FUD of the Day: Do you use public wifi?

/FUD of the Day: Do you use public wifi?

Because maybe you shouldn’t.

Oh, and, incidentally, don’t think stuff like SSL (the little padlock/green bar/https thing) will save you. SSL can protect against sideways attacks–that is, eavesdropping from someone who’s not in the direct line between you and whatever you’re talking to–but it does very little for in-line attacks. Basically, the rule of thumb is that, if someone “owns” the network you’re connected to, they can look at all the stuff you do on or via it, whether that “stuff” is encrypted or not.1 This is true whether the owner of the network is your ISP, the government,2 Starbucks, your mate’s dad, or some rando in the flight lounge.

So what do?

Amusingly enough, the security tips provided by the original article are basically “don’t use public wifi“, which is accurate. They also suggest using a VPN. Which… okay. But the VPN has exactly the same problem public wifi does, except limited to the scope of one entity (the VPN provider). Basically, if you’re going to use a VPN, you have to really, really trust that the VPN provider isn’t screwing you by slurping and logging all your traffic.3

Oh, and for the record? Don’t think by using 4G you’re safe, either; that data can be snooped/slurped/intercepted as well. Awesome, right?

The internet was built for a lot of things, but sadly security was not one of them…

  1. It’s slightly more complex than this, yes. But this explanation will do for now. ^
  2. If you live in a country where the government directly controls internet infrastructure, e.g. China. ^
  3. You can, of course, run your own VPN, which is something Dedicated Nerds often do, but is probably a bit of a fussy PitA for 99% of the population to bother with. ^
2016-11-17T20:10:57+00:0012th December, 2014|Tags: infosec|Comments Off on FUD of the Day: Do you use public wifi?