Staying secure when using Wi-Fi hotspots
Like many of your loyal readers, I frequently use public Wi-Fi places like coffee shops. I would appreciate some tips on how to improve my computer’s security under this circumstance.
Dr David Null
Wi-Fi hotspots are often unprotected and unencrypted, with users doing their email and surfing the web in plain text. Anyone nearby can pick up the same radio signals and read them. Often this doesn’t matter, but in general, it’s best to avoid using public networks for banking and shopping. Note that sharing a public network can also provide access to your PC, so you must run a firewall and perhaps disable file and printer sharing in Windows. In Windows 7 and Vista, you can choose the park bench icon for an untrusted Public Network and not a Home or Work network. Microsoft has an advice page, 7 tips for working securely from wireless hotspots, with other details.
Some web pages, such as log-on pages, need better security, and these often use SSL (Secure Sockets Layer) connections. You can tell when you’re using SSL because the page address starts with https:// instead of http://, and the browser will show a lock icon in the bottom right-hand corner. However, some sites that use SSL to protect log-in details then switch to plain text for normal surfing.
Most people use either WEP or, preferably, WPA on their home Wi-Fi network, which means their communications are already encrypted. Large companies often provide mobile users with VPN (virtual private network) connections, so that everything is encrypted even if they use unsecured Wi-Fi hotspots. One alternative for the rest of us is to use a public VPN such as AchorFree’s ad-supported HotSpot Shield which, in effect, sets up a VPN between your PC and AchorFree’s server. Alternatives include HotSpotVPN.com and WiTopia.
A very similar alternative is to use an anonymous surfing service such as Megaproxy (mentioned here previously), which uses a “proxy server“ to access the internet on your behalf. Because the communications between your PC and the proxy server are encrypted (essentially a VPN), you can access sites that might be banned locally. This is particularly useful in areas where the internet is censored, such as China. However, the encryption that provides anonymity also protects you from local snooping in Wi-Fi hotspots.
Anonymous surfing services make you appear to be surfing from a different country: the one where the proxy server is located. This is handy for accessing sites that block overseas users. However, free services can limit access to things you might want, such as streaming video or Skype, and add things you don’t want, such as advertising banners. Even with paid-for proxy suppliers, the terms of service will usually forbid access to pornographic and other undesirable sites. (The hotspot provider can’t read your data, but whoever is running the anonymous service is usually logging the sites you access.)
The Free Country has a list of some anonymous surfing services. You can also read the reviews and comments at the Gizmo Freeware page, Best Free Anonymous Surfing Service.
Another thing to watch out for when using a public Wi-Fi hotspot is the rogue or “evil twin“ network, which is essentially a phishing scam. Users with a range of open Wi-Fi networks to choose from may be lured to pick one with a familiar sounding name, but it’s a fake used to collect log-in names and passwords. I’m not sure how much of a threat this is, but it can be worth checking the exact name of a hotel, coffee bar or airport network before you log on.
Finally, watch out for physical risks. If you’re using a public hotspot, someone may be literally looking over your shoulder and able to read anything on the screen. And if you leave your laptop unattended, someone might steal it. Either limit the amount of personal data you carry around or make sure it’s password-protected and properly backed up. Losing an unprotected laptop could well be more serious than being snooped on at a Wi-Fi hotspot.