So you’ve found your Starbucks location, you’ve hit the landing page and now it’s time to check your email and maybe fire off a Google Doc or two, right? Wrong. While free, public Wi-Fi is a treat, it’s also a great way for a hacker to invade your privacy and it exposes you to identity theft. So before you go anywhere online, let’s go over some “free Wi-Fi” basics:
1. You are not alone: Keep in mind that every laptop and smartphone user around you is probably on the same Wi-Fi network that you are. Anyone armed with the right software can become a master hacker, leaving you vulnerable to email snoops, Web traffic analysis, and general file snooping.
2. VPN: A virtual private network (VPN) is the best way to protect yourself when using a public Wi-Fi access point. A VPN encrypts all your Web traffic and blocks any potential snoopers sitting nearby from horning in on your privacy. Think of a VPN as a super-secure train tunnel that sends all your Web traffic through a secure server and then out to the rest of the Internet. Many corporate types should have private VPN access through their employer, but you can also download Hotspot Shield (for Macs and PCs) from AnchorFree at no charge. [From Ben: another site I’ve used is http://www.hotspotshield.com/] Hotspot Shield is an ad-supported VPN that works very well. The biggest downside to Hotspot Shield is that it places a banner ad at the top of every Web page you visit. You can easily close the ads by looking for the “X” on the top right corner of the banner. Hotspot Shield may also slow down your surfing speeds, but the added security is worth it. Tip: Using Hotspot Shield form overseas can often fool regionally restricted premium content sites for music and video. Unfortunately, Hotspot Shield is not smart enough to trick Hulu.
3. SSL email: If you’re checking your email on public Wi-Fi, the best thing to do is to make sure your Web mail is encrypted using HTTPS address header instead of the wide open HTTP. While many Web mail sites, like Yahoo Mail and AOL, use HTTPS to log you in, the encryption quickly disappears once you hit your inbox. So try using Gmail instead, which offers HTTPS security for every single part of Gmail and Google Docs. If you’re a Firefox user, another option is to download the HTTPS Everywhere plug-in created by the Electronic Frontier Foundation and the Tor Project. The HTTPS Everywhere extension encrypts your online activities when you visit a variety of sites, including Twitter, the New York Times, Google search, Wikipedia, and Facebook. But HTTPS Everywhere is not foolproof, and the EFF warns that it is not possible to encrypt all traffic. In my tests, for example, visits to Yahoo, Hotmail, and other Windows Live sites were not encrypted using the extension. So watch to see if the browser’s lock icon in the lower right corner is broken or has an exclamation mark. If it does, you’re not encrypted.
4. Common sense: Don’t forget that while you can encrypt some of your Web activities, no security system is perfect. So don’t use Starbucks’ free Wi-Fi for accessing sites that require your most personal information, such as credit card numbers, Social Security numbers, or banking information. Save that stuff for your encrypted home network.
(Those are the basics; to learn more, check out PC World’s article “How To Stay Safe on Public Wi-Fi http://www.pcworld.com/businesscenter/article/194062-1/how_to_stay_safe_on_public_wifi.html.” and “How To Secure Your Wireless Network http://www.pcworld.com/article/130330/how_to_secure_your_wireless_network.html.” for more information about home Wi-Fi security.)
Thanks to Ben Levi for passing this along.