Online security tools

Old Aug 5, 19, 7:53 am
  #1  
Original Poster
 
Join Date: Apr 2019
Posts: 11
Online security tools

I usually on public wifis while traveling, and, after reading a few shocking stories of how people get hacked through these open networks, I got concerned. I already own Surfshark, Bitdefender and Lastpass, but is it enough? Do I need something like TOR?
Leeroy75 is offline  
Old Aug 5, 19, 10:27 am
  #2  
 
Join Date: Dec 2010
Location: Belgium
Posts: 701
Probably not.

Even if you're doing online banking on airport wifi, the more likely ways you're going to get hacked are:
  1. the dude watching over your shoulder as you type your password
  2. someone hacking your bank or a merchant with whom you've done business
  3. someone hacking another website that stored passwords in cleartext and using the password elsewhere (but you'd never use the same password on that dodgy forum for owners of 1984 Pontiac Fieros as you use for your bank... right?)
TLS (the encryption behind https, etc.) is quite secure and essentially every legitimate organization uses it these days. The alleged dangers of public wifi are, IMO, grossly overstated in 2019.
ajGoes, CPRich, DYKWIA and 1 others like this.
der_saeufer is offline  
Old Aug 5, 19, 10:35 am
  #3  
Moderator: Travel Safety/Security, Travel Tools, California, Los Angeles
 
Join Date: Dec 2009
Location: VNY | BUR | LAX
Programs: AAdvantage | MileagePlus
Posts: 11,779
Moderator's Action

The Practical safety and Security Issues forum is for discussing topics directly related to travel, including security screening, travel documents, customs and immigration, personal safety during transportation and in hotels, and securing personal property while traveling.

Discussions of cyber security and safeguarding computers, cell phones and other electronics from hackers and malware belong in the Travel Technology forum.

Please follow this thread as if moves there.

TWA884
Travel Safety/Security co-moderator
TWA884 is offline  
Old Aug 6, 19, 7:33 pm
  #4  
 
Join Date: Apr 2014
Posts: 398
Completely agree. That said, VPNs are so inexpensive nowadays, and I appreciate the peace of mind it gives me to use one when using public wifi

Originally Posted by der_saeufer View Post
Probably not.

Even if you're doing online banking on airport wifi, the more likely ways you're going to get hacked are:
  1. the dude watching over your shoulder as you type your password
  2. someone hacking your bank or a merchant with whom you've done business
  3. someone hacking another website that stored passwords in cleartext and using the password elsewhere (but you'd never use the same password on that dodgy forum for owners of 1984 Pontiac Fieros as you use for your bank... right?)
TLS (the encryption behind https, etc.) is quite secure and essentially every legitimate organization uses it these days. The alleged dangers of public wifi are, IMO, grossly overstated in 2019.
PackingIt is offline  
Old Aug 6, 19, 9:53 pm
  #5  
Suspended
 
Join Date: Aug 2019
Posts: 2
Originally Posted by PackingIt View Post
Completely agree. That said, VPNs are so inexpensive nowadays, and I appreciate the peace of mind it gives me to use one when using public wifi
That is one of the reasons VPN is so popular.
WanXuan is offline  
Old Aug 7, 19, 9:43 am
  #6  
FlyerTalk Evangelist
 
Join Date: Nov 2002
Location: PWM - the way life should be
Posts: 11,699
Originally Posted by PackingIt View Post
Completely agree. That said, VPNs are so inexpensive nowadays, and I appreciate the peace of mind it gives me to use one when using public wifi
As long as you trust the VPN provider. Using a vpn is just trading trust from the local isp to the vpn provider. Either way itís irrelevant if youíre using TLS, which you should be in this day and age of https being more of a standard.

There are are a few different concerns at hand here, and vpn probably isnít solving the problem you think you are trying to solve. But as my friend says, you do you.
ajGoes and der_saeufer like this.
gfunkdave is offline  
Old Aug 7, 19, 11:15 am
  #7  
 
Join Date: Apr 2014
Posts: 398
Trust me, I will 😉 But more seriously, it is not hard to research VPN providers and determine your own level of trust. Additionally, a VPN can be very handy when traveling out of the country and needing to connect to services as if you are still in that country.

Originally Posted by gfunkdave View Post


As long as you trust the VPN provider. Using a vpn is just trading trust from the local isp to the vpn provider. Either way itís irrelevant if youíre using TLS, which you should be in this day and age of https being more of a standard.

There are are a few different concerns at hand here, and vpn probably isnít solving the problem you think you are trying to solve. But as my friend says, you do you.
PackingIt is offline  
Old Aug 12, 19, 2:08 pm
  #8  
 
Join Date: Aug 2010
Location: RDU
Programs: Marriott Platinum. AA and UA as well, but I don't care about them anymore.
Posts: 192
Originally Posted by der_saeufer View Post
Probably not.

Even if you're doing online banking on airport wifi, the more likely ways you're going to get hacked are:
  1. the dude watching over your shoulder as you type your password
  2. someone hacking your bank or a merchant with whom you've done business
  3. someone hacking another website that stored passwords in cleartext and using the password elsewhere (but you'd never use the same password on that dodgy forum for owners of 1984 Pontiac Fieros as you use for your bank... right?)
TLS (the encryption behind https, etc.) is quite secure and essentially every legitimate organization uses it these days. The alleged dangers of public wifi are, IMO, grossly overstated in 2019.
This is probably true, but aside from the obvious benefit of location swapping to use Geo-locked things, a VPN is kinda like a condom. Sure, the chances of you getting an STD from connecting to that random free public hotspot in $RANDOM_CAFE is pretty slim, but why take the chance? I do not connect to public WiFi anywhere without a VPN active. With the VPN, sure there's also an amount of blind trust, BUT I can at least research the VPN to determine the level of risk involved and make a generally informed opinion on whether or not to trust them, where I cannot really easily verify that "Maid Cafe Public WiFi" and "Maid Cafe Public WiFi 2" are legitimate APs. It's just risk mitigation IMO and running a TLS encrypted connection across an also encrypted VPN session moves that risk from Killed By An Out Of Control Bus to Killed By Falling Space Station Debris territory.

Note, for #1 above, I, personally, don't type critical things where people can easily see them without being noticed, and my laptop always has a security screen on it which minimizes the "over the shoulder" viewers. But unlike the average person, I lean very far to the paranoid side of situational awareness.
For 2, there's NOTHING you can do to mitigate that, so it's not a concern at all.
For 3, that's why I use LastPass and a purely random password for every single account I have.
Dread Pirate Jeff is offline  
Old Aug 13, 19, 7:27 am
  #9  
FlyerTalk Evangelist
 
Join Date: Nov 2002
Location: PWM - the way life should be
Posts: 11,699
Originally Posted by Dread Pirate Jeff View Post
This is probably true, but aside from the obvious benefit of location swapping to use Geo-locked things, a VPN is kinda like a condom. Sure, the chances of you getting an STD from connecting to that random free public hotspot in $RANDOM_CAFE is pretty slim, but why take the chance? .
Connecting to a network is not going to give you malware*. That's just plain silly.

*assuming you are like 99.9% of the population and a nation state's intelligence service isn't after you
gfunkdave is offline  
Old Aug 13, 19, 4:05 pm
  #10  
 
Join Date: Aug 2010
Location: RDU
Programs: Marriott Platinum. AA and UA as well, but I don't care about them anymore.
Posts: 192
Originally Posted by gfunkdave View Post
Connecting to a network is not going to give you malware*. That's just plain silly.

*assuming you are like 99.9% of the population and a nation state's intelligence service isn't after you
Of course not, the malware comes from the token rings...

That said though, the actual point was that you can't know or really vet that MyCafeWifi and MyCafeWifi are both legit, or know that one is legit and the other is someone doing a MITM faking an access point. So using a VPN when you do connect to MyCafeWifi is just an added layer of protection.

As for the assumption... I hope so, but you don't necessarily have to think you're a surveillance target, for instance, maybe the Chinese intelligence apparatus can decrypt traffic passing through my VPN, and likely they do not care, but when I'm in China I absolutely do not connect to anything without a VPN running.

Fun experiment. Go to a hotel with a travel router and give your travel router an SSID that is eerily similar to the legit hotel WiFi. Maybe something like "Marriott_Guest" vs "Marriott-Guest" and then just wait and see how many people try connecting to it unaware that it's not the right AP.

But yeah, 99% of all people really do have little to worry about that TLS doesn't already address, and like I said, personally I lean more to the paranoid side of things.
Dread Pirate Jeff is offline  
Old Aug 14, 19, 7:35 am
  #11  
FlyerTalk Evangelist
 
Join Date: Nov 2002
Location: PWM - the way life should be
Posts: 11,699
Originally Posted by Dread Pirate Jeff View Post
Of course not, the malware comes from the token rings...

That said though, the actual point was that you can't know or really vet that MyCafeWifi and MyCafeWifi are both legit, or know that one is legit and the other is someone doing a MITM faking an access point. So using a VPN when you do connect to MyCafeWifi is just an added layer of protection.

As for the assumption... I hope so, but you don't necessarily have to think you're a surveillance target, for instance, maybe the Chinese intelligence apparatus can decrypt traffic passing through my VPN, and likely they do not care, but when I'm in China I absolutely do not connect to anything without a VPN running.

Fun experiment. Go to a hotel with a travel router and give your travel router an SSID that is eerily similar to the legit hotel WiFi. Maybe something like "Marriott_Guest" vs "Marriott-Guest" and then just wait and see how many people try connecting to it unaware that it's not the right AP.

But yeah, 99% of all people really do have little to worry about that TLS doesn't already address, and like I said, personally I lean more to the paranoid side of things.
As you said, TLS addresses the MITM issues you raise. Use a VPN if you want; as far as I'm concerned they are a waste of money unless you're trying to access something the local network forbids (like getting through the Great Firewall) or want to appear to be in a different place because of geographic restrictions on what you're trying to access.
gfunkdave is offline  
Old Aug 15, 19, 7:52 am
  #12  
 
Join Date: Jan 2015
Posts: 502
Out of curiosity, what VPNs do you use when connecting from McD or Starbucks (DataValet...a managed wifi service)? Up here, if I am using one of the "big-box" free Wifi, I find PIA and Nord won't connect. I haven't really researched it, but I'm curious if anyone has already figured out a way to make the two work together.
StuckInYYZ is offline  
Old Aug 15, 19, 7:59 am
  #13  
 
Join Date: Jan 2015
Posts: 502
Originally Posted by gfunkdave View Post
As you said, TLS addresses the MITM issues you raise. Use a VPN if you want; as far as I'm concerned they are a waste of money unless you're trying to access something the local network forbids (like getting through the Great Firewall) or want to appear to be in a different place because of geographic restrictions on what you're trying to access.
Getting through the GFC is painful with a VPN. If you use a recognised provider, it can take a long time to establish a connection to one of the entry points. I've had cases where I connect to the hotel wireless and watch the VPN client take its jolly sweet time connecting so I could access my emails. The last few times it took between 30-60 minutes before the connection established.
StuckInYYZ is offline  
Old Aug 15, 19, 8:53 am
  #14  
 
Join Date: Jul 2007
Location: San Francisco/Sydney
Programs: UA 1K/MM, TK Elite, DL Gold, Hilton Diamond, Marriott Platinum, IHG Gold, Hertz PC, Avis First
Posts: 6,923
Originally Posted by gfunkdave View Post
As you said, TLS addresses the MITM issues you raise.
TLS helps, but in most cases it still relies on the user to notice if something is wrong. Other related things like HSTS help improve that, but there are still holes.

It's a few years old and there have been improvements, but this post from a similar thread here a few years ago explains some of the issues, even with SSL/TLS.
docbert is online now  
Old Aug 15, 19, 12:22 pm
  #15  
 
Join Date: Apr 2014
Posts: 398
Try using OpenVPN using TCP and port 443.

Originally Posted by StuckInYYZ View Post
Out of curiosity, what VPNs do you use when connecting from McD or Starbucks (DataValet...a managed wifi service)? Up here, if I am using one of the "big-box" free Wifi, I find PIA and Nord won't connect. I haven't really researched it, but I'm curious if anyone has already figured out a way to make the two work together.
KRSW and GUWonder like this.
PackingIt is offline  

Thread Tools
Search this Thread