Public Wi-Fi is pretty great, but it’s far from secure and rarely private. Understanding what information you share with whom helps you use Wi-Fi more efficiently, reduces your risk of cyber attacks, and lets you configure your device according to your preferences.
MAC addresses can be used to identify your device
Whenever you connect to a Wi-Fi spot your phone gives away its MAC address. Every network interface has such an address, which is used to identify you as a repeated user of a certain network. It can also be used to identify you across separate networks.
Starting with the iOS 8, Apple devices have begun broadcasting a fake, randomized MAC address that makes the practice of tracing users more difficult. It is, however, still possible to identify your device as an iOS device. The operating system TAILS also randomizes MAC addresses by default.
MAC addresses can also be used to increase the security of your home or office Wi-Fi. You identify the devices that you permit on your network by their MAC address, and then whitelist those devices, essentially blocking all unknown devices from your network.
Your phone will also likely transmit its name to the Wi-Fi access point. By default, this is often either a description of the phone, the name you entered when you set the phone up or a combination of the two, such as “Patricia’s iPhone”. You can remove or change this name in your device’s settings.
The Wi-Fi router can read your data as it passes through the router
After you’ve connected to a Wi-Fi network, it’s important to keep in mind that the router can read all data that passes through it. This always includes the destination IP of all your traffic. This allows the operator of the Wi-Fi to get a good idea of what services each device is using and which sites everyone on the network is visiting.
If the connection is not encrypted using TLS (as indicated by a lock in the address bar), the network operator can also see the content of this traffic. This includes emails, chats, passwords, and other personal information. It’s important to always check for TLS and to never transmit any sensitive information via an unencrypted connection.
Using a VPN or Tor eliminates the network provider’s ability to read your traffic, although they might still make estimates on the amount of data you are consuming. Tor, however, will only protect your web traffic while a VPN will encrypt all traffic going to and from your device.
Unencrypted Wi-Fi networks expose your traffic to everyone
There are several protocols used by Wi-Fi to encrypt traffic between the router and you. Unfortunately, not all of them are secure. In fact, many don’t use encryption at all. When you connect to a Wi-Fi access point that doesn’t require a password to connect, none of your traffic is encrypted. This means your online activities can be intercepted by anyone nearby. This is the strongest security risk you might face in public Wi-Fi, as it exposes you to attacks not just from the router but also from nearby computers. Wi-Fi networks that present a log-in screen after you connect to the router do not protect you from this threat either.
This risk is particularly applicable to public and free Wi-Fi access points, such as parks, airports, or coffee shops. When setting up your own Wi-Fi–no matter if you’re at home or in a public location–remember to always set a passport, and choose a secure protocol in the set-up, preferably WPA2.
Using a VPN will protect you from this threat, and on unencrypted Wi-Fi networks, it becomes especially important to use them. Make sure your VPN uses a protocol with good encryption, such as OpenVPN or IPSec.
The Wi-Fi network can guess your location within a building
By using the signal strength of your device over time and in comparison to other devices, the operator of a Wi-Fi access point can make a good guess as to where you are. While this can be used to track your movements inside a building or in public space, this information can become highly powerful when connected to other data they’re able to glean from your connection, such as purchase records at stores or CCTV feeds.
This allows the owner of the building to connect an IP to a credit card number, or even a face. To defend against that is more difficult, especially if you spend a lot of time on the network. Ideally, you will always try to blend in with the crowd. Don’t stay longer than other people in a café, and don’t disappear into a corner of a building that is entirely empty. It can also be in your best interest to find spots that aren’t under video surveillance, but that’s not always easy.
In any case, do not make purchases with your credit card when trying to protect your identity. Pay in cash, and do not use apps like Uber to get to or from your location.
Automatically connecting to a network can be dangerous
As long as the Wi-Fi of your mobile device is turned on, it is constantly listening to the networks it can find and will try to connect to those it connected to before. But the only way of telling whether it has connected to a network before or not is the network’s name, and that can easily be spoofed.
There is no guarantee that a Wi-Fi network called ‘Starbucks’ is actually operated by Starbucks. In fact, anyone can easily set up a malicious network of that name, making it so that all devices passing by that usually connect to Starbucks Wi-Fi will automatically connect.
Once connected, the device reveals its name to the router, and some of the services you use might potentially automatically activate. If unencrypted, this information can be read by the operator of the Wi-Fi network and others around you.
Learn more about the dangers of mobile Wi-Fi with these articles: