Helping people with computers... one answer at a time.

When connecting to the internet in an internet cafe, hotspot or other public connection you could be opening yourself up to serious security issues.

I've read your articles about how a secure home wireless network is important. But lets say I'm in a cafe, and I'm connected to their public wireless, is all my privacy compromised? I have a firewall and I suppose that will block any attacks into my laptop, but what about the information I send out such as online banking and the like on that public wireless?

You are absolutely right to be concerned.

There are steps that you need to take to ensure both your security and your privacy.

There are three things you need to consider when using an internet service away from home: your internet provider, your internet connection, and your computer.

Your ISP can monitor everything you do. I'm not saying that they are, but they can.

Whenever you're using a wireless hotspot such as in an internet cafe, or even a wired connection in a hotel or somewhere else, they are your ISP for that connection. Again, I'm not saying that the coffee shop, hotel or their wireless provider is spying on you, but I would take care to make sure you trust the provider you're using. If you're at "Joe's Cafe" and it's Joe's teenage son that's just slapped a wireless access point on their DSL connection - yes, he could certainly be monitoring what you're up to if you're not careful.

But that's not really the biggest threat. So while you should of course exercise caution, for this discussion I'll simply assume we can trust whoever's providing the internet connectivity.

"Anyone within wireless range of your laptop could be monitoring your internet usage."

The people we shouldn't trust are the other users within range of that wireless connection.

Anyone within wireless range of your laptop could be monitoring your internet usage.

Scary, huh?

So, here's what you need to do:

  • Use a firewall! Sounds like you're already doing this, but for everyone else, this is critical. And it doesn't have to be difficult; for example, I simply enable the built-in Windows firewall when I'm in an open WiFi situation.

    Yes, there may be a router or firewall at the hotspot protecting you from threats from the internet, and that's fantastic. It's also not at all what I'm talking about here. In an open WiFi situation and in any "internet provided" situations like hotels, you need to protect yourself from everyone else that's on the same side of the router as you are. They can see and connect directly to your machine unless you have enabled your firewall.

  • Use httpS! That's https; note the "s" at the end. An https connection is encrypted. That means that while someone can see that you're accessing a particular web site, if you're using https they cannot see any of the data you send to or receive from that site. This is the only safe way to do online banking. If you can't connect via https, or the "s" disappears at some point in your exchange with your bank, then stop immediately. If it's not https it's not secure and anyone in the room could be monitoring what you're doing.

  • Secure your Email! Email is perhaps the biggest open security hole in these situations. If you use a POP3/SMTP email client, the default configuration for most is totally unsecure. I could sit in a corner of the internet cafe and not only read your email with you, but also steal your account name and password. It really is that unsecure.

    With POP3 and SMTP you should contact your email provider and see if they support SSL connections. If they do, it's a slightly different configuration in your email program but once done all of the communication between your email program and email servers are securely encrypted.

    Online or web-based email services deserve special consideration. Most do not support https connections. The one exception is Gmail, which will use https if you make sure to login through an https connection, and have the "always use https" option selection in Gmail's options.

  • Consider a VPN. Not all sites support https as it takes extra work on their part. For example, there is no https version of ask-leo.com; you can only access it through unencrypted http, and that's the norm for most sites that don't process confidential information. But that means that someone could still be watching where you go. If you don't mind them seeing that you're visiting ask-leo.com, or what you might happen to search for on Google, or whatever other sites you're visiting in the clear, then you don't need to do anything.

    And not all email providers will provide secure connections.

    However, if you're a "road warrior" and spend a lot of time in internet cafes, have an unsecure email configuration, or browse a lot of sites that you'd rather not be so easily sniffable, you might consider a VPN (Virtual Private Network) service. I've never used one personally, so I can't recommend one specifically, but there are several. http://www.hotspotvpn.com/ is one example. Using these services you create an encrypted connection to the service and route all your internet traffic through them. When you do this, the folks in the cafe see only encrypted data which they can do nothing with.

  • Realize that a "login intercept" protects them, not you. In many free WiFi situations the first time you use the service no matter where you try to go you're first intercepted and sent to a page where you're required to "login" or otherwise accept the terms of service. This page does not protect you at all. It has nothing to do with security, wireless or otherwise. It's nothing more than a bit of legalese to protect the internet provider.

So, how big is the risk, really?

It depends.

I would expect busy hotspots near sensitive areas to be a fairly reasonable risk. Busy coffee houses, open airport WiFi, libraries and the like seem like "target rich environments" for the potential hacker. These are certainly places where I'd make sure to take these safety measures myself.

Less busy hotspots? Perhaps not so much.

But it is possible, and more frighteningly, it's not all that hard for someone who's technically savvy.

(This is an update to an article originally published February, 2008.)

Article C3269 - November 12, 2009 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

34 Comments
George Arauz
January 17, 2008 5:57 AM

definitely do not do anything that has to do with payments, money, credit cards, etc.. Just surf the net.

tutu808
January 18, 2008 6:16 PM

Thanks for all you do. To log onto gmail through an https connection, I will soon be traveling on a cruise ship which will probably have a wifi connection but if not I know it has connections on its own computers. How do I use an https connection in that circumstance?

Jaymes Brandon
January 20, 2008 6:19 PM

Thanks Leo....that is great advice! I sent a copy to my wife, who uses her laptop more frequently these days.
With all that is 'out there' it is good to know there are proper measures that can be applied to get the technological security necessary:-)

Michael Horowitz
January 21, 2008 9:59 PM

Earthlink's webmail system uses HTTPS all the time. Some webmail systems only use it for the login page, but not for reading and writing individual messages. Gmail will use HTTPS all the time, but only if you start out making an HTTPS request initially.

The need for safety with a wireless network is obvious. However, many people are not aware of the need for safety when plugging into a wired Ethernet connection in a hotel room. For more on that see my blog
Ethernet connections in a hotel room are not secure
http://blogs.cnet.com/8301-13554_1-9854369-33.html

Chuck Newman
January 22, 2008 7:29 AM

"Definitely do not do anything that has to do with payments, money, credit cards, etc.. Just surf the net." This is nonsense propagated by those who really do not understand various types of encryption and their proper uese. As Leo said, if you have an SSL (https) connection you don't need any further encryption. And you won't have any problems with credit card transactions or banking issues, whether wired or wireless. Again, as Leo said, it's "everything else" you do on the Internet that will be easily sniffed by a hacker (even a casual one)in a wireless environment. I started using HotSpotVPN several months ago and I'm very satisfied with the results. They are the only reasonably priced VPN service that I know of that offer client based SSL type VPN that is more secure and stable than the Open VPN services that use the XP based system. And you have three levels of security to select from. Now I use hot spots anywhere with full AES encryption for ALL my Internet usage. Great peace of mind.

Tim
January 24, 2008 2:57 PM

Now that I am aware of the need for httpS, can I not change my gmail account to its use?

lorraine
March 20, 2008 11:54 AM

We here a lot about the ethics of Piggybacking from one's home onto an "unsecured" network and also the safety of those who "own" the account.
But, what about those who do the Piggybacking? Is it safe for us??
If someone leaves his network unsecured could they possibly be doing it on purpose to "sniff"?

Leo A. Notenboom
March 23, 2008 4:35 PM

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I won't speak to the ethics, but I can certainly comment on
the RISK of using someone else's WiFi. YES, the owner of the
network you happen to be piggybacking on could monitor what
you're doing, and YES they could be doing it on purpoase.
I've certainly heard of exactly that happening - someonen
setting up a wireless access point in a public spot, and
then sniffing on whomever happens to connect.

Leo


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)

iD8DBQFH5ukkCMEe9B/8oqERAiMRAJ9qYp8aiS/747xHXza++gwwo+AYUwCcCucg
o7HMrodOXj4IYDSfSd1CcJM=
=qLkj
-----END PGP SIGNATURE-----

Alisha
September 18, 2008 7:55 AM

hi, my sister has a wireless internet accross the road i would say less than 100m. is it possible to connect to conect to the same internet? is there any usb that covers the range of 100m to connect to the wireless internet connection? please reply Thanks

You might get lucky with an extra antenna or something (google "wifi antenna") but as I understand it 100m is at the very fringe of what WiFi is supposed to cover in the best of circumstances.

In otherwords, I would expect the answer to be "no".

-Leo

Wade
October 7, 2008 9:31 PM

Few more public wi-fi security tips at:

http://www.freewifihotspotsoftware.com/security_tips.html

hackhelp
October 14, 2008 2:33 AM

Leo if your piggybacking on someone else's connection and you are on a httpS website can that info be sniffed or is it still secure?

Yep, https is point-to-point secure and safe from sniffing.
- Leo
14-Oct-2008

Alex
October 17, 2008 12:52 PM

Aslo it is strongly recommended using VPN when you are browsing in a public wi-fi zones, internet cafe..etc
I use personal vpn service (128byt encrypted) called VPN Privacy. Very fast and convinient.

Nick
December 16, 2008 10:24 AM

But I use uk vpn and so happy !

Peter
July 20, 2009 10:46 PM

Hotspot connection and its signal matters a most and thius respect i can assure you from my pat experience that wifirush service,wireless connection and hotspot is one of the best in the market. I promise you, wifirush latest technology keeps you free from security threats and constantly encourages you to use it for your business purpose at your best level.Visit http://wifirush.com/services_flash.html for more information to get new taste of hotspot.

Leroy
August 16, 2009 5:11 AM

I always use https when I'm at unsecured wireless networks, but I'm worried that someone can still see what I'm doing. I make sure the website uses AES 256 bit encryption but I don't think that's enough for encryption. Is it possible for someone to decrypt the https connection?

Nope, it's not practically possible.
Leo
16-Aug-2009

Charles Tilley
October 28, 2009 10:50 PM

Leo, every week I read and get a lot of excellent advice on your column. But you can get CLEAR signals a lot further than 100 meters away. I have my own connection (Verizon Wireless), but the person who rented this place before me mounted a wi-fi antenna on top of the unused chimney (a huge square one), the library is eight blocks away, and I can pick up an excellent signal from here. Along with about 20 or so unsecured networks. The landlord told me to use it, he installed it and used it for 4 years with no trouble. But I'm afraid for the reasons that you mentioned to use it. I just can't believe that all these people in 2009 leave their networks unsecured. Too lazy to set up the security on their routers, just plug and play.

David
November 13, 2009 2:51 AM

The Webmail service FastMail.fm offers https, as well as one-use passwords.

Craig
November 15, 2009 5:20 PM

Could LogMeIn (their free version) be used effectively as a VPN? I log on at their site and I then connect to my home computer and remote control it to do all of my Internet business. Is this an effective way to keep people from seeing what I'm doing when I'm accessing the Internet at a hotel?

Yes. I've been meaning to play with the free LogMeIn (I also use LogMeIn Hamachi, which when coupled with Windows own Remote Desktop can also do the same).
Leo
16-Nov-2009

John
November 17, 2009 8:38 AM

Good advice as always, Leo. I'd like to add that even though you have a Firewall running, make sure that you lock it down by disabling Exceptions when you are using a public LAN. I just got attacked that way in a library!

DavidBrilliant
November 21, 2009 9:51 AM

When away from home I would like to use internet cafe's for the odd email, and check my bank accounts, but I am afraid to do so. Is there any way I can protect myself from my security being breached? I do not use a laptop with a wireless connection.

Adam
May 5, 2010 9:39 AM

Helpful article - thank you. However, I am unsure if it applies only to Internet usage only or all data on the computer. What if I connect to a wireless network (say in a cafe) and my firewall is not enabled - Can someone see the data on my hard drive and get into desktop applications or should I only be concerned about information exchanged over the Internet?

Without the firewall enabled you are at huge risk. Enable it, especially when at an open WiFi hotspot. YES, your data may be at risk.
Leo
06-May-2010

George
May 8, 2010 1:42 PM

Good article, but I'm a little confused. Letís say I'm traveling, I fire up my laptop, enable the firewall and log onto my My Yahoo page using the hotelís internet connection. One of the modules tracks my (poorly performing# stocks/investments. Since My Yahoo is not an https site, can someone in the hotel potentially see this information? I checked to see if Yahoo has an https option but only found info about Yahoo mail #which I donít use). I donít travel enough to justify VPN, so other than not visiting the site, do I have any other option? Thanks Leo.

Yes, that's exactly the kind of thing that could be viewed: non-https connections over a WiFi connection could be seen by someone nearby. Without https or a VPN things get either complex or somewhat fragile. I think you can try one of the anonymizing proxies like TOR - it at least encrypts the connection from your laptop to the first TOR node.
Leo
09-May-2010

Jerry
May 17, 2010 7:09 PM

Are all the risks you describe equally applicable to the iPod Touch? I'm unaware of it's providing a firewall.

Traffic sniffing is definitely a possibility regardless of the device you use, so yes, the importance of things like https and other encrypted connections apply to any device including the iPod Touch. As for a firewall, this I'm unsure of. Given how little malware there is targeted at the Touch it may not be as big an issue as it is for PC users.
Leo
18-May-2010

James
May 27, 2010 2:41 AM

Recently created new email address and needed to
send something urgently via an internet cafe.
Typed in user name and password and was informed
that neither was valid. Does this mean Gmail does not work via internet cafes? It should have been a very simple matter. Your response would be appreciated.

It should work fine. With the information provided I have no idea why it didn't work.
Leo
27-May-2010

Gordon James
June 14, 2010 12:49 PM

Hi!
I am learning about intrusion detection and security. I have found some great https clients to run on your home network so you can bounce all connections through them when you are in a risky environment.

I would love to see you do a simple guide to these.

Ginger the Kringer
July 19, 2010 1:02 AM

Hi, I am curious about my laptop's security. I am scared of using next yaer at highschool due to the fact I might get a formatted hard drive because some kid may think its funny. So what would be the best personal fire wall for me, I want somthing that wont be in my way and lag me but I want somthing saying NuB:PC at IP 1.2.3.4 is attempting access on your computer Deny or approove? I know its much to ask but ill pay a good bit for peace at mind.

Anaks
August 13, 2010 3:24 PM

Great post, I am using Super VPN Service for same purpose.

George Bishop
August 31, 2010 6:01 AM

When travelling, I use libraries to access my bank account. I use ROBO TO GO on my memory stick. Its the same as ROBOFORM but is portable.

You are running the very real and serious risk that malware or keyloggers (yes, still keyloggers) could be intercepting your information. I would not do what you do.
Leo
01-Sep-2010

Ariel
September 16, 2010 9:57 PM

I checked my Gmail settings that you mentioned in the article and Gmail has changed their default connection to Https. So you don't have to set it to - "always use Https". However the options to use either one is still available but if you click on either of these radio buttons you could create some issues with some of the mobile phone access to your mail. I'm leaving mine un-clicked as it is already defaulted to Https. My address bar in my browser confirms a Https connection.

Sascha
October 19, 2010 11:11 PM

Glad to have found your site. I like your clear writing style.

I set out to never surf on insecure Wifi networks again, so I did some research on VPN providers and after checking VPNreviews which has a list of choices that goes beyond the needs and affordibility for an average user, I found ProXPN, which is free up to 1GB/month, and only $5/month for unlimited access.

It seems they're so cheap right now because they only maintain 1 server (in California). This is a no ad, no nag service, based on OpenVPN. If you use this ProXPN referral link we both get 1 month PRO service free.

Koh Chang
October 31, 2010 10:53 AM

with unencrypted Wi Fi, every password, email message, and web page can be read by other users on the network. You should only use secure (encrypted) email and should not enter a password or personal information on a web pages.

Miss.Andrea Borman
July 2, 2011 3:46 AM

I am on holiday in Manchester at the moment and I have not taken any of my 4 Netbooks with me.I have left them at home and I am using the Internet cafe to write this. Because although the hotel I am staying in has WiFi it is not safe and I don't feel safe using public Wifi. Windows Firewall is not very secure not even on Windows 7 as all it does is advice you that it is blocking a service and if or not you want to enable it. And you only have to tick yes which I and most users do and it is enabled.So the Firewall is not a security feature in reality. Also, as you say, everyone will see your computer on the network. So my advice is leave your computer at home if you can help it. And use the Internet cafe and in the Internet cafe-remember to delete your browsing history before your time ends to avoid others seeing your email address and password. Andrea Borman.

Novak
August 24, 2011 8:43 AM

Every day more and more people want to protect their privacy on Internet. Governments around the world put different kind of restrictions on Internet connections of their citizens. VPN is solution for all that with which you can bypass all restrictions and protect your privacy. Many expert predict that VPN is future of Internet freedom.
I am using http://www.supervpn.net/ and I am very satisfied with their services.

Mark Ackley
October 7, 2012 10:24 PM

I am using Hotspot Shield Free VPN. However free version is ad supported, but its good from all other available free vpn's. You can surf anonymously and access all blocked websites using HSS.

Check it out here: http://www.hotspotshield.com

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.