public_wi-fi
Differences
This shows you the differences between two versions of the page.
Next revision | Previous revision | ||
public_wi-fi [2019/08/04 07:17] – created neil | public_wi-fi [2021/07/06 09:26] (current) – external edit 127.0.0.1 | ||
---|---|---|---|
Line 1: | Line 1: | ||
=====Using public Wi-Fi===== | =====Using public Wi-Fi===== | ||
It can often be convenient to connect to public Wi-Fi. But bear in mind that you are connecting to a fundamentally untrusted third party network. | It can often be convenient to connect to public Wi-Fi. But bear in mind that you are connecting to a fundamentally untrusted third party network. | ||
- | ====What data do you have to provide?==== | + | ====Key points:==== |
- | Collecting information for access — do you need to give over your name and other details? | + | * [[#Provide fake details where you can|Provide fake details where you can]] |
+ | * [[#If you have to give an email address, using a unique one|If you have to give an email address, give a unique one]] | ||
+ | * [[# | ||
+ | * [[#Run a VPN over the connection, as soon as you can|Run a VPN over the connection, as soon as you can, or use Tor]] | ||
+ | * [[#Connect using your phone instead|If in doubt, don't connect: tether your phone instead]] | ||
- | You might get away giving a fake name. | + | ====Provide |
+ | You'll often be asked for your title, | ||
- | If you need to sign up with an email address, use a [[unique_email_addresses|unique email address]] for that service. | + | If you can get away with giving fake details (i.e. you can be comfortable that you are not committing |
- | ====What data do they collect? | + | (Alternatively, |
- | What are they doing with your data? Selling it? | + | |
- | Reading | + | |
- | ====Encrypted? | + | |
- | Is the network encrypted? Not all public Wi-Fi networks encrypt the communication between your computer or phone and the wireless access point which broadcasts the Wi-Fi signal. | + | |
- | ====Who is the operator? | + | |
- | Even if the connection is encrypted, how do you know that it is not some rogue third party operating the access point? | + | |
- | Anyone can set the broadcast name of a Wi-Fi network | + | ====If you have to give an email address, using a unique one ==== |
+ | If you need to sign up with an email address, use a [[passwords# | ||
- | But if anyone can set any network name that they want, how do you know that the network called “Starbucks”, | ||
- | ====Automatic connections==== | + | ====Don't let your devices join public Wi-Fi networks |
- | If you permit | + | |
- | ====Captive portals==== | + | |
- | Wi-Fi which requires a login page (a “captive portal”): requires you to connect to it without going through your VPN, you’ll need to connect to their login page directly. | + | |
- | You will need to communicate with a “captive portal” without connecting to the VPN, and that give an opportunity for a malicious actor to acquire information from your device, or see where your device is trying to send traffic. | + | Even if the connection is encrypted, you cannot be sure that it is a " |
- | ====VPN==== | + | |
- | If you do want to rely on the Wi-Fi, probably want to run a [[virtual_private_networks|VPN session]] over it. Or you could use [[tor|Tor]]. | + | |
- | But, for the reasons discussed above, particularly | + | So even if you see a network called “Starbucks”, for example, it might not be operated by Starbucks, and could just be someone sitting with a device in their bag, pretending to be the Starbucks network, trying to capture the traffic you send across their network. |
+ | |||
+ | If you permit your device to connect automatically to known networks, it may connect to a rogue network, and start sending data over to an unknown third party before you even realise it. | ||
+ | |||
+ | When you join a network, your operating system may prompt you to say if you want to " | ||
+ | |||
+ | For example, in macOS, you need to untick | ||
+ | |||
+ | {{: | ||
+ | |||
+ | ====Run a VPN over the connection, as soon as you can==== | ||
+ | If you do want to use the Wi-Fi, run a [[virtual_private_networks|VPN session]] over it. Or you could use [[tor|Tor]]. | ||
+ | |||
+ | Some Wi-Fi networks block VPNs, and some block Tor. In those cases, don't use that Wi-Fi network — why would you want to trust a network which is trying to stop you operating securely? Consider [[#Connect using your phone instead|tethering]] instead. | ||
+ | |||
+ | ===Wi-Fi which requires a login may not work if you use a VPN=== | ||
+ | Wi-Fi which requires a login page (a “captive portal”) may not work if your VPN is attempting to connect automatically. Typically, a captive portal requirse you to connect to it without going through your VPN, as you need to connect to their login page directly. | ||
+ | |||
+ | If you need to communicate with a “captive portal” without connecting to the VPN, that gives an opportunity for a malicious actor to acquire information from your device, or see where your device is trying to send traffic. | ||
+ | |||
+ | The best approach is to avoid these hotspots. | ||
+ | |||
+ | ====Connect using your phone instead==== | ||
+ | |||
+ | If you do not trust the network less than you trust your mobile network operator, you may be better off connecting your computer to the Internet via your phone' | ||
+ | |||
+ | You might want to run a [[virtual_private_networks|VPN]], | ||
+ | |||
+ | You can normally tether via a USB cable, or else over Wi-Fi or Bluetooth. Using Wi-Fi or Bluetooth has the advantage that you can leave your phone in your pocket, but it comes at the cost of draining your // | ||
+ | |||
+ | ===Tethering on iOS === | ||
+ | |||
+ | If you use an iPhone or iPad, rather than calling it " | ||
+ | |||
+ | Guidance for setting it up is [[https:// | ||
- | Good guidance from the National Cyber Security Centre: | ||
- | https:// | ||
- | ====Alternatives: | ||
- | May be better off connecting to your phone, rather than relying on some questionable Wi-Fi. Depending on how much you trust your mobile phone provider. | ||
public_wi-fi.1564903040.txt.gz · Last modified: 2021/07/06 09:26 (external edit)