>A busy public WiFi controlled by a hostile party is more likely to engage in port scans and other intrusive probes, so yes, this advice holds extra weight.
I mean if you define the party as hostile then yeah but that also all applies to a non-public network controlled by a hostile party but [Citation Needed] that this is something that people are likely to encounter in the wild. If were at all common it would be pretty noticeable because you'd notice any certificate shenanigans and it wouldn't take that long for a technical person to come along and notice any port scanning. That's before considering that OS's typically have a more aggressive firewall posture on public networks to begin with not making them particularly juicy targets.
>Brave browser does not implement this URL after a cursory examination.
Brave has to be a snowflake but it's just a restyling of the same settings page: brave://settings/security
>Google has also unquestionably had a caustic and corrosive impact upon privacy in a myriad of realms. They can and do receive subpoenas constantly, and the only way out of their databases is wiping all of their closed-source components from your devices.
Security != Privacy and those are frequently completely at odds. It's hard to argue that public wifi is anything but a privacy nightmare but from a purely technical security perspective, I must just shrug at public wifi now.
> your home wifi threat actor is your neighbors kid playing with aircrack.
When working for an ISP it came up quite a few times that customers had extensive questions about security because they were genuinely worried about their ex-spouse spying on them. Even if they were all just "paranoid" in their specific cases (I wouldn't know), I think it's a fair concern. If all it takes is some googling and a bit of money to rent cloud GPU's, well, scorned lovers have done way more expensive and less effective things to cause damage or violate privacy.
> Leakers shouldn’t use their work computers and should use public wifi, “like a Starbucks or at a hotel or anywhere where the Internet is open for public use.”
Lately there seem to be very few completely open wifi points. Most of them at least require some click through for agreeing to terms. Is there any risk involved here?
Yeah this article is only covering a specific attack vector, to claim that public Wifi is nearly risk free because of HTTPS is a very dangerous statement to make. The risk of public wifi was far from just having your traffic spied on.
> The adversary has a limited ability to monitor short-range communication channels (Bluetooth, WiFi, etc).
That seems like a pretty big assumption. From what i understand there already exists deployment of wifi hot spots to track people (both for advertising purposes and for spying purposes) to the extent that phone providers started radomizing MAC addresses.
> Yes, the mechanism is different, but the basic problem of interfering with others' communication is the same.
The legal problem isn't the effect of interfering with others' communication, its the active intent to interfere with others' communication.
So, no, a noisy environment because lots of people set up WiFi hotspots with no intent to prevent use (even though it may prevent some uses) does not pose the same legal issue as an environment in which someone is intentionally actively denying people the use of WiFi hotspots by spoofing de-auth packets.
So like, setup a WiFi with the same name? Or any name known to the device, then deauth. Devices also often broadcast some of the names they know.
> and also exploit a hole in the host browsers.
Well now that depends on your goal. Care to guess how many people could be lured into downloading malware or entering some credentials on a phishing page when they get to it?
I agree it's not like printnightmare level bad, but there's options here.
Much of that discussion is crap. They're wasting effort bikeshedding about local network sniffing. You have to assume that anything of value sent over the internet might be sniffed or at least could be sniffed by a well placed attacker. The last hop connection between your PC and the AP is hardly the only point at which your data is vulnerable. To assume otherwise is foolhardy.
That's why I said that the only additional risks I can see of an public Wifi is local attacks directly against your machine such as someone port scanning your laptop to look for vulnerable service or open fileshares, etc.
> Your data can be eavesdropped or modified by someone in the middle. This would be quite rare within a LAN
Literally every single public wifi network, which is a significant percentage of all internet traffic (including basically everyone working from a wework for example), is vulnerable to eavesdropping/mitm
What is up with these b.s posts about open or public wifi being safe this week? A few days ago there was a twitter thread by a security person at a hotel claimig their open wifi is safe.
I won't detail all the many harms you can suffer (or the threats that will readily cause you harm),but let me state just one argument related to eff's silly (and dangerously harmfull ) statement here:
1) when you type in a domain in your navigation bar, your browser attempts to connect to unencrypted http(port 80)
2) if (big if!) The site supports https it will do an http 301 redirect to the https version of the site.
3) An attacker needs to intercept just one such redirect to have an opportunity for credential theft or content injection (downloads,exploits,etc...)
3) your browser does indeed remember these redirects going forward,which is great.
4) Except if you configured your browser to forget all history. Or if you happen to remember a site you visited a while ago (perhaps on a different device) and just typed it in to navigate. Or if you typed in something to search but your browser navigates to it,or many other opportunities for pwnage!
5) you don't care about that? Well attackers are happy to setup a malicious captive portal(captive portal checks are plain http for all browsers I know of) and use that directly or to social engineer installation of an app you "need" to connect (oh,mitmproxy has a nifty captive portal like page you can customize to install a CA cert on the device for TLS interception)
I won't even begin to talk about at least half a dozen additional classes of MITM attacks that can be used, even with wpa3 and client isolation! What you have to understand is that vulns that would normally be low severity are amplified in this sort of a network, due to the sheer magnitude of threat exposure.
I can't complain about most people being ignorant to good infosec practices(we have to understand+educate) but man this stings! The eff makes one of my favorite extensions HTTPSEverywhere, how can they post this? It takes a long time to educate people about good security practices.
> Most of the "shame on public WiFi" comes from VPN companies
I would call that a half-truth. When I was a kid (in the early 2000's) it was exceptionally easy to crack public wifi networks. A lot of that had to do with misconfiguration and every company scrambling to create public wifi APs. It makes sense that these memories and experiences live on and have become slogans of companies vying for privacy.
Wi-Fi makes that pretty damn hard to verify. In theory, malicious firmware could even opportunistically link up with other malicious firmware acting as a bridge via some undocumented protocol that would only be detectable by looking at the raw spectrum.
"devices are already storing SSIDs to do an active scan" - Not mine, although I would readily acknowledge that I'm in the minority and this is generally a truism.
And thank you for acknowledging privacy concerns over publishing the wifi database, although I'm personally still concerned whenever that information gets aggregated systematically, even if it's internal to Mozilla.
One way I think about privacy for data like this is respecting people's intentions. When most people set up wi-fi, I would argue that their intent is almost never to help Mozilla or Google precisely locate phones or IP addresses; it's to connect wirelessly to the internet. More to the point, it's hard to find out someone's intention without asking them. Kudos to Mozilla for getting people to wardrive consensually; but that may still not make me feel much better if I'm just someone with wi-fi.
> Do you really need to secure Youtube viewing on a public WiFi hotspots ?
This suggests you did not, in fact, see the problem. The attacker in this scenario is not limited to replacing YouTube videos. They can make anything they want appear on the user's screen, including things like a Google login page, or even a bank login page.
That's a misnomer. It doesn't actually make it hidden, only transmit beacons with a blank ssid. That's why even if your network is hidden, it will show a "hidden network" option for you to manually enter the SSID[1]. Moreover, client devices that have hidden networks saved will send out probe packets with network names it has saved[2], so it can determine whether the hidden network is actually around. This is actually worse for privacy, especially if your network name is vaguely unique, because you're broadcasting this high entropy information everywhere you go.
> it feels creepy in a way that their regular internet behavior does not
And that is, of course, where people come to reasonable disagreement; it simply doesn't feel creepy to a lot of folk. I assume the difference in feel is whether one interprets "capturing unsecured wifi packets via wardriving" as akin to peeping-Tomming into every neighbor's house or akin to sailing along a coastline full of lighthouses broadcasting their beacons and writing down the strobe patterns.
The problem is, that someone setting up a public wifi (in a restaurant for example), will be vulnerable to sniffing attacks (if they don't know what they're doing).
I guess I don't so much disagree with the idea of being careful on an unsecure public wifi, as I am concerned that so many people seem to think they only have to concerned about the unsecured wifi, not all the other hops on their connection. You know what I mean?
I mean if you define the party as hostile then yeah but that also all applies to a non-public network controlled by a hostile party but [Citation Needed] that this is something that people are likely to encounter in the wild. If were at all common it would be pretty noticeable because you'd notice any certificate shenanigans and it wouldn't take that long for a technical person to come along and notice any port scanning. That's before considering that OS's typically have a more aggressive firewall posture on public networks to begin with not making them particularly juicy targets.
>Brave browser does not implement this URL after a cursory examination.
Brave has to be a snowflake but it's just a restyling of the same settings page: brave://settings/security
>Google has also unquestionably had a caustic and corrosive impact upon privacy in a myriad of realms. They can and do receive subpoenas constantly, and the only way out of their databases is wiping all of their closed-source components from your devices.
Security != Privacy and those are frequently completely at odds. It's hard to argue that public wifi is anything but a privacy nightmare but from a purely technical security perspective, I must just shrug at public wifi now.
reply