We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
Protection on public wifi ?
Comments
-
so I got this yesterday for Firefox
https://getcocoon.com/
do you reckon it might actually add more security? or not really? Thoughts?
Avast also has an extra Wifi protection option which costs £49, I might get it for extra security in the long run. For reasons which are a bit long to explain, I am always on the move and have a small online business so being able to use the Wifi while I'm out would be great0 -
I agree but can anyone see even the passwords you enter when you log into your email (even though when you type passwords you only see asterisks yourself, not the actual password) ?
The asterisks are the browser, nothing to do with the connection. It still knows your password.
If the site you are connecting to uses HTTPS (or anything other protocol that sets up TLS first) then anyone eavesdropping on your public wifi connection will only be able to see a lot of encrypted data being exchanged with the remote server. However, one risk remains which is that the public wifi provider issues its own certificates for the sites you connect to so intercepts your data. Your device should warn you that the certificate is not for the correct site, or not issued by a trusted authority, but I've no idea how prominently this information is displayed by mobile devices.
If you're using a computer provided by the cafe rather than your own device, then they can intercept everything as they have complete control - they can run their own CA generating their own certificates and set all their computers to trust it using group policy. Large companies also do this so they can monitor encrypted communication going in and out of their network.Proud member of the wokerati, though I don't eat tofu.Home is where my books are.Solar PV 5.2kWp system, SE facing, >1% shading, installed March 2019.Mortgage free July 20230 -
onomatopoeia99 wrote: »The asterisks are the browser, nothing to do with the connection. It still knows your password.
If the site you are connecting to uses HTTPS (or anything other protocol that sets up TLS first) then anyone eavesdropping on your public wifi connection will only be able to see a lot of encrypted data being exchanged with the remote server. However, one risk remains which is that the public wifi provider issues its own certificates for the sites you connect to so intercepts your data. Your device should warn you that the certificate is not for the correct site, or not issued by a trusted authority, but I've no idea how prominently this information is displayed by mobile devices.
If you're using a computer provided by the cafe rather than your own device, then they can intercept everything as they have complete control - they can run their own CA generating their own certificates and set all their computers to trust it using group policy. Large companies also do this so they can monitor encrypted communication going in and out of their network.
I agree. So the the answers no unfortunately. And yes, your passwords can be read.
I've had the above problem myself when my laptop lost its WiFi router connection, so it switched to BT Phon (Public WiFi) mode and I got the message "Certificate is not issued by a trusted authority", which means anything sent can be read by anyone and there are no additional security steps one can take to stop this (sorry).0 -
I see, thanks for the feedback guys
what's your opinion of this, worth of shot buying it?
https://www.avast.com/en-gb/secureline-vpn0 -
WiFi for mobile devices is easily tricked into connecting to hacker networks instead of a real / "trusted" network. DO NOT use a mobile phone or tablet to do anything confidential like mobile banking, buying stuff etc. Use a wired network on a machine you can trust.
https://www.youtube.com/watch?v=2mcFlKtzZLw&index=283&list=LL5DjZTQVv82BweX8PjGIdHg0 -
Since you have mobile WiFi, use that for your sensitive log-ins.0
-
The issue is, that with the un-secured WiFi networks, the data between your device and the hot-spot is not encrypted between the devices (not even for HTTPS sites). Any encryption only happens betwen the router running the hot-spot and the website you are connecting to.
If you need a password to connect to the WiFi hot-spot, then the connection between the devices is encrypted fully.
We studied this on the 'Networking for beginers' module of the BSc in Computer Networking.Never Knowingly Understood.
Member #1 of £1,000 challenge - £13.74/ £1000 (that's 1.374%)
3-6 month EF £0/£3600 (that's 0 days worth)0 -
The problem with security is that (generally) the more convenient something is, the more insecure it is. So free, open wi-fi with no password at the coffee shop is very convenient but in no way secure. Given the vagaries of how the HTTPS/TLS system works, it is often possible for people on shared public wi-fi networks to see login details of other users sharing the connection, even if the login to the site is secured using HTTPS. This used to be the case with Facebook, you can Google "firebug" to read more about it.
Anyway, if you want to, you can make using public wi-fi hotspot much more secure by using a VPN client on your phone/tablet/laptop. This is non-trivial, but if you need to use secure services on public wi-fi hotspots, it's the only way to do it with any level of security. Essentially, the VPN (virtual private network) service creates a tunnel that encrypts everything from your phone right through to the site you are connecting to. This gets around the issues mentioned above regarding the wi-fi provider using their own Certificate Authority (CA) because your data is encrypted before it leave the device so the coffee shop's CA can only see jibberish and passes it along to your bank (or Facebook) unmolested.
Again, this solution require more work, but is the only way you should even attempt to do anything on public wi-fi. There are many that provide the service for a fee, PROXPN being the one that comes to mind (I have no affiliation, I use one I pay my hosting company for, but PROXPN advertise on the excellent Security Now podcast) and some that provide a basic service for free (Hotpsot shield).
Hope that helps.
Regards,
Sam0 -
- If your unhappy with the wi-fi provider then don't use the hotspot - end of story.
- IMHO if your using your own device (laptop etc) using a reputable location such as Starbucks (with BT wifi) then you should be ok.
- A VPN can help but point 1 still applies.
Hello
Is there any additional step to take to be protected on a public wifi i.e. coffee shop? Are Avast and Malwarebytes enough?
ThanksThis is a system account and does not represent a real person. To contact the Forum Team email forumteam@moneysavingexpert.com0 -
If you plan to check e-mail I would see if provider supports two factor authentication and get it enabled first. Personally I still wouldn't access e-mail.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 350.3K Banking & Borrowing
- 252.9K Reduce Debt & Boost Income
- 453.2K Spending & Discounts
- 243.3K Work, Benefits & Business
- 597.8K Mortgages, Homes & Bills
- 176.6K Life & Family
- 256.3K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards