CREDO Tip: 6 ways to protect your privacy on public WiFi

Using public WiFi – at a cafe, the airport or a hotel lobby – is a free and easy way to get online (and save your mobile data) when you’re not at home or work. You can play games, watch videos or read the news.

But any activity that involves more personal information – like checking your email or viewing your bank account – can put you at risk of privacy invasion or identity theft.

To protect yourself when you log onto a public WiFi hotspot, here are six steps you can take. 

1. Don’t access any sensitive data on a public WiFi connection

Don’t log into your bank’s website and check your balance when you’re at the airport cafe. Don’t go to your credit card’s website to pay your bill when you’re in the hotel lobby. Don’t shop online. The risk is not worth the convenience.

2. Use a VPN

A VPN (virtual private network) provides a secure channel for all the information traveling back and forth from your device. It’s by far the best way to ensure privacy on a public WiFi network.

When you use a VPN app on your phone or computer, you don’t connect directly to the websites you visit, you connect first to the VPN’s servers, which routes you to the sites. Your communication is secured with a variety of encryption technologies, so no one can see your online activity.

Of course, the VPN provider can see your activity, so you should look for a VPN app with a no-logging policy, which means that the provider won’t store a record of what you do online. You should also look for a VPN that charges for its service (most are around $10 a month). VPNs are expensive to operate, and you don’t know how free VPNs support themselves – maybe they do it by selling your data.

A VPN is easy to use. Just switch it on, and it will secure all your internet activity on your device, whether you’re using a web browser or an internet-connected app like Facebook.

Here is CNET’s 2019 list of 10 good VPN apps for your phone. All of them charge a monthly fee.

You can also read about some VPN recommendations on our previous blog post 3 Ways to Boost Your Privacy on an Android Phone.

3. Watch out for fake WiFi networks

Only use WiFi networks that are operated by the location you’re visiting. Be alert to and avoid networks that have names similar to legitimate networks, like “Free Airport WiFi” or “Public WiFi.” Ask an employee the name of the location’s network and use that one.

If you connect to one of these “honeypots,” as they’re known, everything you do online can be monitored by the person who set up the fake network. These networks can also be used to distribute malware, which is a threat to your personal information.

One red flag is a very slow public WiFi network. There’s a chance the network is slow because it’s fake. You haven’t connected to the legitimate WiFi router or you’ve connected to a device that’s posing as the legitimate router. The speed is slow because your data is being routed through that device, which is skimming your data as it passes through.

4. Enable two-factor authentication

If you do visit websites that require a password – your banking site or any other site that holds your private information – enable two-factor authentication (2FA) if the site offers it. In fact, you should probably enable two-factor authentication on most sites that offer it, like your bank, social media accounts and email provider.

In addition to your password, 2FA requires that a second element be entered before you can log into a site. For example, if you enable 2FA on your bank’s site, your bank will email you a code or text one to your phone that you’ll enter to complete your log in.

If you use 2FA, hackers can’t log into your bank account or credit card account even if they do manage to steal your password. In turn, you can be sure you’re dealing with a legitimate website, not a fake site, because you’ve received your code.

5. Keep your OS up to date

Operating system updates deliver new features to your phone but they also deliver new security measures that protect you from cybercrime.

Yes, it can take time to install these updates. But don’t postpone them for too long. You may place yourself at risk. When your Android or iPhone notifies you that an update is available, install it as soon as you can.

6. Avoid sites that don’t use encryption

Public WiFi is more secure than it used to be because encryption is now widespread on the internet. Google, for example, says almost 95% of traffic on its Chrome browser is encrypted. That little padlock icon and the “https” you see in front of most URLs means any data sent between you and the websites you visit is protected from malicious actors.

But this doesn’t mean you’re always safe. Some older mobile devices don’t support encryption. Even on a modern mobile device, it’s often hard to see if a URL is accompanied by “https” – or impossible, since many apps don’t display URLs at all.

And although the majority of websites are now encrypted, many still are not, even popular sites. Google reports that of the busiest 100 non-Google sites on the internet, which account for around a quarter of all website traffic worldwide, only 90 default to HTTPS encryption.