When you are away from home, and especially if you are traveling, you may feel a little anxious and worried when use public wifi. Maybe you are sitting in an airport waiting for your flight and that wireless network is like a siren song.
You will be interested in:
You have one of the best laptops you can buy, but you’ve always heard that public Wi-Fi is dangerous or strictly forbidden by your job. So what can a traveling techie do? We chat with Chester Wisniewski, Principal Scientific Investigator of Sophos to find out how terrible it was.
What do you think? It turns out that it is not so bad.
Most of what you’ve heard about public Wi-Fi networks probably dates back a decade or more. That’s where its terrible reputation comes from. But things have changed and it is important to understand how, and part of the how includes the why. However, there is a bit of history to go through to see how we got here.
How we got here
Many moons ago, the internet was largely insecure. We depended on our networks to keep our network traffic protected. As a result, people were vulnerable to attacks with cute names like “evil twin” and “man in the middle.”
These attacks allowed a hacker to see everything that was happening as it flowed through the internet. Type in www.facebook.com and enter your username and password and that information was there, waiting to be intercepted. But there was no problem, because the network protected everything.
But just under a decade ago, a man named Edward Snowden appeared on the world’s radar, and suddenly everyone realized that what we do on the internet could be seen and collected.
When that happened we freaked out, thankfully in a good way and started to block everything as much as possible. This brings us to where we are today. Wisniewski says:
“Today if I go to Starbucks and try to hack you, I get nothing. At best, what I’ll see the most is ‘Adam got on Facebook’, but I have no idea what you’re doing on Facebook. I don’t know if you are logging in as Adam or if you are logging in as your alter ego. I have no concept because all of that is encrypted and protected at the application layer rather than on the network. “
How is the situation today
It took some time for this to roll out, but in 2019, Google reported that almost 92 percent of traffic on the internet it was encrypted. Turns out, the answer was always in our address bar.
The “s” in “https: //” indicates that the traffic you are generating is encrypted. It uses Transport Layer Security (TLS) to encrypt data sent over the internet and it does so at the application level. It is worth noting that “application level” refers to both the website, such as facebook.com, and the Facebook application.
The only information that is leaked unencrypted is the DNS lookup. For example, if you open a browser, go to digitaltrends.com, and someone intercepts your signal, they can see that you went to the best tech website of all time, but they won’t be able to see what you did there.
Even that is changing, according to Wisniewski. Both Firefox and Google Chrome hide DNS lookup information by default, and most other web browsers offer the ability to do so. Windows 11 has a system-wide option that you can enable to hide that information in any browser.
Additionally, HTTP Strict Transport Security (HSTS) adds another layer of security. HSTS basically teaches your computer what a website looks like on your first visit. Each subsequent visit confirms to your browser that it is correct.
There is a preloaded HSTS list of tens of thousands of domains that your browser knows about, even before your first visit. This prevents “man in the middle” attacks from sending you to the wrong site made to look like the right site.
Exceptions to the rule
So it all comes down to that, for the most part, public Wi-Fi is as secure as you can reasonably ask for, but there are a few caveats to that.
If you are the type of person who routinely handles extremely sensitive information and / or information that other people really want, then you should think twice before connecting to any network that you or your company has not created.
While the encryption we use every day is strong enough to handle casual attackers, if you handle information that others would literally kill for, public Wi-Fi is not for you.
Another big warning comes in the form of companies whose policies specifically prohibit the use of public Wi-Fi. If you work for such a company or agency, just don’t do it.
In the company’s view, there aren’t enough protections, and they sign your paychecks, so who are you to argue? The bottom line is that companies have rules, and as an employee, it’s your job to follow them, regardless of what a tech website has to say about it.
Finally, listen to your instincts. If you feel uncomfortable logging in from the airport, don’t do it. After all, we are talking about your data. You can use a banking app to log into 5G or LTE from your phone, which is as secure as networks can be.
Other ways to stay safe
So are there ways you can make your web traffic even more secure? One theory is that a virtual private network (VPN) is a good way to hide data, and Wisniewski agrees to some extent.
But in cases like that, he describes a VPN as “reassign trust.” While most of your traffic is already encrypted, using a VPN transfers unsecured things (like DNS lookups, for example) to the VPN.
If you trust your VPN more than Starbucks network engineers, that will help you with the limited amount of data that is not yet encrypted.
“In general, for most people, public Wi-Fi is safe and the reason for this is that, as a society, we are much more security conscious than we were ten years ago.”
One of the most important messages Wisniewski left us was a warning against clicking on security messages. When you are visiting a website and your browser displays a warning that the site may not be secure, it probably is.
The problem can be as simple as a typo or an expired security certificate, but suffice it to say, if you get a warning, there is a reason. Please double check everything and if in doubt skip it and come back another time.
Beyond that, password managers are an excellent tool that can be used to stay safe on the internet, regardless of how you connect. These applications are inherently strict when it comes to security and avoid the reuse or oversimplification of passwords. Also, if a password is violated, it is quite simple to change.
We have learned to demand that our information be more protected and the internet has responded. So if you’re on the road or just out and about, it’s probably okay to have a coffee and enjoy Netflix.