How do I stay safe in an internet cafe?

Home » Internet » Privacy

Summary: When connecting to the internet in an internet cafe, hotspot or other public connection you could be opening yourself up to serious security issues.

I've read your articles about how a secure home wireless network is important. But lets say I'm in a cafe, and I'm connected to their public wireless, is all my privacy compromised? I have a firewall and I suppose that will block any attacks into my laptop, but what about the information I send out such as online banking and the like on that public wireless?

You are absolutely right to be concerned.

There are steps that you need to take to ensure your both your security and your privacy.

•

First remember, that your ISP can monitor everything you do. I'm not saying that they are, but they can.

Whenever you're using a wireless hotspot such as in an internet cafe, they are your ISP for that connection. Again, I'm not saying that Starbucks or their wireless provider is spying on you, but I would take care to make sure you trust the provider you're using. If you're at "Joe's Cafe" and it's Joe's teenage son that's just slapped a wireless access point on their DSL connection - yes, he could be monitoring what you're up to.

But that's not really the biggest threat, so while you should of course exercise caution, for this discussion I'll simply assume we can trust whomever's providing the internet connectivity.

The people we shouldn't trust are the other users within range of that wireless connection.

"Anyone within wireless range of your laptop could be monitoring your internet usage."

Anyone within wireless range of your laptop could be monitoring your internet usage.

Scary, huh?

So, here's what you need to do:

Use a firewall! Sounds like you're already doing this, but for everyone else, this is critical. And it doesn't have to be difficult; for example I simply enable the Windows firewall when I'm in an open WiFi situation.

Yes, there may be a router or firewall at the hotspot protecting you from threats from the internet, and that's fantastic. It's also not at all what I'm talking about here. In an open WiFi situation and in any "internet provided" situations like hotels you need to protect yourself from everyone else that's on the same side of the router as you are. They can see and connect directly to your machine unless you enabled your firewall.
Use httpS! That's https, note the "s" at the end. An https connection is encrypted. That means that while someone can see that you're accessing a particular web site, if you're using https they cannot see any of the data you send to or receive from that site. This is the only safe way to do online banking. If you can't connect via https, or the "s" disappears at some point in your exchange with your bank, then stop. If it's not https, it's not secure and anyone in the room could be monitoring what you're doing.
Secure your Email! Email is perhaps the biggest open security hole in these situations. If you use a POP3/SMTP email client, the default configuration for most is totally unsecure. I could sit in a corner of the internet cafe and not only read your email with you, but also steal your account name and password. It really is that unsecure.

With POP3 and SMTP you should contact your email provider and see if they support SSL connections. If they do, it's a slightly different configuration in your email program but once done all of the communication between your email program and email servers are securely encrypted.

Online or web-based email services deserve special consideration. Most do not support https connections. The one exception is Gmail, which will use https if you make sure to login through an https connection.
Consider a VPN. Not all sites support https, as it takes extra work on their part. For example there is no https version of ask-leo.com, you can only access it through unencrypted http, and that's the norm for most sites that don't process confidential information. But that means that someone could still be watching where you go. If you don't mind them seeing that you're visiting ask-leo.com, or what you might happen to search for on Google, or whatever other sites you're visiting in the clear, then you don't need to do anything.

And not all email providers will provide secure connections.

However, if you're a "road warrior" and spend a lot of time in internet cafes, have an unsecure email configuration, or browse a lot of sites that you'd rather not be so easily sniffable, you might consider a VPN (Virtual Private Network) service. I've never use one personally, so I can't recommend one specifically but there are several. http://www.hotspotvpn.com/ is one example. Using these services you create an encrypted connection to the service and route all your internet traffic through them. When you do this the folks in the cafe see only encrypted data which they can do nothing with.

So, how big is the risk, really?

It depends.

I'd expect busy hotspots near sensitive areas to run a fairly reasonable risk. Busy coffee houses, airport WiFi, libraries and the like seem like "target rich environments" for the potential hacker. These are certainly places where I'd make sure to take these safety measures myself.

Less busy hotspots? Perhaps not so much.

But it is possible, and more frighteningly, it's not all that hard for someone who's technically savvy.

Related:

Ask Leo! - Can hackers see data going to and from my computer?
Ask Leo! - How can I keep data on my laptop secure?
Ask Leo! - How can I keep my email safe from sniffing? - a very geeky approach to email security for those that have the ability.

More articles about: Privacy

Article Useful? Link to it from your own website; just copy/paste this HTML:
<a href="http://ask-leo.com/how_do_i_stay_safe_in_an_internet_cafe.html">Ask Leo: How do I stay safe in an internet cafe?</a>

Article 12175 | Posted January 15, 2008

•

Recent Comments

definitely do not do anything that has to do with payments, money, credit cards, etc.. Just surf the net.

Posted by: George Arauz at January 17, 2008 05:57 AM

Thanks for all you do. To log onto gmail through an https connection, I will soon be traveling on a cruise ship which will probably have a wifi connection but if not I know it has connections on its own computers. How do I use an https connection in that circumstance?

Posted by: tutu808 at January 18, 2008 06:16 PM

Thanks Leo....that is great advice! I sent a copy to my wife, who uses her laptop more frequently these days.
With all that is 'out there' it is good to know there are proper measures that can be applied to get the technological security necessary:-)

Posted by: Jaymes Brandon at January 20, 2008 06:19 PM

Earthlink's webmail system uses HTTPS all the time. Some webmail systems only use it for the login page, but not for reading and writing individual messages. Gmail will use HTTPS all the time, but only if you start out making an HTTPS request initially.

The need for safety with a wireless network is obvious. However, many people are not aware of the need for safety when plugging into a wired Ethernet connection in a hotel room. For more on that see my blog
Ethernet connections in a hotel room are not secure
http://blogs.cnet.com/8301-13554_1-9854369-33.html

Posted by: Michael Horowitz at January 21, 2008 09:59 PM

"Definitely do not do anything that has to do with payments, money, credit cards, etc.. Just surf the net." This is nonsense propagated by those who really do not understand various types of encryption and their proper uese. As Leo said, if you have an SSL (https) connection you don't need any further encryption. And you won't have any problems with credit card transactions or banking issues, whether wired or wireless. Again, as Leo said, it's "everything else" you do on the Internet that will be easily sniffed by a hacker (even a casual one)in a wireless environment. I started using HotSpotVPN several months ago and I'm very satisfied with the results. They are the only reasonably priced VPN service that I know of that offer client based SSL type VPN that is more secure and stable than the Open VPN services that use the XP based system. And you have three levels of security to select from. Now I use hot spots anywhere with full AES encryption for ALL my Internet usage. Great peace of mind.

Posted by: Chuck Newman at January 22, 2008 07:29 AM

Now that I am aware of the need for httpS, can I not change my gmail account to its use?

Posted by: Tim at January 24, 2008 02:57 PM

We here a lot about the ethics of Piggybacking from one's home onto an "unsecured" network and also the safety of those who "own" the account.
But, what about those who do the Piggybacking? Is it safe for us??
If someone leaves his network unsecured could they possibly be doing it on purpose to "sniff"?

Posted by: lorraine at March 20, 2008 11:54 AM

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I won't speak to the ethics, but I can certainly comment on
the RISK of using someone else's WiFi. YES, the owner of the
network you happen to be piggybacking on could monitor what
you're doing, and YES they could be doing it on purpoase.
I've certainly heard of exactly that happening - someonen
setting up a wireless access point in a public spot, and
then sniffing on whomever happens to connect.

Leo

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)

iD8DBQFH5ukkCMEe9B/8oqERAiMRAJ9qYp8aiS/747xHXza++gwwo+AYUwCcCucg
o7HMrodOXj4IYDSfSd1CcJM=
=qLkj
-----END PGP SIGNATURE-----

Posted by: Leo A. Notenboom at March 23, 2008 04:35 PM

Post a comment on "How do I stay safe in an internet cafe?":

Name: (Required)

Email Address: (Required)

(Email Address will not be published.)

Remember Me? YesNo

By popular demand...
my tip jar

Buy Leo a Latte!

Comments:

New!

Subscribe to the RSS Feed specifically for comments on this article.

Before commenting, please...

Read the article at the top of this page. If your comment shows you didn't, it'll be deleted and ignored.
Comment only on this article. Use the Google search box at the top of the page if you have a question about something else.
Don't include personal information in the comment. No email addresses. No phone numbers. No physical addresses.
Don't ask me to recover lost passwords or hacked accounts. I can't, and those comments will be deleted.

I can't respond to every comment. And I can't vouch for the accuracy of others who do.
Read Why didn't you answer my question? for hints on getting an answer.
By posting a comment you agree to the Terms of Service. Don't agree? Don't post.
Read the article at the top of this page. If your comment shows you didn't, it'll be deleted and ignored. Yes, I'm saying this twice; you'd be amazed.

Please wait. Your comment is being processed ...