Mobile Internet access presents serious privacy problems. Public Wi-Fi uses protocols that don’t keep people’s data private. Interception and spoofing aren’t even hard. Snoopers can learn what sites you’re visiting and what data you’re exchanging with them. In some cases, they can alter the data en route. They can redirect you to dangerous sites and trick you into revealing personal information. They may be able to get at your bank accounts and buy things with your money.
A VPN is a necessary part of a complete privacy toolkit. The level of use is growing steadily. They aren’t just for getting around censorship and accessing blocked sites. They’re tools for protection from the criminals who target everybody. Today, HTTPS is an essential part of Internet security, but not every site uses it. In the future, a VPN will be considered just as necessary, and they give users more control over their own privacy.
Table of Contents
The risks of public Wi-Fi
A public Wi-Fi site, such as one in a shopping mall or airport, generally uses unencrypted access. Some of them use WPA2, which offers a reasonable level of security, but it’s so complicated for the user that most of them don’t. Unencrypted access is simpler since it doesn’t require a password. It’s also totally insecure.
Notice what happens when you first use one of those hotspots. Instead of getting the page you expected, you see a page introducing the public service and asking you to accept its terms. What it’s doing is hijacking your connection in order to introduce itself. The purpose is benign, but it’s a reminder that the hotspot can redirect your access at will.
That’s the least of the risks. The real problems are that you’re sending and receiving data without any protection. It’s a simple matter to intercept and read it. Your HTTPS data is encrypted, but not all sites give you that protection, and they may not encrypt all of the content.
Spoofing a hotspot is just a matter of setting up another one and giving it the same SSID. It can not only read people’s data, but it can also alter it in both directions. It can use a bogus DNS server to redirect people to fake sites.
Even if a site uses secure WPA2 connections, there are significant risks. A public site has to give out its password to be usable. A spoofer can then duplicate both the SSID and the password. People not only will be fooled, but they’ll also have the illusion of a secure connection.
Cellular access is much safer than Wi-Fi. Unfortunately, it’s not available on every device. The service isn’t always reachable. When it is, the signal may be weak or intermittent. Most people have data caps on their service, so they prefer to limit their cell usage. Finally, there’s the question of how much you trust your cellular provider.
HTTPS sites provide a secure connection even through an insecure channel. The protocol is central to Internet security. Unfortunately, not every site uses it. An unprotected site is vulnerable to man-in-the-middle attacks, altering its content and falsifying links. It can be a stepping stone to impersonating secure sites. HTTPS does no good if you’ve been tricked into visiting the wrong site.
WPA3 promises to improve the security of public Wi-Fi, allowing encrypted access. However, it isn’t available yet, and it won’t be universal until everyone upgrades their devices. It doesn’t solve the SSID spoofing problem.
If people use Wi-Fi, they need something to make it safer.
Other privacy considerations
Apart from Wi-Fi security issues, it’s not a given that people can always trust their own ISP for privacy. It might gather information on users’ browsing habits for marketing purposes. Many people don’t think this is a huge deal, but researchers often feel uncomfortable about it. When they’re researching sensitive topics, such as terrorism and sexual abuse, they don’t like the feeling that someone is looking over their shoulder, turning their research into ad topics.
Many people go through their local cable or telephone company because it’s their only choice. Its privacy policy could be terrible, but what are they going to do about it? The providers know their customers don’t have much choice, so there isn’t a strong incentive to offer them strong guarantees.
The VPN alternative
When you use a trustworthy virtual private network, your communications are encrypted through any Wi-Fi connection and service provider you use. VPN providers are in the business of selling privacy, so they have an incentive to guarantee it in writing.
The market is growing steadily. It’s expected to hit $35.73 billion in 2022, more than double what it was in 2016. The number of choices is growing even faster than the dollar amount. Big companies are getting into the business.
This doesn’t mean you can pick a VPN at random and expect privacy. The provider has access to all the data you send through it, and it can abuse that ability. A no-name, free service isn’t a safe choice by any stretch. Even large companies’ services are no better than their privacy guarantees. Facebook’s Onavo VPN scoops up user data wholesale, and Facebook was forced to withdraw it from the Apple App Store.
The right approach is to look at several offerings, read their privacy policies, and look at their reviews. A business which states it will respect users’ privacy and has a reputation for living up to its words is the right choice.
VPNs of the future
A few years ago, people knew nothing about VPNs, or they thought of them just as a way to telecommute. Today they’re much more familiar as a way to bypass site blocking and keep communications private. As privacy concerns multiply, this trend is sure to continue. Phones and tablets may start to display strong warnings when users connect to unprotected access points. People will become more aware of the risks.
Smart users will take it for granted that they need a VPN to use mobile hotspots safely. They’ll shop carefully and pick one that gives them real privacy. They’ll be able to connect from anywhere and be confident no one is snooping on them.