Yes, the public hot spot can put our privacy at risk. But it is a risk mostly limited to the knowledge of the sites we visit. And you can parry in various ways. Be careful not to be alarmed
Many do not know that if we connect to a public Wi-Fi there is a privacy risk, that the manager of the hot spot – a b & b, a hotel … – can read the sites we access.
The theme is certainly current, especially in the holiday period, perhaps abroad, where we tend to connect where it happens to save GB and money. Outside Europe, it may be necessary.
But the question is less trivial than it may seem. Correct to inform about the risks, but it is not to be alarmed, perhaps to sell a VPN to anyone who passes by. Yes, because the internet is no longer than 10-15 years old and almost all sites and services use encryption (typically SSL). Even chats and before Edward Snowden was absolutely not normal, so the Wi-Fi manager doesn’t read our private messages by default.
The privacy risks of public Wi-Fi
“If the sites are in HTTPS, the Wi-Fi manager can only see the IP addresses of the sites we access”, explains Paolo Dal Checco, a well-known IT security expert. “But there is also the DNS question, which if it is in the clear does not show the exact address but the name of the site,” he adds.
In short, if the site is HTTPS, as is likely, the risk is still limited. They will see that we have navigated to a health site but not the specific page that talks about a certain disease, for example. If the site is dedicated to that disease, however, the manager will have our sensitive information.
Even in other cases (religion, sexual orientation), however, general domination can reveal too much about us.
Solutions: encrypted VPN and DNS
“ VPN is the best solution in these cases, for example with the Opera browser you have one integrated. Or you can install a free one like Proton ”. “You can’t customize them much, for example, to select the exit node, but they are more than good for these purposes”.
We can also browse with secure DNS, via Tls or HTTPS (two different encryption standards). For example that of Cloudflare 126.96.36.199. The advantage is that if we don’t have a VPN, you can’t see the site name.
Browsers on computers and smartphones generally allow you to activate the “Secure DNS” option with a few clicks, among the security options. Likewise, they have options to force HTTPS (where available). There are also extensions for this purpose, such as HTTPS everywhere.
Dal Checco recommends using a secure VPN and DNS together from public hot spots.
- If we only have secure DNS, the IP address of the sites (not the name) is still visible
- If we only have a VPN, privacy is exposed to the manager of the VPN.
What about passwords? Malware?
When it comes to passwords, calm and cool. They only come out in the clear if there is not even HTTPS. But if a site without HTTPS asks us to log in, the problem is upstream: let’s turn away. With or without public Wi-Fi. It is probably a scam (a fake of that of the bank for example).
Pure serious apps and software now use password encryption. They can’t sniff it so easily over Wi-Fi (from hot spots run or hacked by criminals).
Dal Checco confirms: “now the software and app passwords travel all encrypted with a certificate wired into the software, the so-called pinned certificate, and therefore cannot be intercepted”.
Many sites now also mention the danger of malware spreading via public hot spots with the file sharing service, but – as Giorgio Sbaraglia, Clusit explains – it is an outdated warning; now when you access a public hot spot that service is disabled (unlike when you are on a private network).
In short, it is good to warn of the risks of public Wi-Fi, but they must be limited. To say that they can steal our passwords and maybe even money from the account, without contextualizing, is alarming only useful for selling a few more VPNs.
Catch up on more articles here
Follow us on Twitter here