Free public Wi-Fi is a handy way to get online without using up your monthly data allowance, and sometimes the only way if you have a laptop or tablet. But public Wi-Fi isn’t safe. We explain why, and as well as how you can make it safe.
Coffee shops seem to have become the open plan office of the 21st century. Visit any branch of Starbucks and the chances are you’ll be met with a sea of laptops, iPads, and people using their phones. But while people might feel that their table is a nice little private island, the truth is that public Wi-Fi isn’t secure, which means it’s relatively easy for someone to hack your connection and see what you’re up to.
Why public Wi-Fi is not safe
Free Wi-Fi has a hidden cost: security. While the idea of being able to roam around a city, connecting to several public Wi-Fi hotspots without paying is certainly a convenient one, the problem is that these networks are not encrypted.
In order to make public Wi-Fi easy to use, hotspots generally don’t require a password to connect. Then, once connected a web page usually pops up asking you to enter an email address, or even just click a ‘Connect’ button.
The problem with this is that the connection between your device and hotspot is not encrypted. So some data will be sent in plain text, meaning that anyone with relatively basic equipment can sit in range of the same hotspot and spy on anyone using it.
Worse, they could set up their own hotspot and call it something like “Starbucks WiFi”. People would then connect to it without question, giving the criminal easy access to all unencrypted data.
What are the dangers of using free Wi-Fi?
These ‘spoof’ networks look real and allow you to access the internet as you would normally, but everything you do is being watched and logged. It won’t be long before you’re prompted to download something innocent looking (which of course will be malware), or to confirm your login details to a secure site (say your bank or PayPal account) and then the criminals have their prize.
Another danger is that the provider of free Wi-Fi doesn’t store your details securely. Indeed, just recently 10,000 people in the UK had their personal and travel details leaked online because the database they were held in on an Amazon server wasn’t even protected by a password.
Also, when you log on to any network your device will store those details so that it will be able to automatically connect again whenever you’re in range of the network.
For trusted networks like your home and office networks this is fine, but when you’re out and about this can become a serious weakness. It’s easy enough to set up a fake network with the same name as a well-known public service and your phone will then connect automatically even if it’s in your pocket.
How can I make public Wi-Fi safe?
The answer is surprisingly simple: use a VPN.
A Virtual Private Network (VPN) creates an encrypted connection between your device and a secure server online. If this sounds complicated, it really isn’t. Just install the VPN app and then enter your login details – created during setup if you’re a new user. Almost all VPN apps have a quick connect button which picks the closest or fastest server and it takes only a few seconds to connect.
The best apps have an option in the settings to automatically connect whenever your phone connects to public (unsecure) Wi-Fi, so you’re protected even if you forget to enable the VPN.
There are many providers and a wealth of choice, but you’ll find a comprehensive buying guide and our recommendations in our roundup of the best VPNs.
Two of the services are NordVPN and ExpressVPN.
Of course, the ideal solution would be for hotspot providers to enable encryption on their service, but this isn’t as simple as it sounds. As always, the biggest threat to security lies in the need for convenience. Most of these locations are casual-use spaces for customers, meaning that they want to log on and off quickly and without fuss. Having to enter a password (or worse, a username and password) to access an encrypted hotspot might prove just too much effort for many people. But some hotels, restaurants and other establishments already use encrypted Wi-Fi: you’ll just have to ask for the password if it isn’t displayed somewhere obvious.
But in many cases, the responsibility to protect personal data lies firmly in your own hands.
One option is to simply avoid using any website or app where sensitive data is used while on public Wi-Fi. But this is inconvenient, so an alternative is to use mobile data on your phone instead of public Wi-Fi. That’s an encrypted connection, and you can usually enable a personal hotspot so you can share that internet connection with a laptop, tablet or other devices.
It’s worth noting that some apps will use encryption even if the Wi-Fi connection is unencrypted. Banking apps are a good example: there’s no need to use VPN service on top, and in some cases using a VPN will actually prevent you from using your bank’s app. There are also encrypted messaging apps, and encrypted email services.
Related articles for further reading
Author: Jim Martin, Executive Editor
Jim has been testing and reviewing products for over 20 years. His main beats include VPN services and antivirus. He also covers smart home tech, mesh Wi-Fi and electric bikes.