Illusion of Internet Security


Illustration by Tiffany McFarlane

You're at a cafe downtown, and you need to get some work done. Just jump onto the unsecured wi-fi and get going, right?

Wrong. There are some tools to help you, but none of them are perfect and one of the most powerful ones is stigmatized as a platform of illegal activity.

Using unsecured wi-fi is like inviting a bunch of strangers into your home to help you rearrange the furniture. Sure, your furniture will be rearranged afterward, but a lot of it might end up missing.

Unsecured wi-fi isn't always operated by the organization you think it is. It could be a poser, routing all your traffic through their own laptop in a man-in-the-middle attack. They could have access to everything you put into forms or all the information on which websites you visit, or maybe they're piggy-backing onto your Facebook session, accessing your data without need of a password. Facebook in particular defaults to an unsecured connection after the login page, and piggy-backing is so easy that there are free android apps that do it for you. Anyone could peek at your cookies and impersonate you. This is just one of many forms of packet-sniffing, where other people on the same network peek at what your website is sending back and forth. And since most people use a single email for all of their services, somebody impersonating you to your email client could quickly have access to everything you do online. First, they change your email password, then reset passwords for Facebook, Paypal, your bank account—even Amazon.

But it doesn't have to be that way. The Tor browser, for instance, can solve many (but not all) of these problems. Tor will encrypt data sent through its network for you, but because it relies on passing encrypted data back and forth between a bunch of independently-controlled nodes, it is possible that a rogue node controller could intercept your data. Old versions of Tor were susceptible to DNS spoofing, where a hacker-controlled access point routes your request for, say, your bank website, with a clone controlled by the hacker, who then intercepts your login data. As long as you keep it updated, though, the Tor browser is pretty good, but for some reason there is a criminal stigma associated with it. Many claim that it's a hotbed of illegal activity, including the old Silk Road—but it's just a medium. Should we outlaw the U.S. dollar, since child trafficking often involves its exchange? Or lighters, since people use them for smoking weed? Tor was used by the U.S. Navy, for crying out loud.

There are some difficulties with using Tor, of course. It's very slow and there are some things it can't do online without special plugins — like YouTube, for example. There are some quicker fixes to help you stay secure. The easiest one is using HTTPS, the secure internet protocol. It seems great on the surface, but it has a lot of problems too. The Tor Project and the Electronic Frontier Federation got together to make HTTPS Everywhere, a plug-in that can help alleviate some, but not all, browsing issues. Virtual Private Networks (VPNs) can obscure what you're doing, even over public wifi, but they can be tricky to set up. There are preconfigured tools to make this painless, like TunnelBearThe best solution is to not use unprotected wifi, but with care and wit, you can maximize your security in dangerous situations.