Lots of free WiFi everywhere, but should you partake?
One of the hallmarks of the new "digital nomad" class of workers (myself included) is that we like to stay connected all the time. Well, at least when we're working that is (sadly we tend to work all the time so…). To stay connected we digital nomads take advantage of free WiFi offered by cafes, libraries, and other places. Here's the thing about WiFi, while it's awesome, especially when it's free, if the WiFi doesn't ask for a password, then a lot of the activities you do online are open to anyone with the right software to snoop in on. Does this mean that you shouldn't use free WiFi around town? Not at all, it just means that you need to use some care and caution.
This isn't going to be an evening TV news magazine "doom, gloom, and fear" kind of article. I'm not going to give you lots of examples of people's lives being shattered using free WiFi, nor am I going to detail how to grab passwords or other sensitive information. This is reality. I use free WiFi at cafes on a regular basis. I do have some rather geeky extra defenses that I deploy, but you don't need to go that far to be safe. Before I get into protecting yourself, let's talk about what the problem is and how it works.
WiFi works on a radio-signal type band that is the same as cordless phones. You connect to a WiFi access point (or AP) by picking its name (or SSID "Station Service IDentifier") from a list that your computer gives you. PCs and Macs each do this a little differently, but the important thing is noticing a little detail: a padlock. The padlock means that to connect to the access point (and then to the Internet) you have to enter a password. This password doesn't just let you in, it also signifies that the data transferred between your machine and the router is encrypted. While the two WiFi encryption standards aren't really important here (they are WEP and WPA/WPA2), it's the effect that they have that is key. When the data coming to and from your computer and the router is encrypted, then people (like me, but with nefarious intentions) can't easily make heads or tails of what you're doing. Encrypted access points not only keep people from connecting to your network without your permission (because they need a password), but they also keep your information secure. Now, if the access point doesn't require a password to connect (the little screens that come up in your web browser don't count, those are just barriers to the Internet), then all the information transmitted between your computer and the router is unencrypted and potentially visible to people (again, like me, but nastier).
At this point you're panicking I'm sure. Fearing that the world is watching you do stuff online while you sip your $5 latte. Well, maybe but let's just take this all one piece at a time. The problem here is two parts: what are you doing online and how is that information transmitted. First if you're just browsing the CBC or the VO or stuff like that…that isn't a really big deal is it? Right. Now banking or doing other financial stuff online, this is the paying attention part. Look at the address bar of your browser … okay if what you're doing starts with https:// you're cool. The "s" signifies a secure, therefore encrypted, connection between your machine and the website. This means that the important parts of the data are shielded from prying eyes (like passwords, balances, credit card numbers). That's cool. The problem often is when you're going onto a site like Facebook is that often you stay logged in, so while the your username and password might be encrypted, once logged in everything else is not. Take sending messages or posting things on people wall's…all open. Yep I could read them if I wanted to.
So this is the key, this how to be careful online, it's knowing what to do out and about and what not to. Checking email through Gmail? All good. Gmail forces encrypted connections now 100% of the time. Banking and shopping? I try to avoid it unless I really, really need to do it right then. It might be secure during the transaction part, but the rest isn't. Facebook? Not a good idea. Making changes to your website over FTP or through your browser? Not a good idea. Not only is your connection open, but often so are your passwords. When I go somewhere there is free (and open … no password) WiFi, I make sure that any applications that are running either are connecting to the Internet securely (some applications do this natively) or I don't run them. I could try go through a laundry list of things, but that would take forever and be rather boring. So, if you're not sure…ask in the comments below.
Remember this isn't about being paranoid or never using free WiFi, it's about being smart about it. You don't walk down the street counting a wad of cash do you? You don't just leave your bags alone while you go to the washroom do you? Niether of these mean that you don't carry cash or carry a bag, it's how you do it.
Now, see, don't you feel better?