Make us your home page

Free public Wi-Fi can be disguised hacking tools

Using free Wi-Fi at places like airports and coffee shops can put sensitive information and passwords at risk. (Michael Meister The New York Times)

Using free Wi-Fi at places like airports and coffee shops can put sensitive information and passwords at risk. (Michael Meister The New York Times)

From hotel lobby to coffee shop to airport terminal to park, each time we join a public Wi-Fi network, we put our personal information and privacy at risk. Yet few travelers are concerned enough to turn down free Wi-Fi. So, how to feed your addiction while also safeguarding your passwords and privacy? If you're not going to abstain, here are four rules for staying connected and (reasonably) safe while traveling.


Those five letters indicate the page is encrypted, preventing others from seeing what you're doing. If you're browsing the Web anywhere with an open network and you do not see "https," it's possible that someone there with nefarious intentions can see the site you're visiting and the exact pages you request on that site.

Sites like and use "https" by default, but type your password into a Web-based email site that does not use it and a third party could see (and steal) that password. This sort of eavesdropping is easier than you might think. There are a number of tools that allow anyone who downloads them to see all the data that flies back and forth between a browser and a Web server, said Jason Hong, an associate professor at Carnegie Mellon University.

Moreover, anyone can set up a Wi-Fi network for criminal purposes and give it a name that sounds legitimate. Say, for example, you're in the Paris Metro and you join a free network that looks like an official city initiative. "You have no idea what Wi-Fi network that is," said Nadia Heninger, a professor at the University of Pennsylvania. "It could be set up by a hacker." And if he or she has malicious intentions, when you go to a popular site like Facebook, you could be logging into a fake page that allows the hacker to steal your password.

But, surely, using Wi-Fi at a hotel is safe, right? "That's only marginally better," Hong said. Even so, protect your computer by ensuring that your Web browsers are up to date. Turn on your firewall and turn off file sharing.

2 USE A VIRTUAL PRIVATE NETWORK. If you work for a corporation, chances are you either already have one or have access to a technology department that can give you one. Using a VPN essentially encrypts all your online traffic, ensuring that no one can eavesdrop.

Don't have a VPN? There's Tor, software that prevents third parties from seeing your location or the sites you visit. "It's totally free and fairly easy to use," said Heninger, who uses Tor. The software can be downloaded at

3 SIGN UP FOR TWO-STEP VERIFICATION. More and more sites — Facebook, Twitter, Yahoo, WordPress — allow users to set up their accounts so that signing in requires two ways of proving who they are. The most common method requires a password you create plus a code that is sent to you — via text message or a special app — each time you wish to sign in.

For instance, let's say you logged onto a fake Facebook page and hackers captured your user name and password. If that happened without two-step verification (known on Facebook as "login approvals"), the hackers could access your account when you log off. If, however, you had enabled login approvals, even though your user name and password were captured, the hackers would not be able to log into your account because they wouldn't receive the requisite code.

4 BRING ONLY WHAT YOU NEED AND TURN OFF WHAT YOU'RE NOT USING. The latter goes for both Wi-Fi and Bluetooth. "It's just another way to be compromised," Heninger said. And don't give away your email address or download an app in exchange for free Wi-Fi.

"Think about the recipient of that information," she said. "You have no idea who set up that Wi-Fi network," she continued, adding "You might have just downloaded an app that will download all your contacts."

If you're seriously concerned about security, Heninger suggested creating a special travel email address and password. And she recommended buying a "travel laptop" loaded with only the information you need.

Free public Wi-Fi can be disguised hacking tools 06/27/14 [Last modified: Sunday, June 29, 2014 7:06pm]
Photo reprints | Article reprints

Copyright: For copyright information, please check with the distributor of this item, New York Times.

Join the discussion: Click to view comments, add yours

  1. Pinellas licensing board asks Sen. Jack Latvala for $500,000 loan

    Local Government

    The troubled Pinellas County agency that regulates contractors wants Sen. Jack Latvala to help it get a $500,000 lifeline from the state to stay afloat.

    State Sen . Jack Latvala, R- Clearwater, is being asked to help the Pinellas County Construction Licensing Board get $500,000 from the state so it can stay open beyond February.  [SCOTT KEELER   |   Times]
  2. In advertising, marketing diversity needs a boost in Tampa Bay, nationally


    TAMPA — Trimeka Benjamin was focused on a career in broadcast journalism when she entered Bethune-Cookman University.

    From left, Swim Digital marketing owner Trimeka Benjamin discusses the broad lack of diversity in advertising and marketing with 22 Squared copywriter Luke Sokolewicz, University of Tampa advertising/PR professor Jennifer Whelihan, Rumbo creative director George Zwierko and Nancy Vaughn of the White Book Agency. The group recently met at The Bunker in Ybor City.
  3. Tampa Club president seeks assessment fee from members


    TAMPA — The president of the Tampa Club said he asked members last month to pay an additional assessment fee to provide "additional revenue." However, Ron Licata said Friday that the downtown business group is not in a dire financial situation.

    Ron Licata, president of the Tampa Club in downtown Tampa. [Tampa Club]
  4. Under Republican health care bill, Florida must make up $7.5 billion


    If a Senate bill called the Better Care Reconciliation Act of 2017 becomes law, Florida's government would need to make up about $7.5 billion to maintain its current health care system. The bill, which is one of the Republican Party's long-promised answers to the Affordable Care Act imposes a cap on funding per enrollee …

    Florida would need to cover $7.5 billion to keep its health care program under the Republican-proposed Better Care Reconciliation Act of 2017.  [Times file photo]
  5. Amid U.S. real estate buying binge by foreign investors, Florida remains first choice

    Real Estate

    Foreign investment in U.S. residential real estate recently skyrocketed to a new high with nearly half of all foreign sales happening in Florida, California and Texas.

    A National Association of Realtors annual survey found record volume and activity by foreign buyers of U.S. real estate. Florida had the highest foreign investment activity, followed by California and Texas. [National Association of Realtors]