🔒 Cybersecurity for lawyers

User Tools

Site Tools

Trace:
public_wi-fi

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
public_wi-fi [2019/08/04 07:17] – created neilpublic_wi-fi [2021/07/06 09:26] (current) – external edit 127.0.0.1
Line 1: Line 1:
 =====Using public Wi-Fi===== =====Using public Wi-Fi=====
 It can often be convenient to connect to public Wi-Fi. But bear in mind that you are connecting to a fundamentally untrusted third party network. It can often be convenient to connect to public Wi-Fi. But bear in mind that you are connecting to a fundamentally untrusted third party network.
-====What data do you have to provide?==== +====Key points:==== 
-Collecting information for access — do you need to give over your name and other details?+  * [[#Provide fake details where you can|Provide fake details where you can]] 
 +  * [[#If you have to give an email address, using a unique one|If you have to give an email address, give a unique one]] 
 +  * [[#Don't let your devices join public Wi-Fi networks automatically|Don't let your devices join public Wi-Fi networks automatically]] 
 +  * [[#Run a VPN over the connection, as soon as you can|Run a VPN over the connection, as soon as you can, or use Tor]] 
 +  * [[#Connect using your phone instead|If in doubt, don't connect: tether your phone instead]]
  
-You might get away giving a fake name.+====Provide fake details where you can==== 
 +You'll often be asked for your title, name, and possibly even your address or other irrelevant information.
  
-If you need to sign up with an email addressuse a [[unique_email_addresses|unique email address]] for that service.+If you can get away with giving fake details (i.e. you can be comfortable that you are not committing an offencesuch as fraud), it might be sensible to do so.
  
-====What data do they collect?==== +(Alternatively, you could read their terms of service, and their privacy noticebut there's no guarantee that they actually do what they say they do, and you're probably better of protecting yourself rather than relying on them anyway.)
-What are they doing with your data? Selling it? +
-Reading their privacy policy. +
-====Encrypted?==== +
-Is the network encrypted? Not all public Wi-Fi networks encrypt the communication between your computer or phone and the wireless access point which broadcasts the Wi-Fi signal.  +
-====Who is the operator?==== +
-Even if the connection is encryptedhow do you know that it is not some rogue third party operating the access point?+
  
-Anyone can set the broadcast name of Wi-Fi network  — what is known as the SSID — to anything they like.+====If you have to give an email address, using unique one ==== 
 +If you need to sign up with an email address, use a [[passwords#use_a_unique_email_address_and_a_unique_password_for_every_site_and_service|unique email address]] for that service.
  
-But if anyone can set any network name that they want, how do you know that the network called “Starbucks”, for example, is actually operated on behalf of Starbucks? It could be anyone, including someone just sitting with a device in their bag, pretending to be the Starbucks network, and capturing the traffic you send across their network. 
  
-====Automatic connections==== +====Don't let your devices join public Wi-Fi networks automatically====
-If you permit your device to connect automatically to known networks, may connect to a rogue network, and start sending data over to an unknown third party before you even realise it. +
-====Captive portals==== +
-Wi-Fi which requires a login page (a “captive portal”): requires you to connect to it without going through your VPN, you’ll need to connect to their login page directly.+
  
-You will need to communicate with a “captive portal” without connecting to the VPNand that give an opportunity for malicious actor to acquire information from your deviceor see where your device is trying to send traffic. +Even if the connection is encryptedyou cannot be sure that it is "genuine" access pointand not one run by a rogue third partyAnyone can set the broadcast name of a Wi-Fi network — what is known as the SSID — to anything they like.
-====VPN==== +
-If you do want to rely on the Wi-Fi, probably want to run a [[virtual_private_networks|VPN session]] over it. Or you could use [[tor|Tor]].+
  
-But, for the reasons discussed aboveparticularly in the context of “captive portal” Wi-Fi, it is not perfect solution.+So even if you see a network called “Starbucks”, for example, it might not be operated by Starbucks, and could just be someone sitting with a device in their bag, pretending to be the Starbucks networktrying to capture the traffic you send across their network. 
 + 
 +If you permit your device to connect automatically to known networks, it may connect to a rogue network, and start sending data over to an unknown third party before you even realise it. 
 + 
 +When you join a network, your operating system may prompt you to say if you want to "remember" the network, or join automatically in future. If it doesn't prompt you, you may need to go into your computer's settings, and tell it not to connect automatically. 
 + 
 +For example, in macOS, you need to untick the box "Automatically join this network"
 + 
 +{{:screenshot_2019-08-04_at_17.53.09.png?400|}} 
 + 
 +====Run a VPN over the connection, as soon as you can==== 
 +If you do want to use the Wi-Fi, run a [[virtual_private_networks|VPN session]] over it. Or you could use [[tor|Tor]]. 
 + 
 +Some Wi-Fi networks block VPNs, and some block Tor. In those cases, don't use that Wi-Fi network — why would you want to trust a network which is trying to stop you operating securely? Consider [[#Connect using your phone instead|tethering]] instead. 
 + 
 +===Wi-Fi which requires a login may not work if you use a VPN=== 
 +Wi-Fi which requires a login page (a “captive portal”) may not work if your VPN is attempting to connect automatically. Typically, a captive portal requirse you to connect to it without going through your VPN, as you need to connect to their login page directly. 
 + 
 +If you need to communicate with a “captive portal” without connecting to the VPN, that gives an opportunity for a malicious actor to acquire information from your device, or see where your device is trying to send traffic. 
 + 
 +The best approach is to avoid these hotspots. 
 + 
 +====Connect using your phone instead==== 
 + 
 +If you do not trust the network less than you trust your mobile network operator, you may be better off connecting your computer to the Internet via your phone's data plan. This is commonly known as "tethering"
 + 
 +You might want to run a [[virtual_private_networks|VPN]], or use [[tor|Tor]], over the top of your mobile connection anyway. 
 + 
 +You can normally tether via a USB cable, or else over Wi-Fi or Bluetooth. Using Wi-Fi or Bluetooth has the advantage that you can leave your phone in your pocketbut it comes at the cost of draining your //phone's// battery more quickly. Connecting via cable is usually more reliable, but may drain your //computer's// battery more quickly, as it is probably charging your phone too. 
 + 
 +===Tethering on iOS === 
 + 
 +If you use an iPhone or iPad, rather than calling it "tethering", Apple calls it "Personal Hotspot". By default, this is turned off, but you can enable it in Settings / Personal Hotspot. 
 + 
 +Guidance for setting it up is [[https://support.apple.com/en-us/HT204023|here]].
  
-Good guidance from the National Cyber Security Centre: 
-https://www.ncsc.gov.uk/guidance/end-user-devices-common-questions 
-====Alternatives: tethering==== 
-May be better off connecting to your phone, rather than relying on some questionable Wi-Fi. Depending on how much you trust your mobile phone provider. 
  
public_wi-fi.1564903040.txt.gz · Last modified: 2021/07/06 09:26 (external edit)