Keeping yourself safe and protecting your privacy and personal identity on a public network, like at a coffeehouse is darn near impossible. But you can take some steps to protect yourself from prying eyes as well as prying hackers who might be trying to capture your logins for Facebook, your bank account, to score a free movie out of your Netflix account, or something even more sinister like installing a backdoor on your computer to use later for nefarious and or illegal hacking activities.
Verify You Are On The Network To Which You Intend To Connect
It is an easy challenge for someone to intercept your private and personal data on a public wireless network by performing a man-in-the-middle attack. In this attack a hacker would set up a fake wireless network with an enticing SSID network ID to get you to join the network. They might make the network look like “Free Wifi” or even use a duplicate SSID such as the coffeehouse’s to trick you to join. In this attack, they can collect all the unencrypted data to find usernames and passwords. Luckily most services like the bank or Facebook use an SSL certificate to encrypt the data between your computer and their servers, but even that could be spoofed if they are tricking you into using their network. They could easily spoof the login page by making a page that looks like your bank, but really is just a honeypot where they divert your request to their fake page where they are recording your username and password. Therefore when you join a public wireless network you need to make sure that you are in fact joining the network to which you intend. So, it’s not a bad idea to double check with the coffeehouse staff to ask what the name of their network is before joining. While this won’t stop attackers who may be spoofing their network identity, it will reduce the risk you face by attackers creating fake generic hotspots like, “Free Wifi.”
Keep Away From Prying Eyes
Obviously, when you are sitting in a coffeehouse or other public area, prying eyes can oversee what pages you are going to and even look over your shoulder to see the password you type on your keyboard. Being aware of your surroundings and anyone who may be observing what you are doing on your computer is a good start to preventing these types of attacks. If you are concerned about any of your activity being watched it is a good idea to find yourself a spot to sit that makes it difficult for people to observe your computing activity. We recommend finding a table that you can sit at that faces your computer screen away from anyone who may be looking at what you are doing such as sitting at a table with your back against a wall or corner and making sure you are connected to the actual network you intend to be connected to.
Don’t Let Your OS Leak Info and Share Data
Your operating system will have settings for different levels of security and privacy when joining a network. It is recommended in public places to choose the highest security level to avoid your computer accidentally sharing files or exposing services that may have vulnerabilities that would allow a hacker to penetrate your computer.
If your operating system is Microsoft Windows, be sure to turn off file sharing and mark the Wi-Fi connection as a public network. You can do this the first time you connect. You will be asked what type of network you are joining at the time you join. It is important to choose “Public Network” NOT “Home Network” or “Work Network.” This is because different firewall rules and security settings are set. If you join as a “Home Network.” all your file sharing settings will be discoverable as this is the least secure setting. If you’ve already joined a network at your favorite coffeehouse you can change the setting by opening the Control Panel > Network and Sharing Center > Change Advanced Sharing Settings. Under the Public heading, turn off the file sharing toggle. You may also want to turn on the Windows Firewall when connecting to a public network if it’s not already activated. These settings are also found in Control Panel > Windows Firewall.
If your preferred operating system is Mac, it is as easy as opening up System Preferences and clicking on the Sharing icon. Uncheck the box next to File Sharing to disable file sharing. You may also want to fully disable sharing and remove the public home folder sharing options as well. Enabling the built-in Mac firewall is a good idea. Access System Preferences -> Security and Privacy, and click the Firewall Tab.
Use a VPN When Possible
Deploying and consistently utilizing a virtual private network (VPN) is one of the best ways to keep your web browsing private and safe. A VPN client encrypts all traffic between you and the VPN server, which means it’s far more challenging for a hacker to intercept your data. There are many different VPN programs available and many routers have a VPN server built right in. This would encrypt all of your data, including DNS lookups. When you are on someone else’s router they can see where you go on the Internet and what pages your computer requests. Even this little bit of info about you can violate your privacy if say you are researching a sensitive topic.
In fact, as I write this article from my favorite coffeehouse in Kansas City on my Linux laptop, I am using a poor man’s VPN by tunneling my web and DNS traffic through an SSH tunnel back to an SSH server in my office. Mac and Linux can do this out of the box by starting the SSH tunnel and telling my web browser in its settings to use a SOCKS 5 proxy. Windows can easily to this with the addition of Putty, an SSH client that is capable of acting as a SOCKS 5 proxy.
Always Check for HTTPS
HTTPS “https://somesite.com” Always be sure to look for the lock in your browser and the “s” on the end of http in the url to make sure your browsing connection is secure. You can install an extension to your browser such as HTTPS Everywhere. This extension is available for Chrome, Firefox, Firefox for Android, and Opera. If you install this browser extension it will make sure your browser uses HTTPS when it is available.
HTTPS Everywhere operates by making sure all connections are that are encrypted on supported parts of the websites. As it states in its FAQ:
“HTTPS Everywhere depends entirely on the security features of the individual web sites that you use; it activates those security features, but it can’t create them if they don’t already exist. If you use a site not supported by HTTPS Everywhere or a site that provides some information in an insecure way, HTTPS Everywhere can’t provide additional protection for your use of that site.”
Keep Your Operating System and Apps Updated
Keeping your system and apps up to date and patched for security vulnerabilities is one the the most important habits you can develop. Before you go to a public wifi hot spot it is not a bad idea to run updates from your home or a network that you trust.
You can be tricked on public networks to download and install “updates” that are really malware. That is is it is important to perform updates and security patched on a network you trust.
Avoid Using Apps on Public Wifi
Avoid using apps on a mobile device on a public network. Don’t assume that your apps are automatically secure or using HTTPS to connect to their backend services. Unless explicitly outlined by the app developer, it’s best to assume that the app is not connecting securely. So instead of using your app to conduct the transaction you should use your secured browser to log on to the service, and check for a HTTPS connection in the status bar.
Use Two Factor Authentication
Be smart, utilize two-factor authentication on services that support it, such as Gmail, Twitter and Facebook. Even if a hacker does manage to intercept your user credentials when you’re on public Wi-Fi, you have another layer of protection.
Use Different Passwords for Different Services
Using a different password for your banking, Facebook, Email, and other services will create a separation between the services. IF you are in the habit of using the same password for everything, an attacker could easily use that to steal your identity. While remembering different passwords (preferably random hard to remember and guess) is a challenge, there are apps that can help you manage your passwords so you don’t have to remember them. It can be as easy as copy and paste. One such program we recommend is Keepass.
Don’t Forget To Logout
Simple. When you are finished click logout.
Happy safe public internet surfing!