Hello,

I have to stay at a hotel for the next several months and will need to access my financial data and file taxes online over the hotel internet. From what I know, hotel internet, both wired and wireless, is not secure, so I'm trying to find out the best way to safeguard my personal/financial data while doing taxes (or decide if it's too risky and I should file an extension on paper instead).

Would accessing financial web sites via a personal VPN provide sufficient protection? What about a mobile wifi/personal hotspot service (e.g., MiFi or 4G from Clear)? Does it allow you to create your own secure network similar to your home network? If I sign up for both MiFi and VPN, is it as fool-proof as it can get when it comes to data protection or can there still be hidden risks that could end up compromising my data?

Thank you in advance for your advice.

Hi there. This is my first post on FT, but it won't be my last!

Could you be a little more specific about how you will be doing these things? For example, if you will be accessing financial data through a bank website, your communications should be secure. Banks typically use encryption protocols like SSL to transmit data between their servers and their customers' computers. (You can usually tell when you see the "closed padlock" symbol when using your internet browser.) They do not rely on the customer having secure access to the internet.

Hi there. Yes, I will be accessing financial data through various bank and brokerage web sites and then file taxes online, and I believe they all show the "padlock" symbol. Would a VPN or personal hotspot provide additional security? I am nervous since my entire personal/financial information will be transmitted over the hotel internet while doing taxes.

In this case, assuming that all of the institutions have properly implemented their encryption protocols, all received and transmitted data should be protected.

For your particular purposes, using a VPN, hotspot, etc... will only really provide security in the sense that an eavesdropper won't be able to see the type of internet traffic passing through your computer. In other words, she won't easily be able to tell whether or not you're browsing the web casually or making financial transactions. If this type of privacy is important to you, then you might like to try those options. (But keep in mind that the provider will have access to your usage habits.)

Are you going to be using your own laptop etc, or use one provided at the hotel?

Generally these kind of financial website will force the browser to use SSL to prevent snooping on the data you are transmitting. It is worth always checking that sites have the little padlock though as there are "SSL stripping" type attacks. There are other types of attack that you could be vulnerable to on shared networks such as so called "man in the middle" attacks where you would actually be communicating with a hackers machine rather than the financial institution you thought you were.

All in all I would make us of a reputable VPN solution when using hotel connections. The reputable bit is important because all you are trading is trust in the hotel network (which you don't trust) for trust in the VPN. Personally I go a step further and run my own VPN but that is probably overkill!

If you are using a shared machine (rather than your own laptop) it becomes much more complicated as you have to worry about malware on that machine and also probably cannot easily setup a VPN.

Short answer: Every bank and every tax provider out there uses SSL on its website to encrypt data between your computer and the website. You really don't need anything more.

VPN will serve to mask the actual websites you're visiting, but that isn't a concern here.

Pay for VPN if it'll make you feel better - but realize that your VPN provider will have the ability to see what websites you're visiting, instead of the hotel. You'll succeed only in shifting the power to someone else.

Agree with the above. If you're working with an institution that doesn't encrypt your data over the wire, you have bigger issues.

Hello, OP here. I will be using my own laptop. I will only use a VPN service provided by a reputable company (I will probably use Norton), but it sounds that everyone thinks that SSL provides enough protection and VPN is not really necessary. Do you feel the same way about using MiFi?

As everyone else had said HTTPS is a secure end-to-end protocol for web browsing.

You also want to make sure that your e-mail is secure. If you use a browser double check that it's going to a https site -- most do but there are a few services that just broadcast in the clear. If you use an e-mail client like Outlook, secure ports are usually:

POP3 995
SMTP 587 or 465
IMAP 585/993

If you use standard ports like 110/25 anyone in the middle can intercept your messages.

For best security a VPN is about the best solution. I run my own at home & always use it when on the road.
Note that many hotels just subcontract to someone else to provide internet access who might not be the paragon of virtue. A few years back I was at one of the higher-end hotels in Vegas and did some trace routes only to discover my traffic bouncing through way too many suspicious intranet devices, Hotmail should not resolve to a 10.10 address.

I keep my office desktop running all the time when I am away. I travel mainly with an iPad. I have the LogMeIn Ignition app running on the iPad which effectively gives me a a secure VPN to the office desktop. I then run everything that I want to run securely from the office desktop over the VPN link off the iPad.

LogMeIn does a free version which you can access over the internet direct from a webpage on your laptop. Install it and give it a try before you depart, see that you can do everything that you want before you depart somewhere far away for the first time. Finding out what works from the comfort of home is a good comfort blanket!

Browsing FT etc and other non-sensitive matters I do direct from the internet wherever I am.

Is there a browser than tends to be safer than others, e.g., Firefox vs. Internet Explorer?

In general, Chrome is thought of as the most secure. But even Chrome has been remotely compromised.

Nothing will replace a good antivirus/anti-malware program and good browsing habits.

FlyerTalk does not use SSL, and so its cookies are presumably easy to copy and therefore the bad guys can subsequently log into FT as you.

Is that a risk worth worrying about? A good reason to use a VPN?

assuming you have your computer adequately protected against viruses and malware, etc. the thing you need to worry about is "man in the middle" attacks. do a google for an explanation.

to guard against this you should use an institution that uses a confirmation check each time you login. for example it asks you a "secret question" that you've answered when you setup your account. or, it shows you an image at each login and you recognize that image each time you login. a man in middle attack won't know the answer to the secret question, or, in the case of the image check won't know what to display.