…and what you should discuss with your children about this convenience
Free WiFi is great. It’s convenient, it’s prevalent and it’s simple to use. You don’t have to pay anything. At least that’s how it’s marketed. Free WiFi is often affiliated with the company or organisation you are interacting with – for example, a coffee shop, a train station, university campus, or an airport.
What’s in it for them? Why should anybody offer free WiFi to the public. How do they make money? What is their business model? And more importantly are there any risks that you should be worried about for your children who choose to use these free public WiFi connections (also known as hotspots).
We’ll look at these in a bit more detail today but first let’s look at the kinds of things that you should recommend your children not to do on free public WiFi connections.
Avoid: Logging into or checking their bank account
Avoid: Paying a bill using their bank cards or credit cards
Avoid: Using email to send important documents or files
Avoid: Using apps that rely heavily on your identity, such as Facebook or LinkedIn
Avoid: Sharing any personally identifiable information – anything that has their name, phone number, address, or photo
We’ll see why doing these things on free Public WiFi is not such a great idea.
What happens when you connect to a free public WiFi
To answer this question, let’s start with an analogy. Let’s think of a door.
A good example to think of would be the x-ray body scanners at airports. Some are manned and some are unmanned. Your internet traffic goes through similar doors (called access points, routers or gateways). Now if you are scanned as you do at the airport, they can easily tell what you are carrying on your person, for example, your belt with a metal buckle, your wristwatch or your jewellery for example.
It’s the same with Free Public WiFi hotspots. They can tell, even if in an imprecise way, what you are doing on your phone or laptop whilst you are connected to their free WiFi. When you open a website, use your apps on the phone, login to your bank website, or send an email, your traffic is passing through their doors and in almost all the cases, this traffic is open and unsecure, which means that anybody with the technical capability to snoop on your activities, can collect your data, your passwords, your bank card details and your identity.
Not only does this expose your private data to others in the vicinity (what’s known as a man in the middle attack) but also gives the company that owns and operates the free WiFi, complete access to your metadata such as your mobile phone’s unique identifier, what pages you visit, the apps you use, and how long you stay on their network. This can also be taken to the extreme to determine such things as what other phones and devices are present around you when you are connected to their WiFi, which can be used to draw relationship inferences.
For example, if it’s a train company’s WiFi, they can tell that you travel frequently with an iPhone at certain times and days of the week with your regular companions, and you spend an hour using the train’s free WiFi and visit The Times newspaper website whilst also looking at houses to buy or cars to purchase.
All of this information can be packaged and sold on to data brokers. They can in turn sell it on to the highest bidder. This is how the company that offers free WiFi makes its money. It may also get paid by advertisers and other interested parties who wish to reach a ready audience on the free WiFi’s webpage. Advertisers can then push notifications, advertisements, marketing emails and suggestions to you.
How does this differ from my home WiFi?
When you are connected to your home internet using WiFi, you will most likely have provided a password, and there are various standards that enforce different levels of security for your WiFi traffic at home such as WEP, WPA etc. We are not suggesting that these password-protected security measures are fully safe, but they are a lot safer than the open, unsecure, free public WiFi.
So, going back to our analogy, when you are connected to your home WiFi using a password, you are walking through your own door but you are also encased in protective clothing. There is a possibility that your internet traffic may still be intercepted by others but what they will most likely find is secure and encrypted internet traffic.
For example, they won’t be able to tell that you are carrying a belt or jewellery or metal on your person but they may still be able to see that you are carrying something. Securing your personal WiFi internet traffic at home won’t make it invisible but it does make it difficult for people (who may want to intercept it and read it in the middle) to make sense of it.
Let’s now look at each of the scenarios and discuss why doing these things on a free Public WiFi is not a great idea.
Logging into or checking your bank account on public WiFi
You might assume that your bank’s website is safe and secure, and in most instances you would be right. The issue is not so much the bank’s website, but the network you are connected to, to access your bank’s website.
Even if your bank’s website is safe and secure and even if you can see a padlock in the browser’s address bar (which is an indicator that your website uses encryption to send and receive data), you cannot be certain that the free WiFi network you are connected to is safe.
You cannot also be certain that you are actually connected to the intended free WiFi network. It can easily be an imposter (known as an evil twin) with a similar sounding WiFi name and similar looking logo. It is also not very difficult to push unwanted and unsafe software (known as malware) to your machine when you are connected to an unsecure WiFi network.
If you end up at an evil-twin website that looks just like the real website, you might go through the routine of logging into WiFi as you would with the real website whilst not considering the risks of automatic malware installation on your device.
For example, you might see your browser window open automatically after you connect to the free WiFi and you may be asked to click on a button to start browsing the internet. Voluntary actions such as clicking a button on an evil-twin website could push (force an automatic download) and run a piece of software on your device maliciously. This malware can then sit back and capture all your keystrokes over a number of days/weeks/months and send all of this information to a remote server.
This is not an everyday occurrence and more often than not, you won’t see such behaviour on free WiFi networks but nonetheless, it’s not a great idea to do your banking whilst connected to unsecure public networks. The impact of losing access to your internet banking website, your money, and your personal data can be severe.
Paying a bill using bank cards or credit cards
Similar logic applies here. If the likelihood of interception is high, you really should not be typing your 16 digit bank or credit card numbers whilst connected to free public WiFi.
Using email to send important documents or files
Use caution with important documents, such as your bank statements, or anything that is confidential or commercially sensitive. If you don’t want to risk losing this data, it might be better not to send these out over email whilst connected to a free public WiFi.
Using apps that rely heavily on your identity, such as Facebook
Services that store data associated with your identity such as your name, your photos, your friends, and your education, employment and address history, should be used with caution on free WiFi networks. The risk of identity theft is very real on unsecured networks.
For example, a malicious person would typically need 3 pieces of personal information to be able to assume somebody else’s identity for financial fraud. Social networking sites are fertile grounds for such data. If your full name, date of birth and address history were all available on one site or app and you happen to interact with these data records on unsecure networks, you are giving the attacker the best possible chance to commit identity theft.
Sharing personally identifiable information such as your photo, your name, your phone number or your address
Similar logic applies here. For reasons discussed above, it is not a good idea to share documents that contain your photo, your address details, or your phone number whilst connected to an unsecure free public WiFi. It’s very easy to combine these to build a picture of who you are and what you do, which is precisely what’s needed to steal your identity.
What can you do to keep safe on free public WiFi networks
Get yourself a better data plan through your mobile operator, so you don’t have to rely on free public WiFi. If you can’t, at least do the following..
Install an up-to-date antivirus and firewall on your device
Speak to staff to confirm the exact name of the WiFi network so you don’t end up connecting to its evil-twin
Read the fine print before clicking “I agree” on free WiFi sign-up pages
Try not to use apps that use your camera, your contacts, your location or storage media
If you are using a laptop, turn off file sharing. You don’t want others on the free public WiFi to browse your computer’s hard drive.
Check for the presence of https:// and a padlock on website addresses in your browser
Install a VPN (Virtual Private Network) client on your device, which will encrypt all of your traffic on public WiFi