How do you stay safe on public WiFi?

We’ve seen some ‘coffee-spot lists’ websites popping in, a lot of them consider wifi signal quality, some of them measure internet speeds. But i didn’t see nobody considering Wifi AP safety.

If we consider co-working spaces, we would think that it should be safe to use internet there. But coffee shop are a different deal, especially while traveling in less touristy places. I would like to encourage community to gather a ‘Digital Nomad wifi access point safety checklist’.

Doing work an a road we should consider safety of our computer. It’s not just a matter of your personal data, usually clients and company could be involved. I really hope everyone uses secure connection at least over the VPN while you guys are working.

There are very easy measures to avoid ‘men-in-the-middle’ attacks and other nastyness. Lets list all the checks we can run against Access Point to verify it security at some level.

I’ll start:
– Go to access point login screen and verify that it’s impossible to login with default passwords.
– Don’t use wifi with WEP!

2 Likes

The annoying thing about nomad-friendly spots with wifi is that the majority of them are open access points. I’d rather jump on a WEP connection than a connection with no authentication whatsoever. If you were to avoid APs that were insecure, you’d knock out half of the ones Nomad use in Asia.

VPN, firewall yourself, block off ports and make sure nobody shoulder-surfs you when using passwords.

I swear by VPNs - plus as an added bonus, if you’re in a country with rubbish internet, a VPN may actually speed up the connection.

FWIW, my Chiang Mai coffee-spot list has AP security listed on it :wink:

1 Like

+1 to @gums’ comments regarding VPN, firewall, etc.

We aren’t currently listing more details of wifi APs on cafes4nomads.com while we focus on the info more people are looking for while we have limited resources to work on the site. Another reason is that cafes or other spots to work tend to change fairly often in many areas, so our information would likely become out of date rather quickly. Hopefully some of the features I have planned for our site will help in this area as well. :slight_smile:

I think that if AP security is that vital for you (beyond securing your connection, system, etc), then you won’t be using cafes’ internet anyway and will likely have your own 3G/4G secured connection.

Yup. It’s all about a VPN. I use GetCloak. Others swear by TunnelBear.

Cloak App for Mac is a great way to browse securely.
It works seamlessly in the background with relatively fast automatic connections.

2 Likes

It’s also only a few dollars per month with a couple month free trial if I remember correctly (Y)

I recently switched from Private Tunnel (OpenVPN’s pay as you go product) to GetCloak, both are great. i’m thrilled with GetCloak for being user friendly and just stupid easy to use. Including their whitelisting of known safe SSIDs and “overcloak” that locks out non-ssl traffic until the VPN is setup.

I’ve never found a VPN that was really GOOD to use from South Asia. GetCloak from Thailand tends to connect to Japan, but I’ve bugged them about adding an server in Singapore which I think would better, especially from Indonesia. They use AWS and Linode for their data centers and I’m pretty sure both have data centers in Singapore now.

Feel free to send GetCloak a note suggesting that they add a singapore endpoint :smile:

1 Like

When you’re on the road, you’re going to end up using all sorts of dodgy networks in sketchy places. But, if you go the sorts of places where I often find myself, you’ll be grateful to have Internet access at all.

VPNs sound great in theory. In reality, you’ll be on some flaky WiFi connected to an even flakier ADSL line on a really slow network. Good luck getting or maintaining a connection over a VPN.

The upshot? Most of the time, there’s not actually a bogey man. If you monitor the WiFi of coffee shops frequented by tourists, you’re pretty much wasting your time as a hacker. What are you going to get, exactly? Skype chats with friends and family? Pictures of the beach? Governments tend to target local political dissidents and they use hostile DNS tricks and Web filtering to block material they don’t like (for example, you can’t read the Wikipedia article about the King of Thailand when you’re in Thailand–it’s blocked by the Army). And hackers tend to go after information that can be sold, focusing on businesses like banks. While you might wish that someone really cared that much about your startup, it’s not very likely. :smile:

In a lot of countries it’s pretty viable to purchase a sim card with generous / unlimited data for a pretty low cost. EG. In Thailand, I pay 400 baht ($13usd) for 1 month with 3GB of data (DTAC). There are higher packages and more options.

Combining this with a Portable WIFI Router, you can run your own secure WIFI network. I’m opting for the D-LINK AC750 but there are a few others you could use.

1 Like

Some people say that being paranoid about security whilst traveling is more trouble than its worth. I’ve had my identity stolen 4 times over the last two decades and right now I’m sitting in a cafe and noticed that someone here is scanning my ports in waves.

If a location has crap internet and VPN-ing is near impossible, they just don’t get my patronage and I’ll tell them politely. On the flip side, if they’ve got good internet, I’ll buy more from their menu and thank them for the speeds. On top of this, if the venue is one that encourages people to use their internet, I’ll leave a foursquare/yelp review including the internet quality.

The argument is that some countries will have internet so bad that VPNing is impossible - the likelihood of me working in those countries will be zero so the argument shouldn’t apply to most nomads.

The odds are low that you’ll get hit by a hacker whilst on the road - but when you do, its a huge hassle to sort out your life when you’re in an unfamiliar country.

2 Likes

Great post. You’re definitely right on all points!

Another recommendation for Get Cloak. It’s very easy to use, which is nice.

1 Like

I don’t want to take up more of your time than I have to: I’ve been using SurfEasy VPN for a while now, but am unfamiliar with blocking ports and add’l maintenance for ensuring security. Do you have any resources you swear by, other than “Network Security for Dummies?”

1 Like

Yeah! What @zakerving said!

As someone that has eavesdropped on cafe wifi networks around the world you’d be amazed how much info bleeds out on unsecured (no WPA) networks. Granted it’s not things like bank passwords directlyu, but I’m sure some of the WordPress passwords I’ve seen bleed out also get used on bank website URLs that I see coming from the same client within a 15 minute period…

I’ve never tried doing anything nefarious with that info. I stopped black hat hacking 20 year ago… I was just curious for my own self-interest what type of info really did leak out unsecured.

1 Like

@zakerving This just came through my RSS reader today. Haven’t read through it yet, but planning to. Seems like a good guide to practical security: http://www.decentsecurity.com/

1 Like

@zakerving I don’t really have any resources off hand - haven’t really needed to look at the basic stuff for decades. The best option is just to be cautious and don’t do anything stupid. As mentioned, VPNs are the best course of action. Next is to not install anything suspicious or visit suspicious websites. That means no computer piracy. Ever. Change your passwords regularly. Have two-factor authentication on anything that allows it. Use your operating system’s firewall. Make sure your software is up-to-date. Always check if that lock thing on your web browser shows that secure sites are really secure.

If you really want to learn up on this kind of stuff, check out something like Udemy - there are a bunch of courses that touch on this subject. I can’t recommend one over another though.

Look, I’d be happy to set up a VPN service and sell you guys VPNs if I thought it would actually be helpful for most people. But most people don’t need one for most things. Here’s why:

You should be using SSL/TLS to secure your email. Do this anyway, not just when you’re traveling. Gmail does this automatically.

Online banking and any important account you have is all secured by
SSL anyway. So, as long as you’re cognizant about man in the
middle attacks and don’t ignore security warnings from your browser,
you’re OK.

Google uses SSL by default. So your searches and results are
encrypted.

Facebook uses SSL by default. So your traffic is encrypted.

Twitter uses SSL by default. So your traffic is encrypted.

If you have Google Voice, two factor authentication is easy to
implement on most services that are especially sensitive. So, you
should implement it.

If there is enough demand, I will start a service called NomadVPN for people. However, I don’t think the scenario is “protect your stuff from bad people eavesdropping on WiFi.” It’s more like “get around whatever the Thai army has decided to block this week.”

Except people don’t just sit on twitter, facebook and gmail. They actually use the internet and not all of us are based in Thailand.
Hijacking SSL protected sessions is a very real thing and regardless of the security on the major sites, people are still dumb and use the same password or recovery phrase on other sites. VPNs are simply a layer of added security that will deter scripted attacks on public wifi networks.
VPNs are cheap, fast and are available from thousands of different places. If you’re not clued into the security of your own laptop, it wouldn’t hurt to work under an added layer of security for a couple of dollars a year.

I’m glad to know that I employ much of these techniques already (I figured I was just using common sense), so having this confirmed makes me feel that much safer. I’ll have to check out the courses on Udemy too. Thanks!