Everybody loves free (digital) services. But as many people know, these so-called free services have a catch most of the time and are not completely free. Unfortunately, not everybody is a good samaritan. The devil is in the details and these details are in complicated Terms and Conditions that nobody reads. Additionally, free services can lack proper security measures. A good example is the free WiFi service. In this post, I will provide tips on how to protect your privacy and your data against attackers on public WiFi.
How do I know if a public WiFi network is secure?
Let’s be clear on this one: no public WiFi network is completely secure. Security depends on a few items to start with:
- Known number of people on the service: who is with you on the WiFi network? Are these people visible at the location? For instance in a restaurant?
- Who provides the service? Is this a place where you are having lunch that offers this extra service to its customers? Or is it an unknown network that suddenly pops up on your device in a shopping street, operated by a third party you don’t know? It might be a legit network but how are they making money then? What’s the benefit of running this free network?
In general, the first step is to use your common sense and ask yourself these kinds of questions. If you don’t like the answers you give yourself, don’t use the network in the first place. My golden rule is to stick to as few public WiFi networks as possible and if you need to connect to a public WiFi, do it in an establishment you trust like a coffee shop, a well-known shop or a restaurant. The more networks you sign up to, the more risk that you run into a network that is not treating your data as carefully as it should be.
I would also advise asking an employee of the service provider you want to use for free WiFi if the network you want to choose is the correct one. Hackers might set up a fake public WiFi that has a name that is close to the actual service provider.
If you have internet access without using WiFi, I would advise you do a web search for the connection you want to join. Sometimes you can read about the experience of other users on a specific free network.
Terms and conditions
In the book “The Art of Invisibility” the author, Kevin Mitnick, refers to an experiment done in London. In the experiment, a banner with the terms and conditions appeared when logging into free internet. In the experiment, the terms for use of the free WiFi network required the surrender of the user’s firstborn child or beloved pet. Six people consented to these terms and conditions. This sounds hilarious, but legal wise you’re stuck by accepting this. I liked this experiment because it shows how easily people accept terms and conditions and give up a part of their belongings (privacy in most cases) without notice. P.s.: I recommend reading Kevin’s book. It gives a great insight into how easily privacy can be breached and it gives you tips on how to limit your visibility hence preventing people access to your own personal intellectual property (privacy).
If you have to use a public WiFi network and if you trust this network by answering all the security questions you asked yourself and checked the authenticity with an employee, you can access the network. But if you access the network, terms and conditions should appear. If this is not the case, don’t connect. For me, it’s a red flag when I don’t have to accept terms and conditions. Terms and conditions are in my opinion one of the ways to identify if a free network is legit or not.
When the terms and conditions appear, read them before you connect to a public WiFi network. Most of the time, parts of the terms and conditions may look like gibberish to you if you are not a lawyer but it should be possible to identify major red flags. Particularly about the data that is being collected when you are on the network and what the provider of public WiFi is doing with this data. If the terms and conditions are too complex for you, a quick web search (if you have internet access without using WiFi) should bring up the issues that other users might have (if you did not search in the first place).
If you have to provide additional information like your name, e-mail address and/or a phone number you should consider providing an alias name, mail and phone number. I wouldn’t advise providing all your real-life details. This way you avoid spamming.
Always use HTTPS
HTTPS is an extension of the Hypertext Transfer Protocol (HTTP). It is used for secure communication over a computer network and is widely used on the Internet. In HTTPS, the communication protocol is encrypted using Transport Layer Security (TLS) or, formerly, Secure Sockets Layer (SSL). The protocol is therefore also referred to as HTTP over TLS or HTTP over SSL. Transport Layer Security is a widely adopted security protocol designed to facilitate privacy and data security for communications over the Internet by using encryption. When you browse on the same WiFi network as other people, they can’t see the data that travels between you and the server of the website you are connecting to while using HTTPS. Over HTTP it is easy for outsiders to watch what you are doing. So always use HTTPS. Nowadays, a lot of sites automatically switch to HTTPS. You can identify this by seeing a lock in the address bar:
If you don’t see a lock, make sure to type in HTTPS manually in the address to guarantee the security of the communication with the website.
Don’t use AirDrop and File Sharing
Make sure to deactivate features that enable frictionless file sharing on your devices. When you are on a PC, go to Network and Sharing Center, and select: Change advanced sharing settings. Then turn off file and printer sharing:
For Macs, go to System Preferences, then select Sharing, and unselect everything.
Then go to Finder and click on AirDrop. Select: “Allow me to be discovered by: No One”. For iOS, find AirDrop in the control center (type AirDrop in the search bar and select: Receiving off)
This way nobody close to you can grab your files or send you files that you don’t want. I would advise having AirDrop and FileSharing options disabled all the time. Just enable it when you really need them and disable them afterward.
Always update your device
I know it might be a hassle to immediately update your devices but my advice is to do this immediately when you receive an update. Many exploits rely on old software so make sure you are always running the latest version of your software and your patches on your laptop, tablet and your phone. I also advise not to download or install anything over a public network to prevent any risks of malicious software (malware) being installed on your device.
Use a VPN
Installing a Virtual Private Network client (VPN) on your device is the best choice for staying safe on a public network. VPN encrypts your data traveling to and from your laptop or phone and connects you to a secure server. This makes it much harder for other people on the network, or whoever is operating the network, to see what you are doing and to snoop around through your data. It sounds harsh but if someone is looking out for a victim, you will probably be skipped because you are running a VPN which makes the challenge to get into your device much harder. Hackers are businessmen and they want the most bang for the buck in most cases unless you are specifically targeted. My advice is to pay for a good VPN provider and don’t be cheap about it. It’s better to invest in good protection than in a free or almost free solution: do your research. There is good advice on the web that makes your selection process easier. If you are working in a lot of places and if you connect a lot to different networks, it’s worthwhile to invest in a good VPN.
Final thoughts
I hope this post gives some insight into the risks of public WiFi and the actions you can undertake to mitigate some of these risks. It’s not fully “bulletproof” but it makes you at least a bit less visible to possible attackers.
Feel free to ask me any questions or give me additional advice by contacting me and if you want to keep in the loop if I upload a new post, don’t forget to subscribe to receive a notification by e-mail.
