlike with browsers, where you have to check the lock yourself, the phone can do this automatically. You have to tell him what to look at though.
Hence the use of the option Use System certificates in the configuration. This way the telephone is told that it must check the certificate and that the certificate must be issued for 'utwente.nl'.
Improve privacy
If you use eduroam at another institution, that institution must know where the log-in data should be sent to. These data are encrypted and therefore not viewable by that institution. That is why in the past the ICT account (Identity) was made visible to that institution. The '@utwente.nl' told them where to forward the data to.
That allowed the administrators of that eduroam network to see your complete account name. That has been solved in new Android versions by offering the possiblity of an Anonymous Identity. What is in front of the '@' is not important here, as long as it ends in '@utwente.nl'. To indicate that this is an anonymous identity, 'anonymous@utwente.nl' is usually used.
Instructions
If you want to use the new configuration, make sure that your phone forgets the current configuration. Then follow the instructions in the manual.
