Ah, public Wi-Fi. That magical tool that lets you surf the Internet at your favorite coffee house, bookstore or the mall. (Because nothing says cool like surfing at the food court.)
See also: Building A Raspberry Pi VPN Part One and Building A Raspberry Pi VPN Part Two
As much of a boon as using the Internet in public places can be, there are always risks involved whenever you are connected to a public network. Here are five steps you can take to help keep your public Web activities secure.
Beware Fake Wi-Fi
You sit down at the bookstore, fire up the laptop and lo and behold, you see the store’s network name (SSID). But wait, what’s this? An even stronger signal from an SSID that’s wide open. Strong signal equals better connection, so that’s the one you want, right?
Think again.
Known as a man-in-the-middle attack, that shiny new (and possibly free-of-charge) Wi-Fi signal may not belong to the store at all, but rather someone else in the store who has set up their own Wi-Fi router to attract people just like you. Once you’re using their signal versus the store’s, they can monitor all of your Internet traffic using special software that can easily discern things like login and password information.
I actually discovered someone doing this at the local Borders a few years back when there was a local Borders. The kid had even mimicked the store name with the SSID “Borders_1”. But I knew the real SSID and started looking around the stacks until I found him right in the middle of the store just sitting with his laptop.
Cities are particularly bad about this kind of thing because everywhere you go, there’s a Wi-Fi signal. My favorite: the “FREE-WIFI_Here” SSID my computer saw when staying at a Midtown hotel in Manhattan.
If you are not sure about what the store’s Wi-Fi SSID is, just ask, or look for a sign. Better to be sure than surf on someone else’s network.
You Don’t Know Where That’s Been
You grab a seat at the table, steaming coffee and a scone in hand. And on the floor under the table, you see a thumb drive. Ever the helpful citizen, you pick it up and boot your laptop with the intent to insert the drive and see if you can figure out who it belongs to.
Stop, helpful citizen.
That USB drive may in fact have been planted there, waiting for a Good Samaritan like you to pick it up and do exactly that. And instead of finding a file that says “This drive belongs to…” you will probably find trojan malware that will infect your machine so a hacker can get into it then, or later.
This is a method of breaking into your system that goes beyond public Wi-Fi, too. In 2011, the Department of Homeland Security conducted a study where they left USB drives and discs in the parking lots of government buildings. When found, 60% of the government workers – who really should have known better – plugged the drives into their office computer. If the thumb drive or CD case had an official logo, 90% of the workers would plug them in.
If you find a drive or CD somewhere public, and want to be helpful, turn it in to the nearest lost and found and let that be your good deed for the day.
Cowboy Up
In Westerns, the gunslinger always sits with his back to the wall – so as to avoid getting shot from behind when someone walked in the door spoiling for a fight.
That’s not a bad plan, when it comes to public Wi-Fi. If at all possible, find a seat where there’s no way someone can be behind you. You don’t want anyone looking over your shoulder or worse, recording you when you are typing in critical information.
Very occasionally, you may get someone who is desperate to use your computer or smartphone to check something on the Internet. Put your foot down and say no, even if they say it’s an emergency.
First, if its really an emergency, they should be calling someone, not communicating with Facebook or email. Second, even if you watch them to make sure they insert nothing into your computer, all it takes is a quick visit to a known malicious site on another browser tab to get your machine infected.
Don’t Login
I have a pretty standard rule of thumb about surfing in public: never conduct banking transactions or visit a credit card website account. If I absolutely have to, I will use my phone’s cellular connection to get to the bank Web site, but never with Wi-Fi I am just visiting.
But beyond that, I don’t sign into Facebook or Twitter in a public place, either. If I want to use those networks, or anything similar, I use an app on the phone that’s already signed in. That way, there’s nothing to spy on and see.
Surfing in public doesn’t have to be dangerous to your online identity, but you should always take care about your personal safety in a public place, and that includes your online activities.
Image courtesy of Shutterstock