Using public WiFi safety questions

[cSalmon]

will be in a hospital room for the next week and need to use their public WiFi?
For banking and logging into financial sites

Obviously I’ll be in lockdown mode, MacBook, I’ve read a vpn doesn’t offer any real safety benefits, don’t currently use one.

May I ask what safety precautions and procedures should I follow? How do I truly protect my passwords? Any other advice would be greatly appreciated as I’m lost with security concerns and I know I’ll need to access sites I want to keep 100% private while using a public WiFi.
Any help is appreciated thank you

 

[Apple_Robert]

1) With lockdown mode enabled (which is a good thing) you wont be able to log into unknown WiFi places . I believe you would need to use your phone as a hotspot.

2) You could set up a free Tailscale account and install the app on your Mac and phone. This would provide you encrypted security while using your devices. If you have an Apple TV at home that you use as a Hub, you could direct all traffic to funnel through your Hub to you in the hospital. What i have mentioned here is pretty easy to set up.

Tailscale | Secure Connectivity for AI, IoT & Multi-Cloud

The connectivity platform for devs, IT, and security teams. Zero Trust identity-based access that deploys in minutes and scales to every resource. Start free.

tailscale.com

 

[Alameda]

1) With lockdown mode enabled (which is a good thing) you wont be able to log into unknown WiFi places . I believe you would need to use your phone as a hotspot.

2) You could set up a free Tailscale account and install the app on your Mac and phone. This would provide you encrypted security while using your devices. If you have an Apple TV at home that you use as a Hub, you could direct all traffic to funnel through your Hub to you in the hospital. What i have mentioned here is pretty easy to set up.

Tailscale | Secure Connectivity for AI, IoT & Multi-Cloud

The connectivity platform for devs, IT, and security teams. Zero Trust identity-based access that deploys in minutes and scales to every resource. Start free.

tailscale.com

If someone is using a public WiFi network, and connecting to a website such as this one or a bank using SSL, which displays a LOCK icon in the browser, then all of the data from the browser to the website and back is encrypted.

So can you explain what security issue exists?

 

[Apple_Robert]

If someone is using a public WiFi network, and connecting to a website such as this one or a bank using SSL, which displays a LOCK icon in the browser, then all of the data from the browser to the website and back is encrypted.

So can you explain what security issue exists?

What I was trying to say is that with 'Lockdown Mode' enabled, the OP won't be able to connect to unknown public WiFi, which the hospital would be.

About Lockdown Mode - Apple Support

Lockdown Mode helps protect devices against extremely rare and highly sophisticated cyber attacks.

support.apple.com

 

[Bigwaff]

I’ve read a vpn doesn’t offer any real safety benefits, don’t currently use one.

With your MacBook's firewall enabled, a reputable VPN service should provide enough security benefit for your scenario. Traffic is encrypted while you use the public wifi.

 

[maflynn]

I’ve read a vpn doesn’t offer any real safety benefits, don’t currently use one.

A VPN absolutely will protect you, and offers real safety benefits, as it encrypts your network traffic from your computer

 

[IvyKing]

My experience with one hospital system is that only a few ports are open, with IMAP being blocked. A VPN may be a good way of getting around this issue.

 

[Alameda]

With your MacBook's firewall enabled, a reputable VPN service should provide enough security benefit for your scenario. Traffic is encrypted while you use the public wifi.

I repeat my question from before: What added security does a VPN Provide over the SSL connection provided by most websites?

 

[Alameda]

will be in a hospital room for the next week and need to use their public WiFi?
For banking and logging into financial sites

Obviously I’ll be in lockdown mode, MacBook, I’ve read a vpn doesn’t offer any real safety benefits, don’t currently use one.

May I ask what safety precautions and procedures should I follow? How do I truly protect my passwords? Any other advice would be greatly appreciated as I’m lost with security concerns and I know I’ll need to access sites I want to keep 100% private while using a public WiFi.
Any help is appreciated thank you

I think you do not understand what is necessary.

Today, nearly all websites use 100% SSL connections, and your browser will complain if you try to access a site without a valid SSL certificate. With an SSL connection, all data between your computer and the server is encrypted. Whether it’s your bank MacRumors.com, all data is encrypted between you and the website. The Internet itself is a public network so whether the WiFi is encrypted or not, the passwords and data going to your websites and back is all encrypted. The lock icon in your browser toolbar will indicate this.

 

[Ruggy]

Public network security problems are largely a thing of the past. The situation has changes an awful lot even in the last 5 years and it's quite a lot safer these days.
In order for you to have a problem something (like a hacked router) would have to convince your computer to go to to a fake site- so an HTTP site that's compromised instead of HTTPS- your browser should catch this though
Another risk is if someone sitting nearby has set up their own network and named it so it looks like the public wifi so you connect to that instead of the real one. If you ever get a message saying 'certificate error' then disconnect immediately.
In both these cases one of the big risks is they send all your data to compromised DNS servers.
Another red flag is if you are trying to charge and you get a message asking you if you 'want to connect to this device' it means it's not a dumb charger at the other end it's an operating system or drive. Be careful of any cables left in a plug as they can do this (they can have tiny drives in them) this is just general advice.
A compromised router could intercept a request and send a fake file with malware on it. This is unlikely and you might catch it anyway

Furthermore, when you connect to your banking and financial sites, are you using an app or going in via a bookmark? If you are using the app you already have a high degree of security if you use a mobile network if you can instead of the hospital wifi you have very good security indeed.
Without a VPN you release more info about you. Meta data- your ip address, maybe what requests you are making.
A VPN is a secure network with secure DNS servers so it secures you from all the dangers. No doubt it's safer but it is fairly unlikely you will have any problems especially if you are careful and sure what you are connecting to. A banking app for sure or address you have used before rather than on a google search for instance.

Good luck in the hospital. I sincerely hope it all goes well for you.

 

[klasma]

With modern browsers enforcing HTTPS/TLS, the risks are not as substantial as they used to be. The main issues are:

• Devices on the local network can attack your device, in case there are any security vulnerabilities in its network stack or protocols or apps doing unencrypted communication. This is rather unlikely, unless a new zero-day becomes known and for example someone else on the network is part of a botnet or similar, or you specifically or the hospital is targeted by state-level actors.
• DNS is unencrypted by default, which means that a man-in-the-middle can resolve domain names to different IPs for your device. TLS will still fail/browsers will block the web page by default, but not all software running on your device and performing network communication is necessarily guaranteed to be using TLS for everything.
• Privacy: With unencrypted DNS, everyone on the local network can see which sites you’re accessing.

Using a VPN you trust is the easiest way to sidestep these issues, in particular the latter two.

 

[grammatica]

I would use a personal mobile hotspot before connecting to public Wi-Fi. A VPN also works to shield your traffic. This is also why I want MacBook to get a cellular chip!

 

[Churchman]

I would use a personal mobile hotspot before connecting to public Wi-Fi. A VPN also works to shield your traffic. This is also why I want MacBook to get a cellular chip!

Agree.

Use your iPhone as a hotspot… tether it to your MacBook… then you are good.

Definitely would not ever connect to your bank on public WiFi.

 

[crococarbs]

VPN is the way to go. You can subscribe to a good reputable provider like Proton VPN, not sure if you can do a trial then cancel, worst case you have to pay for a month of VPN which is not a lot. Better to pay for a reputable service IMO, than to try to find a "free" one that who knows how their business model and practices are.

 

[NewOldStock]

Very important question.Usa has had many Hospital data breaches over the years but they are going after the main Network hospital information systems. Personal data has gotten out for sure. I would think after all these attacks over the years against hospital security it would be maintained and scrutinized a little more. VPN best or hotspot to and from your own phone but like was said in earlier post be a little more aware of where your going and watch for that. Yes banking apps should allow use anywhere if secured correctly and should have notified you the user with information live that you are secured. Hey always ask for the IT person ask questions!. Probably not available to you but doesn't hurt to ask around. That person might just need a break anyway!. lol

 

[nabla]

Also make sure your MacBook itself is properly encrypted (which newer devices should usually be) and uses a strong password – as I would imagine the risk of having the MacBook stolen could be significantly increased over a long hospital stay. All the best for you 🍀

 

[cSalmon]

Thanks everyone for the informative responses I truly appreciate the help

 

[johannnn]

2) You could set up a free Tailscale account and install the app on your Mac and phone. This would provide you encrypted security while using your devices. If you have an Apple TV at home that you use as a Hub, you could direct all traffic to funnel through your Hub to you in the hospital. What i have mentioned here is pretty easy to set up.

Do you mind explaining this? I've not use Tailscale before, but I sort of understand that I can install it on my home Mac and use that as a hub. But how would I use Apple TV as the hub? I can install Tailscale on the Apple TV? And let my iPhone and iPad etc connect to the Apple TV when I'm away?

 

[macfacts]

I repeat my question from before: What added security does a VPN Provide over the SSL connection provided by most websites?

some people are extra paranoid, with a VPN, the hospital won't know what websites you visit. Normal web browser already have connections encrypted if you visit with SSL/HTTPS connections

 

[popup]

When not at home the only way I use for banking is the banking app on my mobile. In a hospital situation I would do the banking from my phone app and for the rest of the browsing I would use a virtual machine with a USB-WiFi dongle attached to that virtual machine. This way the public WiFi will be in touch only with my virtual machine. Also I would avoid visiting sites giving user data - account names, passwords etc. For such sites I would use my mobile as a hot spot.
A more paranoid approach:
1. A virtual guest as router with a dedicated USB-WiFi dongle for connecting to the public WiFi;
2. A virtual guest that connects to the Internet through the virtual router from point 1;
3. A VPN client installed on the virtual guest from point2.

Virtual Router (Linux or BSD) -> Virtual OS (Linux or Windows) + VPN client

 

[benwiggy]

Make sure you use a custom DNS, like Cloudflare (1.1.1.1) or OpenDNS, rather than leaving it to whatever the WiFi gives you by default.

 

[hristob]

HTTPS everywhere means the risk is lower than people think. The main concern is fake networks with the same name as legit ones. If you want peace of mind, a VPN is cheap insurance, but honestly on a Mac with current Safari, you're pretty safe for normal browsing.

 

[Alameda]

When not at home the only way I use for banking is the banking app on my mobile. In a hospital situation I would do the banking from my phone app and for the rest of the browsing I would use a virtual machine with a USB-WiFi dongle attached to that virtual machine. This way the public WiFi will be in touch only with my virtual machine. Also I would avoid visiting sites giving user data - account names, passwords etc. For such sites I would use my mobile as a hot spot.
A more paranoid approach:
1. A virtual guest as router with a dedicated USB-WiFi dongle for connecting to the public WiFi;
2. A virtual guest that connects to the Internet through the virtual router from point 1;
3. A VPN client installed on the virtual guest from point2.

Virtual Router (Linux or BSD) -> Virtual OS (Linux or Windows) + VPN client

Because why?
Because you’re afraid your hospital, who have your billing information already, will find out that you use Chase Bank? How does that endanger you?

 

[mdcmdcmdc]

Very important question.Usa has had many Hospital data breaches over the years but they are going after the main Network hospital information systems. Personal data has gotten out for sure.

These are two different things. The security breaches you speak of are on the hospitals’ internal networks, where they store confidential patient data. The OP is asking about the public WiFi that’s provided for patients’ convenience.

I would think after all these attacks over the years against hospital security it would be maintained and scrutinized a little more.

Maybe a little, but I wouldn’t expect much. The typical response to a breach is to issue statements about how they use “industry standard security” (which means nothing), and to offer one or two years of credit monitoring.

Hospitals are corporations, and like most corporations, they want their operations to be efficient and offer as a little friction as possible to their employees. Security is an afterthought. It’s a checkbox. It’s not designed into the network from the ground up.

 

[Tres]

VPNs are largely snake oil unless you live in a high-surveillance state and/or need to overcome geoblocks (or are working for a company and need to access internal resources while away from the office).

As others are saying, most traffic over the net is now encrypted, so there's very little risk to using public wifi. About the only thing VPNs do is stop the provider of the wifi from profiling you.

Another issue is, while connected to a VPN all of your traffic is routed through the VPN provider, and how much can you say you trust the provider itself?