How to stay safe while using public Wi-Fi
Whether you are traveling frequently or a remote worker, relying on public Wi-Fi may not be ideal, but it may be the only option to get work done sometimes. Many may not even be aware of the dangers of public wireless connections, but there are also precautions available to improve security and privacy.
Public Wi-Fi is a common option in many places, including at airports, libraries, hotels, cafes or restaurants. Just connect to the wireless network and use the available Internet connection for work or leisure.
The following guide helps users stay safe while their devices are connected to public wireless networks. There are several risks, including the following ones:
- Network Snooping -- Someone else is monitoring network connections and what users do on the network.
- Infections -- Hackers may infect public Wi-Fi networks to spread malware or monitor what connected users do.
There are other forms of attacks, including session hijacking, creating rogue access points or attacking devices that are in the same network.
Use a VPN
The best protection against any form of public Wi-Fi attack or risk is to use a VPN, Virtual Private Network. One of the main features of VPNs is that they encrypt your device's traffic. This prevents others, including the network operator, other connected users or hackers, from spying on your network traffic.
Some browsers include basic free VPNs, but most VPNs cost about a Starbuck Coffee per month. To name a few options: Mullvad or ProtonVPN. Even Google has its own VPN called VPN by Google One now, which is available for all paying customers.
With a VPN connection in place, some include options to auto-connect to the VPN whenever a connection to a public wireless network is established, risks are reduced significantly. It allows you to act freely on your devices, without having to worry about network sniffing or manipulation of Internet traffic.
Other Tips regarding public Wi-Fi connections
If a VPN connection is not available, for whatever reason, then users may follow these suggestions to improve security and privacy:
- Turn off automatic connectivity features. Some devices may connect to public wireless networks automatically, especially if no other mobile connection is available. Disable this option to gain control over the feature and avoid unwanted connections.
- Turn off file sharing. File Sharing should also be turned off, as it may give others access to files on your devices, especially if access is not protected properly.
- Don't share or use sensitive information or data. It is recommended to avoid using sensitive data, e.g., logging into a bank account, making online purchases or uploading sensitive data while connected to a public Wi-fi network.
- Make sure software and the operating system are up to date. Keeping software up to date prevents attacks against known security issues.
Closing Words
All in all, it is recommended to use a VPN all the time when connecting to public Wi-Fi networks. Skip one coffee per month and get a good VPN instead to protect your data and improve security significantly.
Now You: do you connect your devices to public Wi-Fi networks?
VPNs were advertised as hell after the CLOUD hype galore.
Using secure means defeats snooping. Secure here is not simply HTTPS
HTTPS has been hyper as hell, again, without informing users about WHO OWNS THE KEYS.Check it out in your browser how many Certificates are allowed by default. I have police certs, even expire Certs… HTTPS means nothing nowadays, the exchange of certificates and properties on various levels of Certificate Authorities had many issues and still has. Into your browser’s certificate manager, look it up.
Don’t use VPN services.
https://gist.github.com/joepie91/5a9909939e6ce7d09e29
Pretty low IQ… the article you link literally mentions that one of the only potentially useful times for a VPN is when on public wi-fi.
Man imagine sharing something and not actually knowing what you shared.
You are missing the point. Most public wi-fi aren’t “known-hostile”. Some are, e.g. they may block certain IPs or domains, but allow others. Then you need a proxy, and a VPN works indeed because as the article says, it’s just a glorified proxy. However, this happens very rarely, and you don’t need a VPN for most public wi-fi.
And for the few cases that a VPN can be useful, having your own VPS is a better idea. This is all explained in the article I linked, seems it’s you who didn’t read/understand it.
Do I want to leave Network Discovery on?
I stay in hotels pretty much every week as it is required for the line of work I do. Not only do I use a VPN, but I also connect to a portable mini router(Slate AX) from GL.iNet. Not only does it act like another firewall, but all I have to do is connect to the hotels wifi once and then all of my devices can connect to the router. So I can have my phone and my laptop both connected to the router that also supports all major vpn’s and the router itself acts as a firewall.
I use one of the VPNs you mentioned on all my devices all the time. They are so fast these days that there’s no noticeable difference in speed, which is quite an improvement from a few years ago when using a VPN meant that your connections would be much slower. Also, the VPN blocks ads and trackers and malware, and allows you to deny connections to specific programs and apps on your device. I use the kill switch so that if the VPN is not connected then there’s no clear net connection made, and no chance of unencrypted data being sent.
I think the hardest thing is finding one you can trust. I spent years trying different ones and looking into different legal and jurisdictional issues with the different providers. I think I’m with one now that’s going to be pretty trustworthy for the longer term.
Do tell. I’m also in a quandry about which providers are trustworthy (settled on Nord for now).
Nord looks good to me, I tried them for awhile and almost went with them. They are certainly fast and affordable and their VPN apps have great features.
Any VPN provider that is making 3rd party audit results publicly available is a good one to look at. The two that Martin mentioned should be at the top of any list due to their publicly available audit results.
Jurisdiction is a big deal – look at the country that you are living in, and the legal agreements they have with different countries to directly access data. For instance, someone living in England may not want to use a VPN that’s located in Germany if the two countries have a direct data sharing agreement. In that case, Germany could spy on English citizens in ways that the English are not legally allowed to do themselves, and then share the data directly back to the English authorities. I’m not doing anything illegal online, but I like to minimize the amount that I’m exposed to the global surveillance dragnet.
I keep seeing advertisements about needing a VPN. But HTTPS already protects the communication. The domains may still be exposed, but you can also use DNS over HTTPS to address that.
Even if the quality of gHacks has plummeted, I though I could still trust Martin’s articles. Seems it’s not the case.
That HTTPs question reminds me of something I wrote aeon ago…
If you would like to read a tiny section out a book, that I co-authored (2011) covering the complex topic of: TCP/IP. I don’t work in Computing and never have.
“[…] If you’ve ever used the world-wide web you will have used both TCP/IP and HTTP protocol to surf the web via a browser. It uses a Client/Server model.
The familiar HTTP protocol uses TCP port 80, and allows clients to deliver documents authored in HTML and other markup languages to be rendered by a user agent such as a web browser. Typically a web browser will send HTTP requests to a web server; the server will then use HTTP to send the data back to a browser in the form of a webpage or type of file requested.
HTTPS (Hypertext Transfer Protocol Secure) is a secure version of the protocol.
Typical uses of HTTPS would be for secure banking or online payment services where private or sensitive data needs protecting during transfer via a website.
Wireless Security and HTTP
WARNING: There is still vulnerability of eavesdroppers if you use HTTPS via a Wi-Fi (802.11b wireless) connection without using encryption. An example of encryption would be Wi-Fi Protected Access (WPA) security protocol. …”
However, the Technical Editor was incompetent in my personal opinion and introduced a lot of errors as networking terms matter, e.g. you never write byte when you mean octet. :-(
As was mentioned earlier, be extremely cautious about using Public Wi-Fi networks regardless of the entity hosting them, and take extra precautions. I don’t connect to public Wi-Fi, it’s extremely hazardous nowadays. However, if I did, I would certainly use layered protection, such as VPN.
> There is still vulnerability of eavesdroppers if you use HTTPS via a Wi-Fi (802.11b wireless) connection without using encryption
That’s nonsense. The point of HTTPS is that you don’t trust the communication channel. And whatever an attacker can do if you use wi-fi can also be done if you use ethernet that has been wiretapped, and can also be done by the ISP regardless of wi-fi/ethernet.
In fact, wi-fi encryption just deters random people from joining your network, but it’s not super-hard to break, and doesn’t provide real safety for your communication. The important part is using HTTPS, not WPA2 or whatever.
Dear Anonymous [April 1 2023], in that book section, I was just pointing out HTTPS on itself, is not as ‘secure’ as the “general public” typically believes. HTTPS does not encrypt all your data, for example DNS queries.
It looks like you misunderstood the quoted text meaning; I wasn’t writing about potential threat actors nor implying by using WPA protocol that you were somehow “magically safe”. I even mentioned lower down in this blog about “layered protection”.
Everything sent across the local Ether is unencrypted regardless of https. We demonstrated this at a * hat conference in Vegas years ago and shocked many attendees when their chats and passwords were broadcast on the public screen. WireShark was the only tool required. VPNs are a must.
What? The encryption and decryption happen in the client and the server. Why would the unencrypted data be sent to the local network?
Most VPN’s that proclaim that they do not keep logs are not giving the full picture – it may well be true that they personally do not keep logs, but they fail to mention the government security agency tap just prior to the VPN provider where it is logged. They are legally required to do so in most countries and those that do not comply get banned.
HTTPS is great for that, but not every site uses it. Yes, it is rare these days. Other activity on your devices may not use HTTPS either, and it is more difficult to spot. DNS protection may also be essential to avoid attacks targeting it.
Rarely, and yes we always use our VPN’s mobile app. Actually, it’s the only time we use it.