I want tips on how to stay secure when connecting to public Wi-Fi networks. Whether it is at a coffee shop or an airport, I know these networks can be risky. I have read that using a VPN is essential but I am curious if there are any other strategies I should use to make sure my data is protected.
should I avoid logging into sensitive accounts or making purchases while on these networks? Is HTTPS enough or should I be doing more? I have also heard of people using security tools like the splunk tool to monitor for suspicious activity when connected to these networks has anyone tried this??
Use your own encrypted DNS-Provider or your VPN DNS. But don’t use the DNS you get from the open Network.
Activate your firewall and check if local (the local wifi network) network isn’t allowed to connect to your device.
Use A VPN with a Kill switch enabled and if your Provider supports it enable something like Mullvad Lockdown mode aka. always on VPN.
In addition I would avoid turning on Bluetooth or NFC (disable it if you can)
Is HTTPS enough or should I be doing more?
Not really since the DNS-request could be read and manipulated (if you don’t use encrypted DNS) in addittion the Client hello of an https connection is not encrypted, so it is possible to to see or manipulate the website you visit even with DoH.
Edit:
In addition I would also try to ensure that MFA is everywhere active and nobody looks over your shoulders while you type your passwords.
I’d note that the VPN can cover pretty much all of those things. Proton VPN can block LAN connections (although it seems perhaps not on all platforms), provides a kill switch and a VPN would almost always uses its own DNS service much like your ISP would.
So finding a good VPN provider with the correct settings is a useful way to cover most of the potential problems.
I have come across networks where I struggle to connect to VPN’s (Proton and Windscribe on free tiers as I rarely use VPN). It’s unclear whether they’re actively blocking them or if there is some other issue where they just didn’t bother setting everything up very well.
My go to in that case is often using Cloudflare 1.1.1.1 Warp. I don’t expect the same protection from it, but it does at minimum provide a DNS and pushes much of the network traffic to Cloudflare making it more secure. I’ve also “suddenly” been able to connect to and switch to VPN once Cloudflare was active.
Two remaining problems are http traffic, which has no inherent security and could easily be tampered with and what anyone around you can physically see on your keyboard and screen.
I think it depends what you’re trying to hide. With HTTPS, the network (and potentially hackers) can see which sites you’re visiting, but not much else.
With a VPN, they can only really see you’re connecting to a VPN. Either ways, with modern banking applications you should be fine on public wifi for security purposes unless your threat model is fairly high.
What is a problem though is the companies running these hotspots selling usage data, and potentially tracking your activity through you interacting with these wifi networks. MAC address randomisation should partially protect against this.
I would say for places like libraries, that the threat isn’t so much the library, (we 1. don’t care and 2. have no reason to monitor your traffic unless we see a boob on screen,) but from others. Our software on public computers is generally hardened to prevent viruses/malware/etc. and the wifi is about as secure as you can get in pubic, but still.
That said, we do actively block Proton VPN at least at the free tier. I know this because I’ve tried.
Orbot will usually work with a bridge, (then you have to trust the Onion Network, but that’s another matter,) and thus far MullvadVPN has worked without a hitch.
As to McDonald’s or Walmart or whatever, what’s above sounds about right.
