Public Wi-Fi Security Q&A

GEEK FREE
By Joe Callison
29 November, 2019

Does using HTTPS (secure HTTP) make internet browsing on public wi-fi safe?
Currently just a little over half of websites use HTTPS only in their designs. Others may use it to establish the initial connection with the user and then revert to HTTP for displaying some content to avoid the extra burden of encrypting/decrypting data. Some allow initial connection with HTTP and then redirect to HTTPS. This opens up opportunities for a “man in the middle” interception of the non-secure transmission and redirecting it to the attacker’s own content.  

Using an “HTTPS Everywhere” type browser add-on (https://www.eff.org/https-everywhere) can help prevent exposure to websites with non-encrypted content. Eventually, all website content will be encrypted to comply with the latest HTTP versions being used to design websites. There will still always be methods developed by hackers to circumvent secure connections, but they will become increasingly more complicated to do, especially in a public setting.

Does using a virtual private network (VPN) service make internet browsing on public wi-fi safer?
Connecting to a VPN service secures communication between the user and the VPN server for access not only for internet browsers but all apps and programs on the user’s computer that use an internet connection after establishing a VPN connection. It does not make the content of the sites you are connecting to any safer, but at least data will not be transmitted unencrypted at the public wi-fi end. In addition, assuming the VPN provider does not keep a log of your activity, no one will be able to identify you with the websites you connect to except for a website that you sign into with a username and password. VPN services are used more for the privacy protection than for security. Note that this differs from a corporate VPN on a private network, which is primarily for secure transmission of data to and from the company’s network. Some browsers, such as Opera (https://www.opera.com/), have the option of adding on a “VPN” feature which is technically just an encrypted proxy server since it only applies to internet connections from that browser and not from other apps and programs on the user’s computer that do not use the browser. It is, however, a free and easy way to utilize a VPN-like feature when using public wi-fi for browsing.

Are free VPN services safe to use?
The vast majority of free VPN services should not be trusted as they are likely logging your browsing data and selling it or have poorly designed and unsafe or slow systems. A few are trustworthy but typically limit the free use to a very small amount of data per month since they want to sell you their service for more access.

Are apps (instead of browser access) for banking and other services safer to use on public wi-fi?
It depends on the design of the app, but it should be. If properly designed, it should function like HTTPS or a VPN for an encrypted connection to the secured server for the service. It is still recommended by most security experts to only access apps for sensitive services with cellular data rather than public wi-fi since you do not know if the security of the wi-fi service itself has been compromised in some way by a hacker. Cellular data is not impossible to intercept in a way that can be decrypted, but it is a lot more complicated to do so.

For more information:
There is good information from organizations that research and report on security and privacy products. One example is https://proprivacy.com/
Another example is https://thewirecutter.com/blog/internet-security-layers/

Posted by Joe Callison

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.