Howdy, everyone. Many of you might have noticed that there’s been a recent influx of security issues popping up in news and on the internet.
As Opera Max, our data-savings app for Android, began supporting Wi-Fi connections, we thought it’d be useful to offer some security tips for when you’re on public Wi-Fi. Sigbjørn Vik, security expert at Opera, sat down to give us some insights on how to protect your personal information over the web and on the go.
What type of personal information can be at danger when we browse on a public WiFi?
The typical issue is, of course, passwords used to log in elsewhere. But, anything that is being sent across the network may potentially be inspected, including credit card numbers and personal communication. In some cases, even background updates of apps, extensions and programs might be fooled into installing something bad.
Is it possible to tell if one public Wi-Fi network is safer than another?
Unfortunately, many Wi-Fis are set up to capture secure communications and expect users to accept their server certificate. Once accepted, it may be reused later without the user realizing. So, public Wi-Fi is an inherently insecure setup.
For any communication being sent unencrypted, it is hard to determine the safety of the Wi-Fi network. The communication between the user and the Wi-Fi owner may still be tunnelled (and thus secure to people listening in), but there is no universal, user-friendly and easily-understandable method to inspect this. Even if third parties may not listen in, one still has to trust the owner of the Wi-Fi network, which is also hard to assess. In most cases, it is not even possible to determine who the owner of the network is.
What are some tips to stay safe in the public?
On public networks, do the following:
1. Try to avoid accepting invalid certificates. If opening the first page asks for a certificate, try going to a regular http page and see if that will allow you to log into the Wi-Fi instead. If you need to accept an invalid certificate in order to log into the network, restart your browser afterwards. That should normally maintain the logged-in status but remove the acceptance of the invalid certificate.
2. Ensure connections to websites are secure. Be aware that anything sent over unencrypted connections will be visible to at least some third parties on public Wi-Fi. If you want to avoid this, use a VPN.
If you are unlucky and your personal info is leaked through a public Wi-Fi connection, what (horror stories) can happen to it?
Identity theft and associated money theft are some horrible possibilities. The computer might also end up getting malware through accepting insecure connections. It will depends on who has access to your data.
Are there different concerns for mobile phones?
There might be slight differences. For example, on a mobile phone, accepting an invalid certificate in the browser might potentially accept it also for the rest of the operating system. The value of data kept or used on a mobile phone might also be different than that kept on laptops and desktops.
For more security tips, Check out Sigbjørn’s blog for more tips on staying secure. Comment below if you have a question for Sigbjørn. 🙂