ITP Techblog

At the airport, in the café, or anywhere there is public Wifi, is it safe to login? Can you send a sensitive file or check your bank account without concern? Or is it better to wait until you are back in the office or at home, or use your mobile data instead?

Mostly I give public Wifi a swerve. But an article this weekend in the Wall Street Journal by its personal technology columnist David Pierce has prompted me to rethink my caution. According to Pierce networks, devices, and the internet itself, have become more secure.

Pierce reckons that when using public Wifi in a café, while you aren't "totally safe", you are more likely to become a victim of an online phishing scam then from a "hungry hacker" sitting next to you. He does make the disclaimer that he is only referring to the situation in the US, and that it might be different in other countries.

So, I got in touch with Giovanni Russello, Associate Professor at Auckland University, who heads its Cyber Security Foundry, to get his views. Seems we can't quite throw caution to wind just yet.

"All the points (see 'tips' below) made by the WSJ makes sense and are correct. The main issue would be to find yourself using a "cloned" network or the 'evil twin' as they call it," he says.

The 'evil twin' is where a legit-looking network is set up to trick people into allowing access to their device. The advice is to make sure you click onto the real network by ensuring you have the correct name of the Wifi network you want to access.

"My suggestion is not to access sensitive websites when you are on a public network. Basically use a zero trust approach," Russello says.

Here are the WSJ's tips for staying safe online:

• Always check that lock (in the web address) to make sure the site you are on uses HTTPS, particularly when it's a bank or involving sensitive information.
• If you aren't confident in your current location, use your mobile data instead, or use a virtual private network, aka VPN.
• To avoid phishing attacks, type in your bank's website or use its official app, rather than clicking on a link to the site from your email.
• Keep your devices and apps up to date.
• Use a password manager-along with two-factor authentication-and never re-use a password (seriously!).

Another thing to watch for according to the WSJ, isn't about security, it's about privacy. When you click onto the Wifi and agree to their terms and conditions, you may be agreeing to let the network collect data about you, and your internet activity. In the WSJ article, the writer notes that this data could be used for advertising or market, and in one store's public WiFi terms of use he found the following all-caps warning: "YOU DO NOT HAVE AN EXPECTATION OF PRIVACY OR CONFIDENTIALITY WHEN USING THE SERVICE."

Here's Russello's response: "About the privacy issue: sure, the network might collect your location, website you are accessing but they cannot see the data that you are exchanging with a website using HTTPS. For instance, they might see that you are pointing your browser to a Gmail account but once you have authenticated then there is no way that the network provider can see the content of your emails," he says.

"There is a similar situation with the Tube in London: they are providing free Wifi through their network but if you do not want your device to be tracked then you need to turn it off (I mean the whole device)."

Nadia Yousef, Assistant Operations Manager, CERT NZ has a similar view: "Open Wifi networks are 'untrusted', that means that when you're using them it's possible that others could see what you're doing. That includes the sites you're accessing and can include the information that you're typing into them like login details and passwords," she says.

"Sometimes it's necessary or more convenient to use these sorts of Wifi networks, particularly when you're travelling so we recommend you limit the information you access and share while using it. It's okay to do things like checking the news or the weather, but try to keep any other use to a minimum. For example, don't use free WiFi for online shopping or internet banking.

"It's also important to make sure that you've got two-factor authentication turned on for your accounts where it's available. It's good protection in general, and it gives you another layer of protection if you're in a position where you need to use an unsecured network like public Wifi."