The general public’s attitude to privacy often makes us want to facepalm (a quick look at the most commonly used passwords is enough to utterly destroy any faith in the human race), but the recent 2014 Communications Market Report (p. 322) by UK broadcasting and telecommunications watchdog Ofcom includes another snippet of information that will make any security conscious netizens want to crawl into a hole a whimper for a while.
According to the report,
‘Most people who used WiFi outside the home were not concerned about how secure it was: three-quarters (77%) disagreed with the statement “I am concerned about security when accessing WiFi outside the home” and 75% disagreed with the statement “There are certain things that I wouldn’t access/do on the internet when connected to public WiFi”’.
As we are sure that everyone reading a VPN website will know, using a public WiFi is about as insecure as you can get! The most common scam is for hackers to set up fake ‘evil twin’ hotspots with names such as ‘Free airport wifi’, which lure unsuspecting users into connecting to them, and from where they can syphon of any data (such as bank account logins etc.) that the user enters while connected to the rogue hotspot.
A more sophisticated attack is to use a packet snooper such as the infamous Firefox add-on Firesheep, which can be used by even lay-persons with almost no hacking skills intercept unencrypted cookies sent from websites such as Facebook and Twitter over public wireless networks.
This allows them to ‘sidejack’ a user’s current session, and to effectively use a website as that user (although it won’t give the hacker access to usernames and passwords). The hacker could then download personal details, send spam, delete the user’s accounts or change their password, or even download unsavory material using their account.
It should also be noted that criminal hackers are not the only danger. Over a two week period in 2012 the Canadian spy organization CSEC (Communications Security Establishment Canada) trial-ran NSA developed technology, using it to track thousands of ordinary travelers who had taken advantage of a Canadian airport’s free WiFi.
While the actual content of communications (phone calls and emails sent) was not tracked, the scale of metadata collected was such that travelers could be tracked for days after leaving the airport, as their phones showed up on other WiFi hotspots around Canada (such as airports, hotels, coffee shops and restaurants, libraries, train stations etc.), and their movements could even be tracked days before they arrived at the airport!
As the Ofcom report itself notes,
‘Public WiFi services are typically provided without any encryption, that would prevent eavesdropping or modification of traffic conveyed between the user’s device and the internet. WiFi hotspots operating without encryption are frequently referred to as ‘open’ WiFi networks, and these are convenient for users as they allow any device easy connectivity without needing a password or a key in advance. A drawback of ‘open’ WiFi networks is that a malicious person could monitor open WiFi connectivity and, in rare cases, observe sensitive data such as users’ IDs and passwords.’
By far the best solution to this problem is to use a VPN service (of course!). When using VPN you create an encrypted tunnel between your computer (laptop, tablet, smart phone etc.) and the VPN server. To all intents and purposes, no-one – not hackers, not your ISP, not a legit hotspot operator, and not even the NSA (probably), can access your data anywhere en-route between your device and the VPN server, as it is completely encrypted. The VPN provider can see your data, but a good provider keeps no logs of its customers’ activities.