Use of public Wi-Fi hotspots has become an essential part of life for some people for browsing on the move for both work and play.
Public Wi-Fi has become almost expected and demanded these days in many countries, but is it actually safe to use on it’s own? Does using https or a VPN help with public Wi-Fi?
Let’s break the answer down into three separate parts:
- Using public Wi-Fi on it’s own with no protection is definitely not safe.
- Using public Wi-Fi with https enabled is a little safer, but can still be hacked and still not really recommended unless for very basic browsing.
- Using public Wi-Fi with a solid, reputable VPN is safe, since a good VPN is almost impossible to hack.
So the short answer is that if you are going to use public Wi-Fi, you need some sort of protection measures to keep your personal data safe, preferably with a VPN if you are accessing and using any sensitive data like passwords and payments.
The larger the network and the more strangers are connecting, the greater the risks. Fortunately there are steps we can take to make public Wi-Fi browsing more secure.
Let’s look at the issue in more detail below, firstly looking at the general security issues with using public Wi-Fi, and then examining the benefits, if any, of using https and VPNs.
The Problem With Public Wi-Fi
The problem with public Wi-Fi in a nutshell is that it tends to be set up more for convenience than security. It is mostly designed for ease of access, with the password for a public network often openly displayed so anyone in that space can easily connect to the same network. You also don’t have the freedom to customise security settings as you do on home Wi-Fi networks.
Whilst this is very convenient for on-the-move internet access the reality is that for public Wi-Fi networks you don’t know who set it up or who is connected to it. You just don’t have the same control over security and access that you do on a home Wi-Fi network, where there are usually only a couple of known trusted people accessing your router.
See here for our article on how to improve security on private home wireless networks.
Because on some public Wi-Fi networks there are many people connected to the same access point, data sent over these network is susceptible to a so called “Man in the Middle” attack, where a hacker positions themself in between you and the Wi-Fi access point.
In doing so they can ensure that they, and not the intended recipient, captures the data you send. When entering sensitive information like bank details, credit card numbers and log in passwords, then you see there is obviously a potential problem there.
Any time you are entering sensitive details like credit card numbers, usernames and passwords over public wifi you are putting that information at risk unless you adequately secure your connection
A huge security flaw in the current WPA2 Wi-Fi protocol was actually discovered by a group of Belgian researchers in the so called KRACK attack in 2017. They were able to trick an access point into thinking they were the intended recipient and not the actual device by exploiting a flaw in a security protocol that is present on most access points. See here for an excellent article that goes into the subject.
The security mainly affected Linux and Andriod devices, but also to a lesser extent Windows and Mac systems. Patches were quickly issued to rectify the issue and a newer more secure WPA3 Wi-Fi protocol was released with tighter security protocols.
For now public Wi-Fi still remains vulnerable though, especially considering that the above hack attack confirmed that data was vulnerable even if it was previously considered to be secured or encrypted. We will go into this more below but basically any public Wi-Fi browsing is most definitely not the safest way to be going online.
This can include places like:
- Hotels – a crucial security risk
- Train and bus stations and on certain trains
- University and college campuses
- Public libraries
- Shopping centres
- Any other public building with Wi-Fi
Of course there are matters of degree here. Connecting to the Wi-Fi in your small local coffee shop where you know and trust all the people there is one thing. A huge public Wi-Fi network with lots of people you don’t know connecting is another, and opens up more security risks. The larger the network and the more people are connected, the greater the security risks in general.
You could also argue that the type of browsing you are doing is relevant to how much security you need. Very basic informational browsing like checking the weather forecast or sports results is one thing; you could argue you don’t really need security for that. Even just watching videos on YouTube doesn’t really need security if you are not logging in.
But anything where you are logging into a site or entering personal details you would not want others to see does need to be secured or you could be at risk of having your personal information stolen.
We single out hotels especially because Wi-Fi security there is often the most lax of all despite having many users, especially in relaxed tourist destinations and resorts. You will often find the Wi-Fi access code for all users simply stuck on the wall or written on a notice board, which will give access to the same Wi-Fi network to anyone who uses that password.
This is a hacker’s dream as they affectively have access to the Wi-Fi browsing of potentially dozens or hundreds of people on the same hotel network, so it is a particular form of public Wi-Fi that is not very secure and open to abuse and hacking. We never recommend browsing on hotel Wi-Fi without a secure VPN connection, which we will go into more below.
Airports are also places where you have hundreds or thousands of total strangers passing through, and therefore another place where you need to secure your connection if using Wi-Fi there.
This is especially for people whose line of work involves a lot of travelling and waiting in airports; they need to be able to work but work but do so securely and the VPN solution we detail below will allow that.
Does Using The Green HTTPS Padlock Help?
There will be some people who argue that most sites that need to be secured already are through the green padlock https sign that you see on so many sites nowadays, including any sites where you need to log in or input sensitive information. The green padlock you see on your browser indicates you are already connecting over a https secure connection as opposed to standard http which is unsecured.
The green padlock HTTPS “secure” does provide more security than an unencrypted http connection, but it still has vulnerabilites and a VPN is preferable as it is more secure then even https.
This does definitely provide an additional level of security over unencrypted standard http connections, as the data is scrambled when sent and only unscrambled when received at the other end so in theory it can’t be intercepted and read in between. Https is widespread nowadays, since Google has started to give preference in ranking to sites with the green https padlock over sites that don’t have it.
However, the researchers who looked into the KRACK attack mentioned above noted that they were able to intercept data that was previously thought to be secure and encrypted through the green padlock, so even this was not a foolproof defense against traffic being intercepted over Wi-Fi.
Whilst the dangers of this happening on private Wi-Fi networks are far less as there are far fewer people connecting to each home network and all of these people are known, once you move onto public Wi-Fi networks where there are more people connecting and these people are not known, then the security risks increase.
That is why we argue that whilst the green “secure” padlock is definitely better than an unencrpyted plain text HTTP connection, it is probably still not secure enough especially for large public Wi-Fi networks.
This is where a Virtual Private Network or VPN comes in handy as a solution which can add an extra layer of security to your Wi-Fi connection.
A VPN will encrypt and secure your internet connection and keep your personal data safe when using public Wi-Fi
The Benefits of Using a VPN on Public Wi-Fi
Because of the security concerns we mentioned above, we always recommend using a Virtual Private Network or VPN when using any kind of public Wi-Fi, particularly when entering any kind of sensitive information like passwords and credit card details.
A VPN is a piece of software that creates a secure encrypted virtual “tunnel” for your browsing traffic so that it is totally private and secure. All traffic is encrypted or scrambled using a strong encryption protocol, meaning it is basically impossible to intercept, and is only unscrambled or decrpyted when it reaches the other end.
In any kind of situation where you are entering private and sensitive information over Wi-Fi and you do not have control over who is connecting to it or the security settings (ie. on any public Wi-Fi network), then a VPN is essential to make sure your browsing is fully secure and private.
VPNs can also be used to make home networks more secure; see our article on this. The risks are generally lower in homes but the same general principles apply.
There are loads of different VPNs now, each with their own pros and cons, but for simplicity’s sake we will list just four well known VPN brands – NordVPN, Vypr VPN, Express VPN and Tunnelbear.
All four are paid VPN services (Tunnelbear does have a free plan; we’ll go into this more below). Whilst free VPN services are available, we don’t recommend them as we have found them to be painfully slow and unreliable and often come with restrictive data caps. For any kind of serious browsing and streaming you will ideally need a paid plan.
The prices are for an annual subscription paid upfront; month to month plans are available but are quite a bit more expensive. Competition between providers is fierce so flash deals and discounts are also common. (NB. Links in the table are affiliate links).
|Provider||Price (12 months paid in advance)||Number of servers/countries||Number of Devices Allowed||Main Benefits|
|Surfshark||$2.50/month (24 months)||3200+/65||Unlimited||Cheap and 30 day risk free trial|
|NordVPN||$6.99/month||5300+/61||6||Choice of Servers & Double Encryption|
|Tunnelbear||$5.00/month||41+/41||5||No Nonsense Simplicity|
*Tunnelbear do offer a free plan but it only comes with a 500MB monthly data allowance. For any kind of heavy browsing, video streaming or downloading you will probably need a paid plan.
*Flash deals and discounts are common with VPNs, so if you click the links to check the price, you may often find a cheaper price than the one listed.
So whilst there is an annual cost involved in getting a good VPN service to secure your connection, in reality it works out very cheap, from around $35-50 per year for some services. We consider it worth the investment to avoid the stress and hassle that can be involved with having personal data stolen and accounts hacked.
Stolen money is often (though not always) returned by banks but it is the stress of sorting everything out, changing passwords, getting new credit cards, proving transactions were fraudulent etc. that it would really be best to avoid dealing with. Securing any public Wi-Fi connections with a VPN straight away eliminates one of the biggest threats of fraud and identity theft online.
Cybercrime is on the rise with around 600 million victims worldwide in 2015 and incredibly almost a billion people or around one seventh of the world’s population suffering from some kind of cybercrime in 2017.
Whilst “cybercrime” is a catch all phrase that does not specifically mean just people who have had their information stolen on public Wi-Fi, it gives you an idea of the security vulnerabilities that exist online.
We therefore consider a VPN to be a no brainer for anyone who is using public Wi-Fi on a regular basis, such as people who are travelling frequently either for business or leisure.
With a VPN you can browse safely while waiting in airport lounges, train stations or any other public place knowing any data you enter on these connections is secured.
Are There Any Downsides to Using a VPN?
On the negative side VPNs may give you a slower connection than unprotected Wi-Fi, since all traffic has to be routed through one or more servers and the encrpytion of traffic also tends to slow it down. Speed will also depend on which server you are routing your traffic through; picking a server close to you geographically will normally give you the best service.
This may impact you if you want to do more bandwidth intensive things like video or film streaming; for general browsing then the difference in speed will likely not be noticeable. If speed of the connection is the main concern then we recommend Vypr VPN as it consistently delivers high speed connections, especially from close by servers. See our review of Vypr VPN for more details.
In fairness it is mainly the free VPN services that suffer from low speeds; the paid plans are pretty reliable and consistent nowadays. Also the main reason people are using a VPN is for security and privacy of browsing, so for most users a slight drop in speed should not be important.
The major VPN providers are constantly working to improve both the number and speed of their servers and Vypr VPN even has several different protocols you can choose from, which allow you to trade off a little security for extra speed if desired for things like video streaming.
The costs of a paid VPN could be argued to a a downside, but we would argue that any money spent is well worth it for regular public Wi-Fi users, versus the stress and hassle and possible financial loss of having personal details stolen and accounts hacked.
Paid services are just far better, faster and more reliable then free services in our experience. The free Tunnelbear plan does work quite well, but at only 500MB a month allowance, it will only work for very occasional light browsing, and not for streaming or downloading.
Summary Checklist For Staying Safe on Public Wi-Fi
So here is our quick summary of the main things to do to stay safe on public Wi-Fi networks:
- Never log into email, bank accounts, or any other password protected accounts, or enter any personal or sensitive information over unprotected public Wi-Fi.
- Always use a VPN to secure your connection on public Wi-Fi before entering any sensitive information.
- If you absolutely have to use public Wi-Fi without a VPN then only use for safe non personal browsing and always look for the secure green https padlock. This provides more security but is still not really safe enough to be logging into protected accounts or entering personal details
- If you have phone data consider using that for browsing instead as that will likely be more secure than connecting to the public Wi-Fi.
- Always have up to date anti-virus and anti-malware software installed on your device to pick up and remove any threats.