Public wifi networks – you find them at airports, coffee shops, and even at fast food restaurants. Public networks don’t have to be wireless. Hotel networks are often wired, but they are public, and the same precautions apply. You never know who else is on the network capturing your traffic. Are public networks safe? What can you do to protect yourself?
First, know the risks. There are three ways others can steal your data or compromise your privacy when you are on a public network.
- The first one is old-school and low-tech (or even no-tech). Someone who wants to steal your passwords or just see what you are up to can simply look over your shoulder (it is called shoulder-surfing). There is a more advance version, though. It involves a small video camera strategically positioned to record what others are doing – sometimes from a distance of several meters. Watching the display and playing back video of the keystrokes while entering passwords can be an effective attack. In a crowded place, and with the right equipment, this is easier than you might think.
- The second one is simply capturing the traffic that you are broadcasting through the air (that’s why it’s called wireless, you know) and analyzing it later for passwords, etc. Many public networks are open (all the traffic is in “plaintext” and can be read) or use shared passwords (if you all have the same password, it is more or less the same as an open network). Assume any password given to you by someone else is not secure, since you have no way of knowing who else may know it.
- The third one is a little more difficult, but not much. Anyone can pretend to be a free wifi access point. It just takes a little configuration on a laptop to set up a network that others can connect to. The attacker calls it “Free Public Wifi” and then connects any victims who fall for the trick to a real public network. The victim surfs happily, but the attacker is recording everything.
Ouch! That sounds dangerous. What can you do to avoid being the victim? Here are five tips:
- Avoid doing sensitive work when on a public network. Do you really need to check you stocks or your bank account from the hotel or the coffee shop? Only do this when it is really necessary.
- Look around. Be aware of your surroundings. Lean over the keyboard when typing passwords. Sit with your back toward the wall. Don’t make it easy for others to see what you are doing.
- Know what you are connected to. Make sure you know the name (also referred to as the SSID) of the network you want to use. Beware if you see a duplicate or similar name. Avoid unknown networks. In addition, your laptop should be configured to connect to “access points” only (also known as infrastructure mode). Do not allow your computer to connect directly to other computers (also known as ad-hoc mode.
- On a Macintosh, go to System Preferences > Network > Advanced and made sure “Create computer-to-computer networks is not checked.
- On Windows, double-click the wireless adapter icon > click the “Wireless Networks” tab > click the “Advanced” button, and make sure that “Access point (infrastructure mode) networks only” is selected.
4. Learn about https. In the address bar of the browser, the address starts with either http:// or https://. The “s” stands for secure. In this mode, all the traffic to and from your computer is encrypted and cannot be read by anyone else – even if they record it and analyze it later. Any sensitive information should ONLY be sent over an https connection. A word of caution, though – if you are tricked into making a https connection to an attacker, they will be able to read what you send. You must be SURE you know who is at the other end of the https connection. If you receive an error about a “certificate” when on a public network, DO NOT ignore it. You may be about to become a victim. Checking email? Remember that even though you may sign in to your account using https, the mail is usually sent over http, in cleartext. The exception is Gmail, which defaults to https for everything. It is the most secure email service for use in public locations. If the last two tips sound a bit complicated – well, they are. The good news is that you can skip them both if you want and just go to tip number five.
5. Use a VPN or a secure connection service. If you really want to be safe, use a VPN or a secure connection. With a VPN, your computer does not connect directly to the internet. Instead, it makes a completely secure (encrypted) connection to some other computer, which then connects to the internet from a non-public network. Examples are LogMeIn, and GoToMyPC. There are many others. There are free versions and paid versions with more advanced features. You install these on a home or office computer, but you may have to do some configuration of your home or office router to make it all work. There are also secure services that work the same way, except that their servers establish the actual connections to the internet. They are usually easier to configure. Examples areHotSpot VPN, Witopia, andHotspot Shield. Again, some are free, and some are paid subscription services.
You see, computing from a public location can be safe. The first and second tips are just good, common-sense ways to avoid unnecessary risks. The second and third tips are a bit “nerdy”, but good safety practices. Tip number five is the easiest, and nearly bullet-proof, as long as you also follow tip number two. You don’t have to spend money, but spending a little may get you some added speed, convenience, and features.
Use your head (to block the view of the keyboard when typing passwords, that is), pay attention, and be safe.
Dennis H in West Virginia, US
June 2, 2010