Public Wi-Fi networks may display advertisements or require users to enter information to connect; however, the risk of data theft is relatively low.
When accessing free Wi-Fi at supermarkets or coffee shops, users often encounter a screen with advertisements provided by the business, requesting information and accepting terms to access the Internet.
Typically, these websites are not dangerous. However, some Wi-Fi networks may inject advertisements while browsing, including fraudulent ads that could put users at risk.
A public Wi-Fi access point in New York (USA). (Photo: Bloomberg).
Why Public Wi-Fi Uses Login Websites
Wi-Fi networks are typically secured in various ways. Usually, personal or small business networks utilize a PSK (Pre-Shared Key) mechanism, requiring the input of a pre-shared password to connect.
In contrast, public Wi-Fi networks at coffee shops, shopping malls, airports, etc., use a password-free login method known as a captive portal.
With this mechanism, users can connect to the network and obtain an IP address from the router, but they cannot access the Internet yet. Instead, they are redirected to a login website featuring the business’s branding, along with login information and advertisements.
To check Internet connectivity on public Wi-Fi, the device sends a request to specific verification addresses, such as captive.apple.com on an iPhone. If the response is “Success!”, it means the user can access the Internet.
Conversely, if the router blocks access or requires authentication through the captive portal, the device will automatically open a browser and redirect to the login page provided by the router.
A Wi-Fi connection page (captive portal) from Starbucks. (Photo: Nil).
Depending on the network, users will need to enter different information. Some networks require employee email logins, coffee shops may provide passwords, and public locations might only ask for a name/age or to accept terms to verify and access the Internet.
Unlike traditional security mechanisms, captive portals allow businesses to manage connections more flexibly. According to Tech Target, a coffee shop can restrict access time when closing, while businesses may use the information to analyze customer demographics and display advertisements.
Many routers today support guest mode with captive portals. Open-source software like NoCatSplash and ChilliSpot allows users to create their own captive portals, redirecting users to them to connect to Wi-Fi.
Overall, captive portals simplify advertising when using business Wi-Fi.
In addition to advertisements in captive portals, connection owners can redirect users to websites containing advertisements while browsing or when clicking certain links.
Nevertheless, compared to captive portals, this method requires more technical skills, such as adjusting DNS or proxy settings on the router to intercept connections whenever users click on a link.
Not many common devices support this feature, and websites using the HTTPS protocol will not be affected. Injecting ads into Wi-Fi networks can also be annoying, and worse, it may lead to deceptive advertisements.
Is Public Wi-Fi Safe?
While very useful, public Wi-Fi at airports or coffee shops is often considered insecure.
However, security experts argue that for routine tasks like watching movies or browsing social media, hackers typically have nothing of value to steal.
“That type of data is not only low in value but also poses high risks. If I can obtain your password from Moldova without jeopardizing myself, why would I fly to Starbucks where you live?” said Chester Wisniewski, Global Technology Director at security firm Sophos.
Wi-Fi settings screen on an iPhone. (Photo: 9to5Mac).
In the past, most web traffic was not encrypted. Anyone could see what websites others were visiting if they successfully penetrated their network.
By 2017, Firefox reported that over 50% of web traffic used the HTTPS encryption protocol. This means that even when using public networks to steal data, hackers cannot obtain valuable information.
Russ Housley, founder of cybersecurity firm Vigil Security, stated that if users frequently work with sensitive data, they might consider downloading a virtual private network (VPN) tool.
These apps help hide IP addresses to obscure activities, even blocking ads and reducing the risk of cyberattacks.
Instead of worrying about the security of public Wi-Fi, the Washington Post recommends that users set strong passwords, regularly update software, and be aware of phishing tactics to proactively protect themselves.
“In general, using public Wi-Fi is still safe as long as your computer is updated to the latest version and your data is encrypted,” emphasized Eric Rescorla, former Chief Technology Officer at Mozilla.
