Online security tools
#1
Original Poster
Join Date: Apr 2019
Posts: 11
Online security tools
I usually on public wifis while traveling, and, after reading a few shocking stories of how people get hacked through these open networks, I got concerned. I already own Surfshark, Bitdefender and Lastpass, but is it enough? Do I need something like TOR?
#2
Join Date: Dec 2010
Location: DEL
Posts: 1,056
Probably not.
Even if you're doing online banking on airport wifi, the more likely ways you're going to get hacked are:
Even if you're doing online banking on airport wifi, the more likely ways you're going to get hacked are:
- the dude watching over your shoulder as you type your password
- someone hacking your bank or a merchant with whom you've done business
- someone hacking another website that stored passwords in cleartext and using the password elsewhere (but you'd never use the same password on that dodgy forum for owners of 1984 Pontiac Fieros as you use for your bank... right?)
#3
Moderator: Travel Safety/Security, Travel Tools, California, Los Angeles; FlyerTalk Evangelist
Join Date: Dec 2009
Location: LAX
Programs: oneword Emerald
Posts: 20,634
Moderator's Action
The Practical safety and Security Issues forum is for discussing topics directly related to travel, including security screening, travel documents, customs and immigration, personal safety during transportation and in hotels, and securing personal property while traveling.
Discussions of cyber security and safeguarding computers, cell phones and other electronics from hackers and malware belong in the Travel Technology forum.
Please follow this thread as if moves there.
TWA884
Travel Safety/Security co-moderator
Discussions of cyber security and safeguarding computers, cell phones and other electronics from hackers and malware belong in the Travel Technology forum.
Please follow this thread as if moves there.
TWA884
Travel Safety/Security co-moderator
#4
Join Date: Apr 2014
Posts: 409
Completely agree. That said, VPNs are so inexpensive nowadays, and I appreciate the peace of mind it gives me to use one when using public wifi
Probably not.
Even if you're doing online banking on airport wifi, the more likely ways you're going to get hacked are:
Even if you're doing online banking on airport wifi, the more likely ways you're going to get hacked are:
- the dude watching over your shoulder as you type your password
- someone hacking your bank or a merchant with whom you've done business
- someone hacking another website that stored passwords in cleartext and using the password elsewhere (but you'd never use the same password on that dodgy forum for owners of 1984 Pontiac Fieros as you use for your bank... right?)
#6
FlyerTalk Evangelist
Join Date: Nov 2002
Location: ORD
Posts: 14,231
There are are a few different concerns at hand here, and vpn probably isn’t solving the problem you think you are trying to solve. But as my friend says, you do you.
#7
Join Date: Apr 2014
Posts: 409
Trust me, I will 😉 But more seriously, it is not hard to research VPN providers and determine your own level of trust. Additionally, a VPN can be very handy when traveling out of the country and needing to connect to services as if you are still in that country.
As long as you trust the VPN provider. Using a vpn is just trading trust from the local isp to the vpn provider. Either way it’s irrelevant if you’re using TLS, which you should be in this day and age of https being more of a standard.
There are are a few different concerns at hand here, and vpn probably isn’t solving the problem you think you are trying to solve. But as my friend says, you do you.
As long as you trust the VPN provider. Using a vpn is just trading trust from the local isp to the vpn provider. Either way it’s irrelevant if you’re using TLS, which you should be in this day and age of https being more of a standard.
There are are a few different concerns at hand here, and vpn probably isn’t solving the problem you think you are trying to solve. But as my friend says, you do you.
#8
Join Date: Aug 2010
Location: RDU
Programs: Marriott Platinum. AA and UA as well, but I don't care about them anymore.
Posts: 308
Probably not.
Even if you're doing online banking on airport wifi, the more likely ways you're going to get hacked are:
Even if you're doing online banking on airport wifi, the more likely ways you're going to get hacked are:
- the dude watching over your shoulder as you type your password
- someone hacking your bank or a merchant with whom you've done business
- someone hacking another website that stored passwords in cleartext and using the password elsewhere (but you'd never use the same password on that dodgy forum for owners of 1984 Pontiac Fieros as you use for your bank... right?)
Note, for #1 above, I, personally, don't type critical things where people can easily see them without being noticed, and my laptop always has a security screen on it which minimizes the "over the shoulder" viewers. But unlike the average person, I lean very far to the paranoid side of situational awareness.
For 2, there's NOTHING you can do to mitigate that, so it's not a concern at all.
For 3, that's why I use LastPass and a purely random password for every single account I have.
#9
FlyerTalk Evangelist
Join Date: Nov 2002
Location: ORD
Posts: 14,231
This is probably true, but aside from the obvious benefit of location swapping to use Geo-locked things, a VPN is kinda like a condom. Sure, the chances of you getting an STD from connecting to that random free public hotspot in $RANDOM_CAFE is pretty slim, but why take the chance? .
*assuming you are like 99.9% of the population and a nation state's intelligence service isn't after you
#10
Join Date: Aug 2010
Location: RDU
Programs: Marriott Platinum. AA and UA as well, but I don't care about them anymore.
Posts: 308
That said though, the actual point was that you can't know or really vet that MyCafeWifi and MyCafeWifi are both legit, or know that one is legit and the other is someone doing a MITM faking an access point. So using a VPN when you do connect to MyCafeWifi is just an added layer of protection.
As for the assumption... I hope so, but you don't necessarily have to think you're a surveillance target, for instance, maybe the Chinese intelligence apparatus can decrypt traffic passing through my VPN, and likely they do not care, but when I'm in China I absolutely do not connect to anything without a VPN running.
Fun experiment. Go to a hotel with a travel router and give your travel router an SSID that is eerily similar to the legit hotel WiFi. Maybe something like "Marriott_Guest" vs "Marriott-Guest" and then just wait and see how many people try connecting to it unaware that it's not the right AP.
But yeah, 99% of all people really do have little to worry about that TLS doesn't already address, and like I said, personally I lean more to the paranoid side of things.
#11
FlyerTalk Evangelist
Join Date: Nov 2002
Location: ORD
Posts: 14,231
Of course not, the malware comes from the token rings...
That said though, the actual point was that you can't know or really vet that MyCafeWifi and MyCafeWifi are both legit, or know that one is legit and the other is someone doing a MITM faking an access point. So using a VPN when you do connect to MyCafeWifi is just an added layer of protection.
As for the assumption... I hope so, but you don't necessarily have to think you're a surveillance target, for instance, maybe the Chinese intelligence apparatus can decrypt traffic passing through my VPN, and likely they do not care, but when I'm in China I absolutely do not connect to anything without a VPN running.
Fun experiment. Go to a hotel with a travel router and give your travel router an SSID that is eerily similar to the legit hotel WiFi. Maybe something like "Marriott_Guest" vs "Marriott-Guest" and then just wait and see how many people try connecting to it unaware that it's not the right AP.
But yeah, 99% of all people really do have little to worry about that TLS doesn't already address, and like I said, personally I lean more to the paranoid side of things.
That said though, the actual point was that you can't know or really vet that MyCafeWifi and MyCafeWifi are both legit, or know that one is legit and the other is someone doing a MITM faking an access point. So using a VPN when you do connect to MyCafeWifi is just an added layer of protection.
As for the assumption... I hope so, but you don't necessarily have to think you're a surveillance target, for instance, maybe the Chinese intelligence apparatus can decrypt traffic passing through my VPN, and likely they do not care, but when I'm in China I absolutely do not connect to anything without a VPN running.
Fun experiment. Go to a hotel with a travel router and give your travel router an SSID that is eerily similar to the legit hotel WiFi. Maybe something like "Marriott_Guest" vs "Marriott-Guest" and then just wait and see how many people try connecting to it unaware that it's not the right AP.
But yeah, 99% of all people really do have little to worry about that TLS doesn't already address, and like I said, personally I lean more to the paranoid side of things.
#12
Join Date: Jan 2015
Posts: 2,918
Out of curiosity, what VPNs do you use when connecting from McD or Starbucks (DataValet...a managed wifi service)? Up here, if I am using one of the "big-box" free Wifi, I find PIA and Nord won't connect. I haven't really researched it, but I'm curious if anyone has already figured out a way to make the two work together.
#13
Join Date: Jan 2015
Posts: 2,918
As you said, TLS addresses the MITM issues you raise. Use a VPN if you want; as far as I'm concerned they are a waste of money unless you're trying to access something the local network forbids (like getting through the Great Firewall) or want to appear to be in a different place because of geographic restrictions on what you're trying to access.
#14
Join Date: Jul 2007
Location: San Francisco/Sydney
Programs: UA 1K/MM, Hilton Diamond, Marriott Something, IHG Gold, Hertz PC, Avis PC
Posts: 8,157
TLS helps, but in most cases it still relies on the user to notice if something is wrong. Other related things like HSTS help improve that, but there are still holes.
It's a few years old and there have been improvements, but this post from a similar thread here a few years ago explains some of the issues, even with SSL/TLS.
It's a few years old and there have been improvements, but this post from a similar thread here a few years ago explains some of the issues, even with SSL/TLS.
#15
Join Date: Apr 2014
Posts: 409
Try using OpenVPN using TCP and port 443.
Out of curiosity, what VPNs do you use when connecting from McD or Starbucks (DataValet...a managed wifi service)? Up here, if I am using one of the "big-box" free Wifi, I find PIA and Nord won't connect. I haven't really researched it, but I'm curious if anyone has already figured out a way to make the two work together.