Reply To: 10 Dec 16 – Public Wi-Fi is dangerous
For more information on this topic, you may wish to read the article posted over at c|net by Laura Hautala.
I’d like to present an opposing viewpoint. I don’t think public Wi-Fi is substantially more dangerous than being on your own home Internet connection. If you’re performing sensitive operations without encryption, it doesn’t matter if that link is your home or public Wi-Fi, it’s still equally dangerous and dumb. The medium doesn’t change anything, if you’re banking, filling out your tax report, or accessing your online email (e.g. Gmail) without encryption/HTTPS, you’re doing it wrong. If you’re doing any of those things (or anything sensitive), and you get a certificate warning, do no proceed, it’s likely the Wi-Fi operator is mounting MitM attacks. (And again, really applies to usage at home too.) You should be keeping your device (tablet, phone, laptop, etc.) and apps up-to-date anyway, and that will handle the case of attackers gaining a beachhead on your device due to a vuln in your OS or apps. If you’re really worried that your home router is providing some sort of firewalling that your host itself can’t, there are often alternatives you can put on your host, such as ufw and/or AppArmor for Linux, or ZoneAlarm for MS Windows. If you’re really uncomfortable with even your IP metadata being revealed, you can minimize that by subscribing to an encrypted tunnelling service such as Tunnel Bear.
Unreasonable T&C, we really can’t do anything about. Again, if you’re genuinely concerned, you can take the time to read them and refuse to partake if you see something like “we reserve the right to tap your emails and brick your mobile.” What I’d really like to see is legislation which enacts a common set of rules and which also specifies that any additional rules of a specific operator are null and void. That would eliminate all these per-operator agreements which take substantial time to read, so that people wouldn’t have to do that everytime.