We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!

Is Communal Free Wi-Fi Secure?

Options
2

Comments

  • km1500
    km1500 Posts: 2,790 Forumite
    1,000 Posts Second Anniversary Name Dropper
    you don't need a vpn
  • [Deleted User]
    [Deleted User] Posts: 0 Newbie
    100 Posts Name Dropper Photogenic
    edited 23 August 2023 at 12:24AM
    Newcad said:
    (I have to laugh when I see pubs, cafes, etc. with their wifi name and password posted on the wall for customers to use, security wise they might as well just change the wifi name to the same as the pub/cafe and set it not to need a password, easier for the customers too).
    The reason they generally do it is to prevent freeloaders on their Wi-Fi i.e. non-customers not security considerations.

    I've been in cafés where they actually printed off logins and others where they simply changed the password daily. 

  • km1500 said:
    as I have mentioned on these forms before when it comes to using public Wi-Fi like for example at Starbucks the risk is not whether you need to enter a password or not as most websites use https and everything is encrypted anyway

    the risk is that you look at the Wi-Fi networks available and connect to 'Starbucks Free Wi-Fi' not knowing that that is not the real Starbucks wi-fi but some guy in the corner with a PC and a hot spot pretending to be Starbucks and you are connecting to him not Starbucks. If that's happens all bets are off

    He's still going to struggle to issue a valid certificate for the website of a clearing bank that the https client will accept though, without somehow first compromising the device and getting his own root CA accepted by it.
    Proud member of the wokerati, though I don't eat tofu.Home is where my books are.Solar PV 5.2kWp system, SE facing, >1% shading, installed March 2019.Mortgage free July 2023
  • Doshwaster
    Doshwaster Posts: 6,321 Forumite
    Part of the Furniture 1,000 Posts Name Dropper
    There are some cases where a VPN is required but most of the time the VPN companies are taking advantage of people's paranoia.  The risks of using a legitimate website with https are extremely low. 

    Good video explaining this: https://www.youtube.com/watch?v=WVDQEoe6ZWY
  • Newcad
    Newcad Posts: 1,775 Forumite
    1,000 Posts Second Anniversary Name Dropper Photogenic
    edited 30 April 2024 at 5:24PM
    Newcad said:
    (I have to laugh when I see pubs, cafes, etc. with their wifi name and password posted on the wall for customers to use, security wise they might as well just change the wifi name to the same as the pub/cafe and set it not to need a password, easier for the customers too).
    The reason they generally do it is to prevent freeloaders on their Wi-Fi i.e. non-customers not security considerations.

    I've been in cafés where they actually printed off logins and others where they simply changed the password daily. 


    Again what's the problem?
    It doesn't cost them any more for their unlimited broadband whether non-customers are using the wifi or not.
    They'd have to be sat nearby somewhere, probably outside, to even connect to it.
    PS. My last flat was next door to a pub and I used their (passworded, posted on the wall) wifi while I was living there, except for during covid when they were closed so I tethered through my phone instead.
    They were fine with that even though I didn't drink in there, it wasn't costing them anything extra but it saved me plenty..
  • Doshwaster
    Doshwaster Posts: 6,321 Forumite
    Part of the Furniture 1,000 Posts Name Dropper
    edited 30 April 2024 at 5:24PM
    Newcad said:
    Newcad said:
    (I have to laugh when I see pubs, cafes, etc. with their wifi name and password posted on the wall for customers to use, security wise they might as well just change the wifi name to the same as the pub/cafe and set it not to need a password, easier for the customers too).
    The reason they generally do it is to prevent freeloaders on their Wi-Fi i.e. non-customers not security considerations.

    I've been in cafés where they actually printed off logins and others where they simply changed the password daily. 


    Again what's the problem?
    It doesn't cost them any more for their unlimited broadband whether non-customers are using the wifi or not.
    They'd have to be sat nearby somewhere, probably outside, to even connect to it.
    PS. My last flat was next door to a pub and I used their (passworded, posted on the wall) wifi while I was living there, except for during covid when they were closed so I tethered through my phone instead.
    They were fine with that even though I didn't drink in there, it wasn't costing them anything extra but it saved me plenty..

    A bit of web browsing probably wouldn't bother them but I can't see them being happy if you were hogging their bandwidth with heavy usage or if they got raided by the police for something dodgy you had done using their connection. 
  • Username03725
    Username03725 Posts: 525 Forumite
    Fourth Anniversary 500 Posts Name Dropper
    edited 30 April 2024 at 5:24PM
    Newcad said:
    Newcad said:
    (I have to laugh when I see pubs, cafes, etc. with their wifi name and password posted on the wall for customers to use, security wise they might as well just change the wifi name to the same as the pub/cafe and set it not to need a password, easier for the customers too).
    The reason they generally do it is to prevent freeloaders on their Wi-Fi i.e. non-customers not security considerations.

    I've been in cafés where they actually printed off logins and others where they simply changed the password daily. 


    Again what's the problem?
    It doesn't cost them any more for their unlimited broadband whether non-customers are using the wifi or not.
    They'd have to be sat nearby somewhere, probably outside, to even connect to it.
    PS. My last flat was next door to a pub and I used their (passworded, posted on the wall) wifi while I was living there, except for during covid when they were closed so I tethered through my phone instead.
    They were fine with that even though I didn't drink in there, it wasn't costing them anything extra but it saved me plenty..
    It’s more to entice customers in, who are then more likely to spend money in there. Until 100% of passers-by are openly freeloaders it’s beneficial to a business to offer free wifi where you need to go to serving counter to see the password. They don’t stick it on the outside of the building for a reason. 
  • km1500
    km1500 Posts: 2,790 Forumite
    1,000 Posts Second Anniversary Name Dropper
    edited 24 August 2023 at 7:20AM
    km1500 said:
    as I have mentioned on these forms before when it comes to using public Wi-Fi like for example at Starbucks the risk is not whether you need to enter a password or not as most websites use https and everything is encrypted anyway

    the risk is that you look at the Wi-Fi networks available and connect to 'Starbucks Free Wi-Fi' not knowing that that is not the real Starbucks wi-fi but some guy in the corner with a PC and a hot spot pretending to be Starbucks and you are connecting to him not Starbucks. If that's happens all bets are off

    He's still going to struggle to issue a valid certificate for the website of a clearing bank that the https client will accept though, without somehow first compromising the device and getting his own root CA accepted by it.
    what they normally do is see what the customer is trying to connect to for example their Gmail account or whatever and then put up a false Gmail account login page and watch the person type in their username and password. I agree there is the 2fa problem to get around if that has been implemented.

    or they just run in intercept mode passing everything on but watching
  • pjread
    pjread Posts: 1,106 Forumite
    Part of the Furniture 1,000 Posts Combo Breaker
    RealGem said:
    Thanks I already bought NordVPN as it was cheaper than ExpressVPN in case I were to continue it after a month. But will a VPN still protect me from a copycat hacker who names a connection similar to the one others locally are using?

    Thanks 
    Yeah a VPN tunnels between you and the VPN endpoint, so even if they do capture something at the router it should* be encrypted.  Of course, you then have to trust the VPN provider...

    (*strictly speaking you can have an unencrypted VPN but that has no privacy use and I doubt there's a consumer service that offers this)
  • 400ixl
    400ixl Posts: 4,482 Forumite
    1,000 Posts Third Anniversary Name Dropper
    edited 24 August 2023 at 7:42AM
    Yes, NordVPN will create an encrypted tunnel within any wifi connection. It will stop most man in the middle type attacks where they are attempted at the local wifi end.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 350.9K Banking & Borrowing
  • 253.1K Reduce Debt & Boost Income
  • 453.5K Spending & Discounts
  • 243.9K Work, Benefits & Business
  • 598.8K Mortgages, Homes & Bills
  • 176.9K Life & Family
  • 257.2K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16.1K Discuss & Feedback
  • 37.6K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.