Free WiFi® or hotspots are public places where Internet connectivity is available to anyone within broadcasting range. Cafes, libraries, school campuses and civic centers are just a few places where people might find access. Generally, it’s safe to use hotspots with a few common sense rules.
Hotspot networks are often unencrypted, as encryption would require log-on credentials for each person joining the network, hampering accessibility. Networks that don’t require credentials are easy for anyone to jump onto with little or no user direction.
A wireless router broadcasts all dialog taking place between itself and connected computers. If ten patrons of a cafe are using their computers to access the Internet, check email or download music, ten conversations are being broadcast throughout the cafe and immediate area. Others within range can use widely available tools to eavesdrop on that dialog, trapping and analyzing the data packets. This is a good way for nearby malicious persons to gain usernames, passwords, email messages, and other personal information that is traveling unencrypted on the wireless network.
As a precaution, users might avoid visiting websites that send usernames, passwords or email in the clear when using free WiFi®. That said, when accessing such websites from home, the data is still traveling across the Internet in plain text, subject to online snoops. By avoiding visiting the sites in public, users are only eliminating the additional risk of local users who might be snooping wireless traffic.
Even if a free WiFi® network is encrypted, there are different types of encryption. An old protocol known as Wired Equivalent Privacy (WEP) can be easily broken with readily available software. Only the stronger WiFi® Protected Access (WPA) will prevent local snoops from being able to decipher the dialog between the computer and the wireless router. In all cases, the router will decipher traffic before sending it on to the Internet, so online snoops will still be able to read unencrypted data exchanged between yourself and the Internet. WPA will only stop local snoops from reading wireless traffic.
It is safe, however, to use hotspots for accessing sites that provide end-to-end (also called point-to-point) encryption. End-to-end encryption is automatically put in place when visiting a site with an address that starts with https. In this case, the browser will encrypt all communication before it leaves the computer, and it will only be decrypted at the destination site. The website likewise encrypts everything from its end, which gets decrypted by the browser. An interloper, whether local or online, can still trap passing data packets, but the contents of those packets will be unreadable.
Online banking employs point-to-point encryption, as do shopping carts and all legitimate websites that require personal information to provide a service or product. Ideally, any website that requires a username and password should provide a secure connection to exchange those credentials, but many sites that require registration allow the username and password to travel in the clear. Unfortunately, this is also true of some web-based email services. In this case, the email is also traveling in the clear for snoops to trap and read.
While free WiFi® is safe for secure websites, highly sensitive activities should only be performed from a person's home computer. A public computer should not be trusted for anything but casual surfing. Computers store passwords, usernames and other revealing data in a type of memory called cache, making it possible to retrieve later by others. A public computer could also be infected with keylogger software that records keystrokes, defeating the purpose of point-to-point encryption by trapping account numbers, usernames and passwords as they are typed into the keyboard.
To keep a computer safe, users should employ reputable anti-virus and anti-spyware software that is updated frequently. Additionally, people should regularly scan for rootkits, which are scripts that can be used remotely to control a computer online without the owner's knowledge. Rootkits use resources that can slow performance, interfere with the proper functioning of the computer, and can also be used to install keyloggers and other malicious software.