🔒 Cybersecurity for lawyers

It can often be convenient to connect to public Wi-Fi. But bear in mind that you are connecting to a fundamentally untrusted third party network.

• provide fake details where you can
• if you have to give an email address, give a unique one
• don't let your devices join public Wi-Fi networks automatically
• run a VPN over the connection, as soon as you can, or use Tor
• if in doubt, don't connect: tether your phone instead

You'll often be asked for your title, name, and possibly even your address or other irrelevant information.

There's no law (in England) which requires this, and so the Wi-Fi hotspot operator is only asking for them because they are going to use them for something.

If you can get away with giving fake details, it's sensible to do so.

(Alternatively, you could read their terms of service, and their privacy notice, but there's no guarantee that they actually do what they say they do, and you're probably better of protecting yourself rather than relying on them anyway.)

If you need to sign up with an email address, use a unique email address for that service.

Even if the connection is encrypted, how do you know that it is not some rogue third party operating the access point?

Anyone can set the broadcast name of a Wi-Fi network — what is known as the SSID — to anything they like.

But if anyone can set any network name that they want, how do you know that the network called “Starbucks”, for example, is actually operated on behalf of Starbucks? It could be anyone, including someone just sitting with a device in their bag, pretending to be the Starbucks network, and capturing the traffic you send across their network.

If you permit your device to connect automatically to known networks, may connect to a rogue network, and start sending data over to an unknown third party before you even realise it.

When you join a network, your operating system may prompt you to say if you want to “remember” the network, or join automatically in future. If it doesn't prompt you, you may need to go into your computer's settings, and tell it not to connect automatically. If you don't do this.

If you do want to use the Wi-Fi, run a VPN session over it. Or you could use Tor.

Some Wi-Fi networks block VPNs, and some block Tor. In those cases, don't use that Wi-Fi network — why would you want to trust a network which is trying to stop you operating securely? Consider tethering instead.

Wi-Fi which requires a login page (a “captive portal”) may not work if your VPN is attempting to connect automatically. Typically, a captive portal requirse you to connect to it without going through your VPN, as you need to connect to their login page directly.

If you need to communicate with a “captive portal” without connecting to the VPN, that gives an opportunity for a malicious actor to acquire information from your device, or see where your device is trying to send traffic.

You might just want to avoid these hotspots.

May be better off connecting to your phone, rather than relying on some questionable Wi-Fi. Depending on how much you trust your mobile phone provider.