You Need More Than HTTPS to Stay Safe on Public Wi-Fi
You should no longer be afraid to use public Wi-Fi. Or at least you will have a lot less fear now. While that doesn’t mean you have to blindly connect to “free internet”, “xfinity” or other random open hotspots without the slightest bit of common sense – and some software backups – we’ve come a long way since human days using software tools like Firesheep to sniff everything you do on public Wi-Fi.
At least that’s the position of the Electronic Frontier Federation. The organization recently published an article claiming that any concerns you might have about using public Wi-Fi are slightly unfounded: “… due to the widespread use of HTTPS encryption on most popular websites, advice to avoid public wifi is mostly irrelevant. date and applies to far fewer people than it once did.
There is no doubt that we live in the HTTPS world today. According to Google statistics, the majority of Chrome user connections in the US are made through this secure form of HTTP (93%), and this number is only growing globally. Likewise, 96 of the top 100 (non-Google) websites currently use HTTPS by default, and they all support HTTPS connections – which is why you should definitely use a plugin like HTTPS Everywhere in your browser to force them more – secure your connections when you can.
When you do, notice the EFF:
“… anyone in the communication path – from your ISP to the ISP to the Internet backbone to the website hosting provider – can see their domain names (eg wikipedia.org) and when you visit them. But these parties cannot see the pages you visit on those sites (for example, wikipedia.org/controversial-topic), your login name, or the messages you send. They can see the sizes of the pages you visit and the sizes of the files you download or upload. When you use a public Wi-Fi network, people within range can choose to listen. They will be able to see this metadata in the same way that your ISP can see when you browse at home. “
That’s all well and good, but I wouldn’t blindly connect to every public Wi-Fi hotspot you see if you’re completely safe. First, it will be easy for someone to set up a bogus public Wi-Fi and record the protocols and ports you use – like this . Phishing for login and password, especially if a person does not pay attention to what is displayed in the address bar of the browser, would be just as trivial. And those who are not at all tech-savvy can even be persuaded to install a rogue app to provide “free Internet access.” Uf.
And remember, writes David Geewirtz of ZDNet:
“Another thing to consider when encrypting https is only encrypting your web traffic. The https protocol does not affect any other activity on the Internet, so it requires its own encryption. Examples of other activities include web video games, which can send your account information, password, and even credit card information in clear text; e-mail program; or even an accounting program launched locally. “
If you really want to stay safe on public Wi-Fi, you need a multi-pronged approach.
Do you really need Wi-Fi, or can you get a cellular connection instead?
Consider whether you really need wireless access and can you trust this network (the official Wi-Fi network that the airport specifies that you should use) or something that you think looks tempting and inexpensive (random SSID “FREE WIFI HERE “). While you won’t get out of the woods if you connect to Starbucks’ public Wi-Fi, which you really don’t, you are at least slightly safer than connecting to the obvious trap.
Great VPN is your new best friend
There are tons of VPN providers out there that suck and siphon your data for sale to third parties, but if you can find a reliable provider – or if you create your own – this is a great way to increase your security when accessing public wifi. Make sure you enable it before doing anything, such as submitting a username and password to a site or service. And check it from time to time for DNS leaks .
Make sure you cover other security holes as well.
Whether you’re using public Wi-Fi or browsing at home, pack your browser and operating system with a complete set of useful tools to help you avoid internet problems. Install reliable antivirus and malware protection . Use UBlock Origin, Privacy Badger and HTTPS Everywhere in your browser. Make sure you don’t share folders on your computer, including the good old Windows public folders. Keep your system and apps up to date with the latest security fixes. Pay attention to what is displayed in the address bar of your browser. When you’re done using public Wi-Fi, forget about the network so someone can’t spoof it and force your computer or phone to log back in (before you turn on the VPN).
HTTPS is great and important – don’t get me wrong – but it would be just as wrong to assume that it’s the only thing you need to think about when you connect to public Wi-Fi. It helps make you safer; it doesn’t make you safe.