How to stay safe on public WiFi
Nothing is private on open WiFi
By Steven Andrés | PC World | Published: 16:33, 15 April 2010
Picture this: You're at a café with your laptop and latte in hand, getting ready to review new sales leads and the quarterly financial projections. First you hop on the free Wi-Fi that the shop's management provides. Then you connect your laptop to a projector so that the entire café can take a look, and finally you hand out some printed copies of your confidential product specifications to the other patrons so that they can follow along.
That may sound ridiculous, but if you're using public-access Wi-Fi without taking the proper precautions, you might as well be asking your coffee compatriots to partake in confidential company information.
Nothing Is Private on Open Wi-Fi
Today, most tech users know how (and why) to secure their home wireless routers. Windows 7 and Vista now pop up a dialog box to warn you when you're connecting to unencrypted wireless networks.
Related Articles on Techworld
In a coffee shop, an airport lounge, or a library, however, people frequently connect without thinking twice--and though using an unencrypted connection to check a baseball score or a flight status might be acceptable, reading e-mail or performing any Web activity that requires a login is akin to using your speaker phone in the middle of a crowd.
So why don't all businesses encrypt their Wi-Fi networks? The answer lies in the difficult key distribution system in the IEEE 802.11 design specification: To encrypt traffic, the network owner or manager needs to select a password, also known as a "network key." The arrangement requires one password per network, shared among all users whether the owner has selected the less secure, outdated WEP or the more secure WPA or WPA2.
At home, all you have to do is set it up once, tell your family the password, and surf worry-free from a poolside lounge chair. In a coffee shop, the barista would have to tell each patron the password (or the 26-character hexadecimal WEP key) and perhaps even troubleshoot their connection--definitely not a chore that your typical java slinger would relish. In that situation, nothing beats a blank password for ease of use.
Even if the network is encrypted, however, you're still not completely safe. Once your computer knows the password, your communication is safe only from people who aren't on the network; all the other diners in the café can see your traffic because they are using the same password.
Your Personal Business Is Your Competitors' Business
But what if you think that your data isn't important enough for someone to snoop on? Perhaps you're just browsing Websites, not logging in to any e-mail systems or Web applications that require passwords. You should be safe then, right? Not necessarily.
Imagine you're on airport Wi-Fi while you're returning from an industry trade show. Instead of checking the hundreds of e-mail messages waiting for you (unlikely, right?), you decide to browse your competitors' Websites, looking for ideas. Or maybe you elect to research potential acquisition targets.