You need a VPN when accessing public Wi-Fi - here's why

What is public Wi-Fi?

We're all familiar with Wi-Fi, and the convenience it affords. Technically, Wi-Fi refers to a technology that enables computers and other devices to connect to the Internet and communicate wirelessly. Wi-Fi is configured using a wireless adapter to create a "hotspot." Once a connection is established, users within range of the hotspot can connect to the Internet network.

Wireless networks are located either in the home, which is generally referred to as a "closed network," or in public places, which can be open or closed depending on the security settings in place. Public Wi-Fi is often unsecured, posing security risks to users.

  Where are public Wi-Fi networks found?

Public Wi-Fi networks are not hard to find. They are prevalent in locations around the world and you encounter them in your day-to-day life as well as during travel. Some common locations where you may encounter these networks include:

There are over 100,000 unsecured public Wi-Fi hotspots around the world, with reports that one out of four are completely unsecured. Mumbai holds the title for the largest public Wi-Fi city, with over 500 active hotspots and another 700 promised by May of 2017. Other major metro areas have large public Wi-Fi presence, such as New York City where all subway stations will have Wi-Fi coverage by the end of this year. In Europe, there is an initiative called WIFIEU, which plans to extend free Wi-Fi all over the European Union in public places. 

  • Restaurants, bars, cafes and coffee shops
  • Airports and airplanes (in-flight Wi-Fi), trains, subways and transportation stations
  • Hotels and hostels
  • Public parks and other public locations that offer Internet
  • Malls and shopping centres
  • Tourist attractions, commercial hubs
  • Home networks, if left unsecured

Why are these networks insecure?

An unsecured Wi-Fi network is any network that does not require you to enter a password or login credentials to use the network. These "open" networks also involve un-encrypted connections, leaving users at great risk. These hotspots are an easy target for hackers and nefarious people trying to steal login passwords, credit card information and content of communications or other personal details. These also pose other threats, such as man-in-the-middle attacks, Wi-Fi sniffing and malware.

  • Hackers/Snoops: Hackers or snoops can infiltrate unsecured Wi-Fi networks and use them to collect personal details or sensitive login information. Think hacking is hard? Think again. Hacking is easier and easier these days, with the help of tools like packet analysers. 
  • Man-in-the-Middle Attacks: A man-in-the-middle attack occurs when a malicious actor intercepts the communication between two people and inserts themselves into the conversation. The criminal can then access information being sent and intercept personal data - all without the senders or recipients knowing. This type of attack allows for eavesdropping, exploiting real-time transactions, conversations and data transfers allowing the hacker to steal personal information.
  • Malware: Unsecured Wi-Fi networks can be used to inject malware into devices connected to the network. Malware is very dangerous, as it could give an attacker access to everything on your device. This includes files or photos, and can go as far as microphone activation for eavesdropping.
  • Rogue Hotspots/Fake Networks: These are hotspots that are set up by criminals, using a name close to that of the actual, legitimate Wi-Fi hotspot. These hotspots are created to trick users into connecting, thinking they are using a legitimate network at a coffee shop, for example. When you connect to one of these networks you become vulnerable to hacking/snooping conducted by the owner of the fake network.

What Information is at risk?

Now that you know unsecured public Wi-Fi networks are an easy target for criminals or snoops trying to steal your personal details, it's important to understand what exactly they can get their hands on - and how revealing this data can be. When using these networks, the following information may be at risk: 

  • Your location
  • The websites you visit 
  • Your personal communications, such as emails, chats and messages
  • Whom you are communicating with
  • Files you send, photos
  • Your passwords and other sensitive information
  • Login credentials for various websites, such as banking websites

All this isn't just hype! There are reports of users connecting to unsecured Wi-Fi networks around the globe, often with devastating consequences for their users. 

  • Tourist attractions: Some of the most unsecured Wi-Fi networks can be found at popular tourist attractions and destinations around the world. These include popular places such as Times Square, Notre Dame and Disneyland Paris.
  • On-board airplanes: Last year, there was quite a stir when a journalist was hacked while using in-flight Wi-Fi on-board a plane. The hacker revealed details of what he the journalist working on, compromising the story as well as alarming all who heard about it. This incident proved just how quick and easy hacking in-flight Wi-Fi was.
  • Public buses: The city of Sydney Australia, recently announced plans to offer Wi-Fi on-board all public buses. But this Wi-Fi comes with a catch – it will collect and sell personal user information. While this risk doesn't occur because the Wi-Fi is insecure, it's another privacy violation that users need to be aware of on Wi-Fi.

Ignorance is not bliss

According to a study conducted by the Identity Theft Resource Center, about 40% of people were unconcerned about using public Wi-Fi. Of those who were worried, less than half took steps to secure their connection on these networks. This is very concerning, considering the activities that most frequently take place on public Wi-Fi:

  • Checking personal email accounts (including logging in)
  • Using social media (including logging in)
  • Accessing banking or financial information

What’s even more concerning is people's’ willingness to use these networks, despite being aware of the risks. A McAfee poll revealed that a large percentage of people - 38% - still opt to use free unsecured Wi-Fi. Combine that with a statistic from the AARP’s Convenience Versus Security report that “A quarter of the adults who use the Internet access it via public Wi-Fi once a week or more,” and you get an idea of how common using unsecured networks is.

Protecting yourself on public Wi-Fi

All of this is very unsettling, especially for those who have never considered the risks of public Wi-Fi before. But you don't have to avoid Wi-Fi networks or accept the inevitability of privacy risks – there are things you can do!

While there are several ways to protect yourself when using a Wi-Fi network, one way beats the rest – using a VPN. The most important thing you can do every time you connect is to use a VPN. A VPN encrypts your Internet connection to secure it and protect your privacy. When connecting with a VPN, no one – not the Internet service provider, the business/network owner nor any third-party hacker or snoop – can see the information you send over the network. When using Wi-Fi with a VPN your privacy and security is protected at all times.

There are also several other precautions you can take, and the first step is really awareness - always "think before you connect." It’s essential to realize that when you’re logging on to a Wi-Fi network in a public place, especially one labelled “free,” you’re at risk. It’s also important to understand what you’re agreeing to. When you accept the terms and conditions of a public Wi-Fi hotspot, it’s likely you’re giving the service permission to collect information about you or what you’re looking at. Once you're aware, you can make better choices about when to connect (or not connect!) and actively take measures to protect your privacy. 

Other things you can do to increase privacy:

  • Turn off sharing settings, so others on the network cannot access your information
  • Use a firewall
  • Always use HTTPS for websites you visit
  • Use 2-factor authentication for all login credentials on accounts
  • Turn off Wi-Fi whenever you aren't using it - this prevents it from automatically connecting and putting you at risk
  • Update settings to forget networks so they are not saved on your phone
Desire Athow
Managing Editor, TechRadar Pro

Désiré has been musing and writing about technology during a career spanning four decades. He dabbled in website builders and web hosting when DHTML and frames were in vogue and started narrating about the impact of technology on society just before the start of the Y2K hysteria at the turn of the last millennium.