/>
X
Innovation
Why you can trust ZDNET : ZDNET independently tests and researches products to bring you our best recommendations and advice. When you buy through our links, we may earn a commission. Our process

'ZDNET Recommends': What exactly does it mean?

ZDNET's recommendations are based on many hours of testing, research, and comparison shopping. We gather data from the best available sources, including vendor and retailer listings as well as other relevant and independent reviews sites. And we pore over customer reviews to find out what matters to real people who already own and use the products and services we’re assessing.

When you click through from our site to a retailer and buy a product or service, we may earn affiliate commissions. This helps support our work, but does not affect what we cover or how, and it does not affect the price you pay. Neither ZDNET nor the author are compensated for these independent reviews. Indeed, we follow strict guidelines that ensure our editorial content is never influenced by advertisers.

ZDNET's editorial team writes on behalf of you, our reader. Our goal is to deliver the most accurate information and the most knowledgeable advice possible in order to help you make smarter buying decisions on tech gear and a wide array of products and services. Our editors thoroughly review and fact-check every article to ensure that our content meets the highest standards. If we have made an error or published misleading information, we will correct or clarify the article. If you see inaccuracies in our content, please report the mistake via this form.

Close

The high price of free Wi-Fi: Here's why you never connect to an insecure network

If you work on the go, the last thing you should do is connect to an insecure wireless network. Jack Wallen explains.
jack-wallen
Written by Jack Wallen, Contributing Writer on
online-security-gettyimages-1148031053.jpg

Later that day odd things begin to happen. Your phone isn't working exactly as expected and you start receiving a deluge of what appears like harmless spam.

Getty Images

Let me set the scene for you: You're on the go and you need to stop and get a coffee. You enter the coffee shop and the aroma is the first thing to entice you. Next, you see all the lovely people sitting around making deals, writing the great American novel, chatting, and just generally enjoying themselves. You then notice a sign that states, "Free Wi-Fi." 

Score!

You pull out your phone, open the network connection app and notice the wireless connection doesn't have a password.

Even better.

You connect to the wireless network and order your quad long shot grande in a venti cup half caff double cupped no sleeve salted caramel mocha latte with 2 pumps of vanilla substitute 2 pumps of white chocolate mocha for mocha and substitute 2 pumps of hazelnut for toffee nut half whole milk and half breve with no whipped cream extra hot extra foam extra caramel drizzle extra salt add a scoop of vanilla bean powder with light ice well stirred.

While the barista brews your ridiculously complicated order, you sit down and start using all that free Wi-Fi. You send email, you communicate to team members on Slack, send SMS messages to friends and family, check-in on Facebook, and tweet the single most profound statement Twitter has ever beheld.

Life is good.

You get your drink and continue on as though nothing can touch you.

Eventually, you leave and think nothing of your experience (other than how delicious the coffee was and how on point your Twitter game is). 

Later that day (or maybe the next day) odd things begin to happen. Your phone isn't working exactly as expected and you start receiving a deluge of what appears like harmless spam.

Okay, fine…all in a day's existence, right? 

But then you get a warning from your bank.

And you start seeing reactions to things you didn't post or send.

You check in on your bank account to find your balance is at zero.

Panic sets in.

What happened? You've always been so careful with your bank account credentials and you never share that kind of information with anyone.

This can't be real, can it?

It can and it most likely all started with you connecting to a simple password-less wireless network.

The truth is, you are not safe. Your information isn't safe, your identity isn't safe, your mobile devices aren't safe. Because of this, you have to take every precaution you can, which means never (ever, ever) connecting to an insecure network.

Why are insecure networks so bad?

The simple truth is when you connect to insecure Wi-Fi, you open your device to anyone who is also connected to that same wireless network. But why is that so bad? So what if other people can see my device on the network?

Let me put this in simplest terms.

Not every application you use on your mobile device encrypts your data. That means you could be submitting usernames, passwords, and even text messages in plain text. What does that mean? Simple: When you use an app that works with encryption, any data you send or receive is encrypted in such a way that it's very difficult to read. So instead of sending the plain text "password" (which you should never use), it'll send something like this instead:

hQGMA0mnhEQQ+utUAQwAixnPWw4LcXk1Njq0zHc8RRYnlN1424RASIT+s0d9DAHe
wIwzrLemIKo0Z97aZ97g0FdmlbWbPELt4Er7O0L/4ERvaWRhW3hf7WsipX0/PAVD
Kz99IN/TT6srb6T08f6wpVCn4kuKl60Dl2630QvFxe4HtmbgzqnzqdUZ53sFknX4
TlRJw8K8lZ+/o5nW88JG+3MfKq/gd5eHIxDWLUZg5MDORhPy6FckeuF4ejWjKfzM
WCkNP+IEq7trZ6/SH724HES8nHxIiaH9CaI1D7cHckR0cvF40Xo+rCIP9Qu6Ahax
yOHqKmDhjfjV11H4MVZrhjn2zFI5jBahmUvZc0+JvtHuI/Bd26buo50Xg3co01em
kog0P9GK/4TNMtIuxupiSMryNM0l18FjWzso6ojf662nF4nDpiUQmJVCcpRhSNHO
twXM1tvmNSjN0OTf6hiU3tD4iE1N5FhTSkeq7Rz9DunraO7aILNArpt8ndbOssV5
gt5eWnsGMUR/7EK6htvA0kQBgHjl0o98rjTcvTF+pZtQSr3omSQTiafRXDxHBbT7
xbMWyNxWQ91PEDWuTtaMbqlDkxbUmqlFFJ6XgvyzqjsRqaTuCQ==
=psm9

That, my friends, is encryption. And unless your applications are all using it, you're sending plain text over a network that anyone can access. Once connected, a bad actor could use a sniffer to intercept your plain-text data packets and read them. And the tools used to capture those packages are readily available to anyone.

You might think this is just a warning that can be ignored at will. To that point, you would be right. This is a warning but it's one you should heed. When you connect to insecure wireless networks, it's only a matter of time before someone intercepts your data and you fall prey to any number of nefarious doings. 

Here are the reasons why you should never connect to an insecure wireless network:

  • Anyone with the knowledge can steal your data.

That's really the only bullet point you need. And although I'd like to sugar-coat this for you, the truth of the matter is the longer you ignore this advice, the more at risk you are. 

What can you do?

You might find yourself in a situation where you absolutely must connect to an insecure wireless network (maybe you're out of data and have work to do). When you find yourself in such a situation, consider the possible options:

  • Never send any passwords or sensitive information when connected to that insecure wireless network.
  • Use a VPN (such as Tunnelbear) when connected to those insecure networks (as it will encrypt and anonymize your data).
  • Use a more secure web browser (such as Brave or Firefox), so you can enable features like always use HTTPS and secure DNS.
  • Enable secure DNS in your web browser of choice (so all of your searches are encrypted).
  • Enable end-2-end encryption in the Android Messenger app (Settings > Chat features > Enable chat features) so all of your SMS messages are encrypted.
  • Invest in an unlimited data plan for your phone, so you never have to bother with connecting to an insecure network.

Let's break the above done. The absolute best path you can take is to invest in an unlimited data plan. Why? With an unlimited plan, you will never have a need to connect to an insecure wireless network (especially given how fast 5G speeds are). If, however, that's not an option, I would highly suggest, at a minimum, you use a VPN every time you connect to an insecure network, work with a more secure browser and enable end-2-end encryption on your SMS apps. As you can see, other than only using your data plan, there's no 1-step solution for this problem. And even when using your carrier data, you could up your security game by following the above advice.

The same thing holds true when using a laptop and is especially true when using a Windows-based laptop. If the location you're working in only offers an insecure network, your best bet is to tether your laptop to your mobile device and use the phone's data plan for connectivity.

I know the inclination is to roll your eyes at such warnings, but this is one you should take seriously. Do not connect to insecure wireless networks. Period. End. Of. Story. If you value your privacy and the security of your data, you will follow this advice to the letter.

Editorial standards

Related

Soon, your Amazon Echo Dot will serve as an Eero Wi-Fi extender
Echo Dot and Echo Dot with Clock on table

Soon, your Amazon Echo Dot will serve as an Eero Wi-Fi extender

How to set up Linux hosts file
A pregnant Asian woman uses a laptop in a brightly lit, modern living room.

How to set up Linux hosts file

AGM Glory G1S review: Superhero powers in a rugged smartphone
agm-glory-g1s-2

AGM Glory G1S review: Superhero powers in a rugged smartphone