Public WiFi is quite convenient. Just log on and you’re connected to fast internet access whether you’re at a cafe, lounging around a hotel, or even in another country.
But that convenience might come at the cost of your privacy, and the loss of privacy can lead to even worse repercussions, such as personal embarrassment, identity theft, or financial loss. Fortunately, if you understand the risks you have several choices for how to avoid them.
When connected to any WiFi network, every packet of data that goes in or out of your computer goes through a router, much like the one you have a home. But when you’re out, about, and connected the router is owned by someone you don’t know, running software you can’t be sure of, and may have been hacked or infected with spyware that even the owner doesn’t know about.
And even if the WiFi router doesn’t have any intentional or unintentional spyware on it, the ISP who is providing connectivity to that router knows *a lot* about where you go and what you do online. For example, Starbucks partners with Google and Level 3 Communications to provide WiFi in its stores, meaning three different companies are collecting your traffic data via one WiFi connection. This can be problematic for those dealing with sensitive financial, medical, or otherwise personal data and information.
These companies will track your activity while on their WiFi networks, and they can use your data to build a profile of you in order to show you targeted ads. They also may sell information to third parties who can use your data for whatever reason they see fit.
Beware of Imposters
Things could, however, be even worse than that. You might think if you’re using WiFi at a national-brand coffee shop or an international hotel chain, but you may be using a WiFi router that some hacker has running on their laptop or in a closet without even knowing it.
Remember how you got to choose the name of your WiFi network at home? Anyone can sit down at a Starbucks and make their own WiFi network offer their own ‘Starbucks’ WiFi. Same goes with the guy in the room next to you at the Hilton.
There is no way to know if a WiFi network is safe, which is why you need to take steps to protect yourself.
How to Protect Your Privacy on WiFi
Fortunately, it’s not that hard to protect yourself completely, so you can feel good connecting wherever you are. Here are your options:
Option 1: Use a VPN
A VPN encrypts all data coming in and out of your computer, protecting you from prying eyes, and ensuring you can browse the internet with the confidence that your personal data is secure.
To use it, you install a VPN application on your computer, phone, or tablet, turn it on, and then connect to the WiFi network (or any network). Everything you do on your computer will (should) work as it did before you turned on the VPN, but an extra layer of privacy and security protection has been added.
Here’s how it works: Every packet of data goes in and out through the VPN. This means your request (typing in a URL) is encrypted on before it leaves your device, and sent to the VPN company’s servers (somewhere else on the internet) before it’s decrypted and sent off to its destination (the website identified in the URL). Then, the web page from that site is sent to the VPN server, it’s encrypted and sent to you, where your VPN decrypts it and hands it off to be displayed in your browser.
The best analogy for a VPN is an envelope. If you write a note on a postcard, the mailman and anyone else who handles it can read the note. If you put it in an envelope, nobody can read it until it gets to the recipient. A VPN is an envelope for the traffic going in and out of your computer, and the WiFi router and your ISP are the mailmen you don’t want to read your letters.
There are a lot of VPNs on the market and they’re relatively inexpensive (DON’T use a free one), slow down your connection just a tiny bit (most people will never notice), and are usually trouble-free. There can be websites or services that don’t get along with any particular VPN, which is why sometimes it’s necessary to disable them to get a particular site or app to work. (Read some of our other articles such as our overview on what a VPN is, for more information on the issues you may face when using a VPN.)
We think everyone should have and use a VPN in order to safely use WiFi wherever you go. For people who are particularly security or privacy conscious, deal with particularly sensitive information, or are just high-risk individuals, the choice is even clearer; you need a VPN for uses beyond public WiFi.
Option 2: Personal Hotspot (tethering)
A better option than WiFi, from a privacy and security viewpoint, is to simply tether your laptop to your cell phone or tablet.
Tethering borrows your phone’s internet connection. For many people, this is a fast and secure connection to the internet, and if you have an unlimited data plan (or a large one), there is no downside to using your phone connection and avoiding WiFi altogether.
If you are going to sit for a few hours or use a huge amount of bandwidth, then yes connect to the WiFi – but use a VPN.
Option 3: Stick to ‘Secure’ Websites
Do you know that little lock icon that shows up next to the website URL in your browser window? That little lock tells you that you’re (mostly) safe on the website you’re on even if you’re connected to WiFi – especially in cases where you just can’t use a VPN (or have to temporarily disable it) or your personal hotspot.
The lock icon means your connection to that particular website is encrypted via HTTPS.
The good news is that most websites, and certainly all websites that handle sensitive data – banks, e-commerce shopping carts (especially on payment pages), etc. – now use https by default. Extensions like DuckDuckGo and HTTPS Everywhere ensure that you always use https on sites that offer it as an option even if you click on the HTTP version of it.
If using HTTPS encrypts the important sites, why do you ever need a VPN? Two reasons:
- First, not all sites use HTTPS now even though the percentage of sites using it is now very high.
- Second, HTTPS encryption only kicks in after you’re connected to a website. This means browsing without a VPN and relying on HTTP allows the WiFI router (and it’s owner or any malicious software it’s hosting) to at minimum see the websites and app servers you connect to – and that alone can reveal compromising information.
Some people think HTTPS is enough, and are less concerned about using VPNs that they might have been years ago when HTTP was less prevalent. While we think this automatic encryption is great, we don’t agree that the coverage is sufficient to stop using VPNs which guarantee that 100% of your inbound and outbound traffic will remain private. It may require a slight difference in how you connect to public WiFi in the future but the privacy tradeoff is worth it.
We should also note that if your browser alerts you to a security issue with a site (usually by displaying a warning before reaching the site), you should navigate away from the site as soon as possible.
Bonus Tip: Use a Fake Email
Many public WiFi hotspots ask you to input your email address to access the network. Though an email address may be required, there is rarely a reason why you should give them your real one. When you enter your email to sign into public WiFi, it’s likely your information is recorded and potentially cross-referenced with other online accounts and with the data that’s collected as you’re connected on the network. This helps companies and eavesdropping hackers build a profile of your online activity and habits. Even worse, if your email address falls into the hands of a bad actor, it can be used to help break into other services like your banking and social media accounts.
Using a fake email address ensures that any data collected by the network’s administrators is much harder to link to your main email account or other online profiles.
Final Thoughts on Public WiFi
Broadly available fast public WiFi is a miracle, and we don’t want to go back to the days when it was rare. We take advantage of it all the time, and expect you will too. Just remember three things:
- Get yourself a good VPN, use it, and there are no problems or risk with WiFi at all.
- For quick connections, or when you’re just not comfortable with the provider, learn how to tether to your cell phone and take advantage of that option.
- In the worst case, when you just have to use WiFi and have no VPN available, make sure you see the lock associated with secure web pages on the sites you visit before entering anything close to private information.
To learn more about how to set up a VPN or how you can ensure your browser is keeping your information secure, download the Priiv App which will give you detailed instructions.