this post was submitted on 29 Jan 2024
106 points (96.5% liked)

Technology

60101 readers
1854 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 2 years ago
MODERATORS
 

Comment:

I thought this article gives a balanced view if we should VPN with a public Wifi network, instead of the normal VPN vendor selling fears.

Summary:

Evil Twin Attacks - Not a major threat anymore

What is it?

Evil twin attacks involve hackers setting up fake Wi-Fi networks that mimic legitimate ones in public places. Once connected, attackers can spy on your data.

Why was it scary?

Before 2015, most online connections weren't encrypted, making your data vulnerable on such networks.

Why isn't it a major threat anymore?

  • HTTPS encryption: Most websites (85%) now use HTTPS, which encrypts your data, making it useless even if intercepted.
  • Let's Encrypt: This non-profit campaign made free website encryption certificates readily available, accelerating the widespread adoption of HTTPS.

Are there still risks?

  • Non-HTTPS websites: A small percentage of websites (15%) lack HTTPS, leaving your data vulnerable.
  • WiFi sniffing: Although not as common, attackers can still try to intercept unencrypted data on public Wi-Fi.

Should you still be careful?

  • Use a VPN: Even with HTTPS, your browsing history can be tracked by Wi-Fi providers and ISPs. A VPN encrypts your data and hides your activity.
  • Be cautious with non-HTTPS websites: Avoid entering sensitive information like passwords on such websites.

Overall:

HTTPS encryption has significantly reduced the risks of evil twin attacks. While vigilance is still recommended, especially when using unencrypted websites, it's no longer a major threat for most web browsing.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 6 points 11 months ago (1 children)

Modern browsers are ringing all warning bells and whistles if a site doesn’t use HTTPS properly, possibly even preventing you to even load the site.

If you’re connecting to an insecure site, you will know.

[–] [email protected] 0 points 11 months ago

Even if you use https to browse, metadata such as DNS and destination IP are going to be visible to attackers without VPN.

Should you be paying extra for a VPN just for public WiFi. Probably not, but if you pay for Apple iCloud+ or Google One, you should be taking advantage of the free vpn services that come with those subscriptions