DEV Community

Cover image for How do you practice safe public wifi access?
Peter Kim Frank
Peter Kim Frank Subscriber

Posted on

How do you practice safe public wifi access?

What methods and/or tools do you employ to stay safe while using the internet from a public wifi connection?

Image via Unsplash

Top comments (56)

Collapse
 
codemouse92 profile image
Jason C. McDonald • Edited

Firewall. ProtonVPN, if there's any concerns. HTTPS Everywhere plugin. I also override my DNS by default.

Collapse
 
nickytonline profile image
Nick Taylor

Do you use Cloudflare's 1.1.1.1 or Google DNSes or something else?

Collapse
 
codemouse92 profile image
Jason C. McDonald

I use 1.1.1.1. I don't trust Google any further than I can pitch their server farm.

 
byrro profile image
Renato Byrro

Apart from using a VPN, what you guys are talking about sounds like an alien language to me.

Is all that something everyone should learn to do or do you consider yourselves kind of extra-snowden-like-concerned-about-security because the CIA is trying to catch you? 😊

 
codemouse92 profile image
Jason C. McDonald • Edited

Might as well run a local Dnsmasq instance doing recursive resolution on TLDs directly, instead of just moving your trust from google to cloudflare.

You know, that's a bit like saying "Might as well store your entire financial assets in gold in a safe under your bed instead of moving your money from a shady mega-corp bank to a Federally-insured, member-owned credit union." It's a bit on the 'overkill' side for many people, myself included.

But why trust Cloudflare over Google? Simple. Guess which one of those sells browsing history as one of their primary forms of income?

Collapse
 
seanmclem profile image
Seanmclem

I don't use public wifi

Collapse
 
savagepixie profile image
SavagePixie

Same here.

Collapse
 
seanmclem profile image
Seanmclem

It's usually slow or can't connect, needs login so you have to go get a password from some desk or something, need to agree to some weird terms to use. Unsafe on top of all that. In the age of LTE, why bother?

 
codemouse92 profile image
Jason C. McDonald • Edited

And that daemon can handle DNS for my entire network, including multiple computers and a public-facing, always-on server that is central to our production work? And you can guarantee that I'll never have to suddenly stop what I'm doing to debug it? And that it'll be accessible from any wifi spot I'll ever connect to worldwide, and never go pear-shaped when I least expect it?

If setting up a reliable, works-for-everything DNS is really that easy, it's a marvel 8.8.8.8 and 1.1.1.1 ever even gained adoption.

The fact is, "it takes minutes to set up" never takes into account the inevitable time sink that comes when (a) things don't go according to the docs (more than half the time, ask any IT), or (b) when things break (at least once with everything you ever set up, ask any IT).

So no, I don't have that time.

Collapse
 
nickytonline profile image
Nick Taylor

VPN. For work, we have one by default and if I'm at a café working on open source or anything else on my personal devices, I use a VPN as well. Currently I'm using NordVPN.

Having said that, 2019-10-21: NordVPN confirms it was hacked | TechCrunch, so I may need to look for a new VPN. 🤔 Suggestions welcome

Collapse
 
phlash profile image
Phil Ashby

Possibly not your thing, however I run my own VPN server in Azure using tinc and/or plain ssh tunnelling (SOCKS) on a small Debian VM.

I also ensure my browser forwards DNS lookups over SOCKS if I'm using that protocol, and my VM relies on Azure DNS - I could run my own dnsmasq based full DNS but meh.. at least it's out of the grasp of the local hotel / Cafe full of sniffers, etc.

Collapse
 
thomasbnt profile image
Thomas Bnt • Edited

Hello ! I already tested Mullvad VPN and i like it! It's 5$ per month.

Very easy to use.

You can pay with Paypal, credit card, Bitcoin and more !

Mullvad Payment process

Collapse
 
glennmen profile image
Glenn Carremans

I currently use PIA (Private Internet Access) but once my subscription is expired I will probably switch to Cloudflare Warp, unfortunately it seems that they only support mobile.

Collapse
 
tallship profile image
Bradley D. Thornton • Edited

Sure, happy to help :)

First, this article will have you up in less time than it takes to read the docs from a commercial solution.

Second, you can do it for less than five bucks per month on a fast, private machine of your own that is on no ones radar:
bit.ly/2PbCNdV

This next article, recently updated, has been around a while, and points out added advantages and possibilities such as also having the convenience of your apps running via X on your remote, fast, and secure sever:
bit.ly/383a43C

I hope that helps

 
codemouse92 profile image
Jason C. McDonald • Edited

Well, if it's sitting on your computer, yes, that's kind of the point.

Amazing. Too bad I actually couldn't accomplish that with two full days of trying to do exactly that for my network, with the help of two professional, experienced Linux ITs no less. "We must have done something wrong," I suppose.

And your complaint about time doesn't change the validity of this solution.

I never said it wasn't valid, but the way you're talking, it should be the only solution.

In any case, thank you for (apparently) retracting your earlier assertion that it couldn't take more than five minutes.

 
moopet profile image
Ben Sinclair

I don't see those as automatic reasons to avoid it

pokes oar in

Not specifically against Cloudflare, but personally I don't like encouraging anyone to go with the centralised solution. As long as everyone does it because "that company's alright", people will keep seeing it as safe. I see it as comparable to the "why would I use free software when I can pay for something good?" point of view.

 
codemouse92 profile image
Jason C. McDonald • Edited

RTFM.

Because of course it never occured to three Linux professionals in two days that we should read the documentation.

Ahh, the four-letter mantra of the people who don't have any real answers, but love to tell everyone they're wrong. At least that tells me I can leave this conversation — you've announced you have no actual knowledge or insight to share. Thanks for saving everyone the time of taking you seriously. Ta!

Thread Thread
 
opshack profile image
Comment marked as low quality/non-constructive by the community. View Code of Conduct
Pooria A

@jason No one forced you to follow up with this solution. There are people who actually know what they are talking about and also people who rant about knowing professionals. You're not in the first group apparently.

Thread Thread
 
codemouse92 profile image
Jason C. McDonald • Edited

You're not in the first group apparently.

Gosh, wish I'd known that before I'd gone and run a secure, production-grade development server for six years. I'll be sure to tell those two IT friends of mine they aren't knowing professionals either. They've wasted years of their lives successfully doing a job they apparently can't do.

Deserved sarcasm aside, I merely said that it wasn't a "fix-all". It's a valid solution, but not the only solution, and not necessarily one that magically works in every imaginable scenario. (P.S. My experience with dnsmasq was from about two years ago, not today.)

"RTFM" is never an appropriate response to anyone. My anger is directed at that, and rightly so. There are many people here on DEV who would be crushed by that remark, with its deliberately hateful insinuation of stupidity. "I read the documentation, but I didn't get it. I must not be legitimate." An insinuation you just helped add fuel to.

Thread Thread
 
namstel profile image
Namstel

I came here to say that maybe the topic of setting up your own "central" server could be a good dev.to article!

Collapse
 
artis3n profile image
Ari Kalfus • Edited

There's this neat thing called HTTPS which uses this thing called encryption to set up a private connection between you and the website that no one can eavesdrop.

Hope that comes off as light hearted and not condescending. VPNs used to be the answer when public WiFi meant using HTTP websites but that's no longer the case. HTTPS sets an encrypted tunnel per user, doesn't matter if others are listening on the wire. The only problem is if they are intercepting your traffic which is easier to do on open WiFi but that's a more complicated hijack (search evil twin attacks). Notably, using a VPN is letting someone intercept your traffic so you should opt on not using a VPN unless you need to avoid geo-blocking.

Collapse
 
skibitsky profile image
Gleb Skibitsky • Edited

Agree. I only use VPN/Tor when I travel to countries that have censorship. In the EU I am fine with just using HTTPS and browser extensions to block ads and tracking stuff.

Also, I use Little Snitch to block requests to Google Analytics API from third-party software installed on my mac

Some comments may only be visible to logged-in visitors. Sign in to view all comments.