You need a VPN when accessing public Wi-Fi—here's why

What is public Wi-Fi?

We're all familiar with Wi-Fi, and the convenience it affords. Technically, Wi-Fi refers to a technology that enables computers and other devices to connect to the Internet and communicate wirelessly. Wi-Fi is configured using a wireless adapter to create a "hotspot." Once a connection is established, users within range of the hotspot can connect to the Internet network.

Wireless networks are located either in the home, which is generally referred to as a "closed network," or in public places, which can be open or closed depending on the security settings in place. 

Public Wi-Fi is often unsecured in that they don’t use any form of wireless encryption. The advantage of this is that pretty much any WiFi-compatible device can connect to it. The big downside is that it can cause huge security problems, and many people opt to use one of the best VPN services to stay protected.

  Where are public Wi-Fi networks found?

Public Wi-Fi networks aren't hard to find. They are prevalent in locations around the world and you encounter them in your day-to-day life as well as during travel.

According to research by Kaspersky, around 1 in 5 wireless networks around the world are completely unsecured. This means there are about 6.4 million such hotspots.

Seoul, South Korea not only has the fastest internet in the world but over 10,000 free WiFi hotspots all around the city, at airports, public parks & even the popular neighbourhood of Gangnam. 

Perth, Australia takes this a step further offering blanket coverage free public Wi-FI throughout the entire city for 60 minutes at a time. Users are limited to 2GB per day to avoid too many downloads down under. 

In New York City all subway stations have Wi-Fi coverage, provided by the good people of TransitWireless offering unlimited internet use in platforms, ticket areas & mezzanines in every station. 

The Wifi4EU project aims to offer free WiFi to all European citizens in every public place. It’s funded by the EU Commission, who have already pledged 120 Million Euros in support. 

Why are these networks insecure?

An unsecured Wi-Fi network is any network that does not require you to enter a password or login credentials to use the network. These "open" networks or “hotspots” also involve un-encrypted connections, leaving users at great risk. 

The hotspots are an easy target for hackers and nefarious people trying to steal login passwords, credit card information and content of communications or other personal details. 

The main dangers of using unsecured Wi-Fi are:

  • Hackers/Snoops: Hacking has become much easier for bad actors these days through using ready made tools & equipment. For instance, some hackers set up fake “honeypot” public Wi-Fi hotspots to try to lure people into connecting to them. Once connected, any unencrypted information you send, such as the names of websites you visits can be logged by hackers. Hackers rely on you wanting to use their honeypot wireless network because it’s free & convenient. But once you’re linked to them, they can not only read your unencrypted network traffic but try to redirect you to fake ‘phishing’ websites to make you enter sensitive information or download malware. (See below). 
  • Man-in-the-Middle Attacks: If a hacker connects to the same unsecured wireless network as you, they can send bogus data to your device & the network router to obtain their unique IP address & special ‘MAC’ address. Once they do this, the hacker can then impersonate each device, sitting in the middle of their “conversation”. By intercepting yours & the router’s communications hackers can read your data, or even inject harmful software & links into your connection requests.
  • Malware: If a hacker can connect to your device, they may try to inject ‘malware’ to record your personal information, or even encrypt it with ransomware. The scary thing about malware is that you can stop all other kinds of attacks just by disconnecting your device from the network. If your machine’s infected with malware though, your data could still be at risk, even when you connect to a secure wireless network at home or in your workplace. 
  • Rogue Hotspots/Fake Networks: These are hotspots that are set up by criminals, using a name close to that of the actual, legitimate Wi-Fi hotspot. These hotspots are created to trick users into connecting, thinking they are using a legitimate network at a coffee shop, for example. When you connect to one of these networks you become vulnerable to hacking/snooping conducted by the owner of the fake network.

What Information is at risk?

 Now that you know unsecured public Wi-Fi networks are an easy target for criminals or snoops trying to steal your personal details, it's important to understand what exactly they can get their hands on - and how revealing this data can be. When using these networks, the following information may be at risk:

  • Your location
  • The websites you visit 
  • Your personal communications, such as emails, chats and messages
  • Whom you are communicating with
  • Files you send, photos
  • Your passwords and other sensitive information
  • Login credentials for various websites, such as banking websites

All this isn't just hype! There are reports of users connecting to unsecured Wi-Fi networks around the globe, often with devastating consequences for their users. 

  • Tourist attractions: Some of the most unsecured Wi-Fi networks can be found at popular tourist attractions and destinations around the world. A 2015 report by Skycure (now owned by Symantec) listed some of the riskiest tourist locations for Public Wi-Fi including Times Square, Notre Dame Cathedral & EuroDisney.  
  • On-board airplanes: Airplanes are a goldmine for hackers & data thieves. In 2016, there was quite a stir when a journalist was hacked while using American Airlines’ in-flight GoGo Wi-Fi on-board a plane. The hacker revealed details of what he the journalist working on, compromising the story as well as alarming all who heard about it. This incident proved just how quick and easy hacking in-flight Wi-Fi was. A 2022 study by Necrum Security Labs showed that many airlines use outdated WiFi equipment, which contains serious vulnerabilities. In 2015, a Google Security researcher also discovered that the aforementioned GoGo Inflight Internet provider were issuing their own SSL Certificates to impersonate Google’s websites. This is another type of “Man in the Middle” attack & is particularly worrying, as usually when you access a website using SSL/TLS on public Wi-Fi, you can be sure your data’s safe as it’s encrypted. 
  • Public buses: The city of Sydney Australia, recently announced plans to offer Wi-Fi on-board all public buses. But this Wi-Fi comes with a catch – it will collect and sell personal user information. While this risk doesn't occur because the Wi-Fi is insecure, it's another privacy violation that users need to be aware of on Wi-Fi. If this surprises you, you may be shocked to learn that many free Wi-Fi providers offset the cost of running their hotspots by selling off the personal data of their users. GDPR has made this more difficult to do in the EU in the past few years but this is difficult to enforce. 

Ignorance is not bliss

According to a study conducted by the Identity Theft Resource Center, about 40% of people were unconcerned about using public Wi-Fi. Of those who were worried, less than half took steps to secure their connection on these networks. This is very concerning, considering the activities that most frequently take place on public Wi-Fi:

  • Checking personal email accounts (including logging in)
  • Using social media (including logging in)
  • Accessing banking or financial information

What’s even more concerning is people's willingness to use these networks, despite being aware of the risks. A McAfee poll revealed that a large percentage of people - 38% - still opt to use free unsecured Wi-Fi. Combine that with a statistic from the AARP’s Convenience Versus Security report that “A quarter of the adults who use the Internet access it via public Wi-Fi once a week or more,” 

A 2019 cybersecurity revealed a staggering 45% of working American adults trusted the public Wi-Fi network of a frequented public location. 

This should give you an idea of how common using unsecured networks is.

Protecting yourself on public Wi-Fi

All of this is very unsettling, especially for those who have never considered the risks of public Wi-Fi before. But you don't have to avoid Wi-Fi networks or accept the inevitability of privacy risks – there are things you can do!

While there are several ways to protect yourself when using a Wi-Fi network, one way beats the rest – using a VPN

A VPN encrypts your Internet connection to secure it and protect your privacy. When connecting with a VPN, no one – not your Internet Service Provider, your business/network owner nor any third-party hacker or snoop – can see the information you send over the network. This is extremely important when using unsecured Wifi, as anyone can read the data packets your device sends and receives: if they’re encrypted, they won’t be of any use to hackers. 

Take some time to read through our guide to the very best VPN providers available today.

Besides subscribing to a reliable VPN provider & connecting to their service each time you use Wifi, there are several other precautions you can take:

  • Think before connecting: Don't be tempted to connect to the very first “free” Wi-Fi network you see. Check with the site owner to make sure it’s the right one. If there are T&Cs to which you need to agree before using their service, make sure to read them carefully. 
  • Configure network settings: Most modern devices allow you to change your network connection settings to tell the system that you’re on a public Wi-Fi network, to which anyone can connect. This makes your device much harder for others to see on the network. 
  • Use a firewall: Many modern devices & operating systems come with a firewall already set up but take some time to check yours is switched on. If you don’t have reliable firewall software, read through our guide to the best firewalls of 2024.
  • Use HTTPS: If, for some reason, you can’t use a VPN then at least make sure you access 'secure' versions of websites. It’s usually very easy to tell if your connection is protected by HTTPS as the web address will begin “https://” and you’ll see a padlock icon in the address bar.
  • Use two-factor authentication: 2FA, also known as “two step” verification means that each time you connect to a website or online service for the first time, you’ll be asked to enter a code along with your password. The code is usually generated by a special authenticator app but sometimes can be done by SMS too. That way even if a hacker steals your username & password they can’t access your account.
  • Switch off auto-connect: Most devices like to save you the trouble of having to manually enter your network settings & connect to wireless networks, so will automatically connect to Wi-Fi hotspots they’ve previously encountered. This could mean your device connects without you knowing & leave your data at risk. Contact your device manufacturer for help with disabling the ‘auto-connect’ feature. Alternatively you can just tell your device to ‘forget’ wireless networks altogether after you’ve finished using them.

Bottom line

Whilst there are many threats out there that come from using WiFi networks outside your home or workplace almost all of them can be avoided by doing one thing: using a reliable VPN service.

If your data is encrypted, including the DNS requests that you make to visit websites, an attacker won’t be able to know which sites you’re visiting, what information you read & enter, as well as what internet-applications you use.

Some VPN providers can even help with features like firewalls & anti-malware software, and with the quality of some cheap VPN providers, staying safe when you're out and about doesn't have to cost the world.

Desire Athow
Managing Editor, TechRadar Pro

Désiré has been musing and writing about technology during a career spanning four decades. He dabbled in website builders and web hosting when DHTML and frames were in vogue and started narrating about the impact of technology on society just before the start of the Y2K hysteria at the turn of the last millennium.

With contributions from