The Electronic Frontier Foundation (EFF) recently published an article claiming that fears of using public wifi are quite unfounded. It says:
“…due to the widespread deployment of HTTPS encryption on most popular websites, advice to avoid public Wi-Fi is mostly out of date and applicable to a lot fewer people than it once was.“
We live in the age of HTTPS. According to Google, most connections from Chrome users in the US (93%) take place over HTTPS and the number is growing worldwide. Similarly, 96 of the World Wide Web’s Top 100 sites (excluding Google) use HTTPS by default and all of them support HTTPS connections. It’s recommended you use a plugin such as HTTPS Everywhere to force your browser to use more secure connections, whenever possible.
The EFF says that once you’ve done this:
“…anyone along the communication path—from your ISP to the Internet backbone provider to the site’s hosting provider—can see their domain names (e.g. wikipedia.org) and when you visit them. But these parties can’t see the pages you visit on those sites (e.g. wikipedia.org/controversial-topic), your login name, or messages you send. They can see the sizes of pages you visit and the sizes of files you download or upload. When you use a public Wi-Fi network, people within range of it could choose to listen in. They’d be able to see that metadata, just as your ISP could see when you browse at home.“
Blindly connecting to any public wifi is ill-advised. It would be very hard for someone to setup a dummy public wifi and record the protocols/ports you are using. Phishing a login and password would be trivial. Also, those who aren’t tech-knowledgable might be convinced to install a malicious app nonetheless!
David Gewirtz of ZDNet writes:
“Another thing to consider about https encryption is it only encrypts your web traffic. Any other internet activity is not touched by the https protocol and therefore requires its own encryption. Examples of other activity include web-based video games that might send your account, password, and even credit card information in the clear; an e-mail program; or even a locally run accounting program.“
If you truly want to be safe on public wifi, you’ll need to follow a multi-pronged approach.
Do you need wifi or a cellular connection?
Think carefully if you truly need wireless access and if you can trust the network or something you may have found tempting or inexpensive (such as a ‘Free Wifi Here‘ SSID). If you connect to Starbucks’ public wifi and it isn’t actually that, at least you’re safer than connecting to a known trap.
Make VPNs your new best friend
Several VPN providers exist out there which siphon your data to third-parties but if you find a trusted one, or create your own, it can boost your security when accessing public wifi. Make sure your VPN is turned on before you access a site or submit login credentials. Be sure to test it for DNS leaks frequently.
Plugin any other security holes
Whether you’re using public wifi or the home net, it’s best to load your browser and operating system with helpful tools such as an anti-virus and anti-malware setup. You can also use UBlock Origin, Privacy Badger and HTTPS Everywhere also. Ensure you aren’t sharing folders on your computer. Keep your apps and system updated with latest security patches and pay attention to what goes on in your browser’s address bar. When you’re done using public wifi, opt to ‘forget the network’ so someone else can’t spoof it and automatically get your device reconnected (before VPN is enabled).
HTTPS is not the only thing you need to stay safe on public wifi. It doesn’t make you safe, per se, just helps you along the process.