This is the bottom line: random people will no longer poke around about your activities on public WiFi, but it would be possible for a malicious hotspot for hell lots of bad things to do. Using a VPN on a public Wi-Fi network or avoiding public Wi-Fi in favor of your mobile data network is more secure.
Why public Wi-Fi is more secure than ever
General HTTPS encryption on the Internet has solved the biggest security issue with public Wi-Fi. Before HTTPS was widespread, most websites used unencrypted HTTP. If you had access to a standard website via public Wi-Fi over HTTP, other people on the network could view your traffic, view the exact webpage you were viewing, and check any messages and other data you sent.
Worse, the public Wi-Fi hotspot itself could launch a "man in the middle" attack and change the webpage & # 39; s sent to you. The hotspot can change any webpage or other content accessed via HTTP. If you downloaded software via HTTP, a malicious public Wi-Fi hotspot can give you malware instead.
HTTPS is now widespread and web browsers notice traditional HTTP sites "not being secure". If you connect to a public Wi-Fi Fi network and access websites via HTTPS, other people in the public Wi-Fi network can see the domain name of the site you are connected to (for example, howtogeek.com), but that is it. They can't see the specific webpage you're viewing, and they certainly can't mess with anything on the HTTPS site that is on the move.
The amount of data people can browse around has dropped considerably, and it would be harder for even a malicious WiFi network to mess with your traffic.
RELATED: Why does Google Chrome say that websites are "not safe"?
Browsing Is Still Possible
Although public WiFi is now much more private, it is still not completely private. For example, if you surf the Internet, you may end up on an HTTP site. A malicious hotspot may have tampered with that webpage while it was sent to you, and other people in the public Wi-Fi network might check your communication with that site – which webpage you are viewing, the exact content of the webpage you are viewing , and all messages or other data that you upload.
Even with HTTPS, there is still some snooping potential. Encrypted DNS is not yet widespread, so other devices in the network can see your device's DNS requests. When you connect to a website, your device contacts the configured DNS server over the network and finds the IP address associated with a website. In other words, if you are connected to a public Wi-Fi network and surf the Internet, someone else in the area can check which websites you visit.
However, Snooper cannot see the specific web page & # 39; s you load on that HTTPS site. For example, they would know that you were connected to howtogeek.com but not what article you were reading. They might also see some other information, such as the amount of data being transferred back and forth – but not the content of the data.
There are still security risks on public WiFi
There are also other potential security risks associated with public Wi-Fi.
A malicious Wi-Fi hotspot can redirect you to malicious websites. If you connect to a malicious Wi-Fi hotspot and try to connect to bankofamerica.com, this can redirect you to the address of a phishing site that acts as your real bank. The hotspot can perform a "man in the middle" attack, where the real bankofamerica.com is loaded and you get a copy of it via HTTP. When you log in, you send your login details to the malicious hotspot, which they could capture.
That phishing site would not be an HTTPS site, but would you really notice the HTTP in the address bar of your browser? Techniques such as HTTP Strict Transport Security (HSTS) enable websites to tell web browsers that they should only connect via HTTPS and never have to use HTTP, but not every website uses it.
Apps can also be a problem in general – do all apps on your smartphone validate certificates correctly? Is every application on your computer configured to transfer data over the background via HTTPS, or do some applications automatically use HTTP instead? In theory, applications must validate certificates correctly and avoid HTTP in favor of HTTPS. In practice, it would be difficult to confirm that each app behaves correctly.
Other devices on the network can also be a problem. For example, if you use a computer or other device with unpaired security holes, your device may be attacked by other devices on the network. That is why Windows PCs are equipped with a firewall as standard and why that firewall is more restrictive when you tell Windows that you are connected to public Wi-Fi instead of a private Wi-Fi network. If you tell the computer that you are connected to a private network, your shared network folders can be made available to other computers on the public WiFi.
How you can protect yourself anyway
While public WiFi is more secure and more private than before, the security photo is still messier than we would like.
For maximum protection on public Wi-Fi networks, we still recommend a VPN. When you use a VPN, you connect to a single VPN server and all traffic from your system is routed to the server through an encrypted tunnel. The public Wi-Fi network that you connect to sees a single connection: your VPN connection. Nobody can even see which websites you connect to.
That's a big reason why companies use VPNs (virtual private networks). If your organization makes one available to you, you should seriously consider connecting to it when you are on public Wi-Fi networks. However, you can pay for a VPN service and direct your traffic there if you use networks that you do not fully trust.
You can also completely skip public Wi-Fi networks. For example, if you have a mobile data plan with wireless hotspot (tethering) and a solid mobile connection, you can publicly connect your laptop to your phone's hotspot and avoid potential problems with public WiFi.
RELATED: What is a VPN and why should I need one?