Jack Ryan and Lauren Barr from our Intelligence and Investigations team explore how connecting to free Wi-Fi can affect your privacy.
An age-old adage states that nothing in life comes free. But in some spheres of life, free is expected – and no more so than the ability to connect to the internet free of charge when you’re out and about.
In our post-pandemic world, remote working and the ability to travel again inevitably means we’ll be spending more time in airports, train stations, and cafes – and when in these places, free public Wi-Fi is a basic expectation.
Public Wi-Fi is generally mind-numbingly slow, but that typically doesn’t stop us from signing up to it instead of reeling through megabytes of our own paid-for mobile data. But does this free connection come with a hidden cost? If nothing in life comes free, then what are we really paying to access the Wi-Fi?
How secure are these networks?
First and foremost, it’s important to consider the security threats. While acting with ‘good intentions’, the airport or coffee shop offering the Wi-Fi is unlikely to pay much attention to the security of their network. This oversight could leave your devices vulnerable to cyber-attacks. When you connect to a network, your device sends data back and forth to that network. A bad actor with the technical know-how could then place themselves digitally between your device and the network provider and intercept the information, which would immediately compromise the data on your device. At best, they could read the emails between you and your colleague, at worst they could glean your address, date of birth and payment information from an online shop.
Our data as currency
We’ve probably had to input, at the very least, our name and email address in order to connect to the free Wi-Fi, but unless we stop to read the terms and conditions, we won’t understand whose hands these personal details might fall into. This seemingly simple data that you have initially provided is at risk if the provider hasn’t taken steps to protect it. Data breaches and hacks can expose whole batches of information from public Wi-Fi log-ins. How many of us use our ‘go-to password’ with our regular email in the interest of speed? These details can then be used to gain access to other accounts which may hold a lot more data, such as social media or online shopping accounts.
Do we really know why this Wi-Fi is being provided for free? In some cases, the reason appears obvious: a small café wants you to spend more time there; at an airport, it may all be part of the service. However, the most likely reason is usually linked to advertising, with the aim of encouraging you to spend more. The email you signed up with, unless you carefully ticked (or unticked) a box, is now being spammed with random adverts for products linked to your location.
What does your IP address say about you?
Many of us would not publicly disclose our address or phone number online – however we probably don’t realise how much information can be gleaned from an IP address. An Internet Protocol (IP) address is a numerical label attached to a computer network which identifies the network and the location. When you log onto Wi-Fi, your phone will show that location’s IP address and send its unique device code to the Wi-Fi provider. This data, with the help of third-party applications, is enough data for an interested party to track your movements based on the Wi-Fi networks you use. Apple have recently added an option in Wi-Fi settings to give you a private address when joining a network, but your best bet for increased security is a paid VPN service.
Steps to security
Unfortunately, there’s no such thing as complete protection – but that’s not to say your security is wholly a lost cause when logging on to a free public Wi-Fi network. A few simple steps, whether you’re using a phone or your laptop, can make yourself (and your data) that bit more secure:
1. Check with café/airport staff that the network is legitimate.
The network you think is being provided by the café may in fact be posing as one in order to exploit users. Criminals can easily set up networks and name them something like ‘Free Airport Wifi’, in order to gain access to your personal information, so ensure you ask a member of staff what the correct network name is.
2. Turn off media/file sharing.
Many of us know this better as Airdrop on Apple products or Nearby Share on Android. Chances are you have turned this on at some point after trying to send or receive something from a friend/colleague or family member. On the public network, it’s time to switch it off. This, in addition to turning on your firewall will add an essential layer of security to your data.
3. Use a VPN.
If you’re concerned about data security, or you have something particularly important/confidential on your device and you need to use a public network, then a VPN is a necessity.
For those that need a refresher, a VPN, or Virtual Private Network allows you to connect to the internet via a private network. The VPN acts as an intermediary or ‘tunnel’: any traffic between your browser and the server (i.e. the website you are accessing) gets encrypted as it passes through this tunnel. Essentially, this creates a protective layer around your internet connection. All the data going back and forth with this protective layer around it won’t be visible to hackers, and they won’t be able to access your information.
In addition, a VPN masks your IP address. Geo-tagging is becoming easier than ever for individuals interested in your data, location and travel patterns. But with a VPN, you can ‘appear’ to be somewhere else – you could physically be at Heathrow, but your VPN shows you as being in Birmingham, or New York.
4. Use anti-virus software and run a scan immediately after you finish browsing on public Wi-Fi.
Anti-virus software scans your system, identifying any malware threats and deleting them. If you visit an insecure website, it will warn you – and it will also alert you if suspicious software is trying to communicate with your systems. Running a scan after using public Wi-Fi allows you to ‘clean up’ anything dangerous which may have appeared during your browsing session.
Public Wi-Fi is no doubt an extremely useful modern convenience, but one which shouldn’t be presumed as a guaranteed safe or secure option. Now that offering free connectivity is the norm, and privacy is increasingly a concern, perhaps we’ll see establishments upping the security of their networks – no doubt as a selling point. In the meantime, it’s important to be mindful of how you use public Wi-Fi, how much data you provide, and the sorts of activities you perform whilst connected to these generally insecure networks.