Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Working and using Internet at a Coffee shop - secure?

B

biosci

macrumors 6502a
Original poster
Apr 16, 2010
750
36
Chicagoland, IL
Well whenever I go to a Starbucks or other coffee shop with my MBA, I always look for any available WiFi hotspots. When connected, do you guys just browse as is or do you subscribe to any VPN service for secure connections? It doesn't seem like something hard to do at all but didn't know if browsing without a VPN was 'dangerous' or makes you truly susceptible to people snooping in on your business.

Any opinions?

Mike
 
What are you securing yourself from? If you are using HTTPS sites you should be okay, if you really want to be secure you should be using a VPN of some sort.
 
Just not sure if there was a threat out there or some sort of software that could pick up usernames and passwords if browsing forums, sending off emails, or logging into sites when you're on a public wifi network. Ie: if I open pages that syncs via icloud, update Dropbox, etc is that info secure? Just wondering.

Also, do you have a firewall turned on when on public wifi?
 
Of course it is not secure unless you are using a VPN.

You do not need a "VPN service" if you have an always-on machine or router at home (or somewhere - many of us have a dedicated or VPS server at a data center - i.e. if you are hosting websites) that you can install a VPN on.

I have a VPN installed on my OpenWrt router, but so far have only figured out how to get it to work for iPhone and iPad. Haven't worked-out the details for OSX.

You should be OK for https: and for email if you use a secure email connection. (make sure you use a secure connection both inbound and outbound!)

That said, somebody would have to "tap" the data, and that's not really that easy.

- unsecured wifi (never connect to an unsecured wifi connection!)

- somebody's got a cable in the back room at Starbucks, AND Starbucks has a switch with a tap feature. In the "old days" of hubs, every device on a local network saw all traffic, but those days are long gone. (I have such a switch at home that I use for debugging apps. You have to set-up the switch to copy traffic from a specific port or ports to a "tap" port) So, you can't just quickly plug a cable into a switch. It has to be the right switch, and it has to be configured.

- somebody at some ISP along the way has done the same. I think I would trust major ISPs and backbone providers.

- somebody at the destination has a tap. This should not be a problem in major data centers. But who knows about Podunk Data Center.

- Of course, the NSA gets it no matter what

- I don't trust Apple services to be secure, due to recent findings of some services not using a secure protocol. I beleive they've been fixed, but who knows what else is lurking?

- I would not trust iOS apps or desktop apps that talk to some server to use a secure protocol
 
biosci said:
Just not sure if there was a threat out there or some sort of software that could pick up usernames and passwords if browsing forums, sending off emails, or logging into sites when you're on a public wifi network. Ie: if I open pages that syncs via icloud, update Dropbox, etc is that info secure? Just wondering.
Click to expand...

Discussion forums (this one included) are typically not running over an encrypted connection so no, not secure.

Email depends on the provider. Most of the big ones (Google, Outlook.com, Yahoo) use https encryption through their webmail interface. Most also show you how to set up SSL/TLS encrypted connections if you're using a client like Mail, but it's still possible to set up an unencrypted connection in many cases.

To be safe, you should definitely be using VPN when on public Wifi. It's the only way to be sure.
 
Most starbucks use 'wireless isolation' which helps but to be 100% sure you need to be on a VPN connection
 
A few years ago my Gmail account was hacked, all my friends got a short email from "me" with nothing but a link in the text, I suspect if you click on the link you'd infect yourself with a Windows worm that would just propagate itself and do the same thing.

I have no idea how it happened:

- I don't log into my Gmail account using Windows machines -- I run all Macs at home.
- At the time the email was sent, I was on vacation, so I hadn't even been on a computer at all in days.
- I had, however, used the public WiFi at the local Starbucks a few hours before the timestamp of the email.

I don't have any evidence, and I have no idea what mechanism, if any, would have allowed my Gmail login to be sniffed over the WiFi at Starbucks. But that's the closest thing I have to a theory about how it happened.

I have since changed my password, enabled two-factor authentication on all Google services, and avoid checking email in public WiFi spots.
 
notjustjay said:
A few years ago my Gmail account was hacked, all my friends got a short email from "me" with nothing but a link in the text, I suspect if you click on the link you'd infect yourself with a Windows worm that would just propagate itself and do the same thing.

I have no idea how it happened:

- I don't log into my Gmail account using Windows machines -- I run all Macs at home.
- At the time the email was sent, I was on vacation, so I hadn't even been on a computer at all in days.
- I had, however, used the public WiFi at the local Starbucks a few hours before the timestamp of the email.

I don't have any evidence, and I have no idea what mechanism, if any, would have allowed my Gmail login to be sniffed over the WiFi at Starbucks. But that's the closest thing I have to a theory about how it happened.

I have since changed my password, enabled two-factor authentication on all Google services, and avoid checking email in public WiFi spots.
Click to expand...

Running a Mac doesn't help when they are packet sniffing. Networking protocols are all the same. OS doesn't matter.
 
notjustjay said:
A few years ago my Gmail account was hacked, all my friends got a short email from "me" with nothing but a link in the text, I suspect if you click on the link you'd infect yourself with a Windows worm that would just propagate itself and do the same thing.

I have no idea how it happened:

- I don't log into my Gmail account using Windows machines -- I run all Macs at home.
- At the time the email was sent, I was on vacation, so I hadn't even been on a computer at all in days.
- I had, however, used the public WiFi at the local Starbucks a few hours before the timestamp of the email.

I don't have any evidence, and I have no idea what mechanism, if any, would have allowed my Gmail login to be sniffed over the WiFi at Starbucks. But that's the closest thing I have to a theory about how it happened.

I have since changed my password, enabled two-factor authentication on all Google services, and avoid checking email in public WiFi spots.
Click to expand...
How complex was your password? Did you use it anywhere else?

The myth of uberhackers hanging out at coffee shops collecting Dick and Jane's password is pretty popular
 
Running a Mac doesn't help when they are packet sniffing. Networking protocols are all the same. OS doesn't matter.
Click to expand...

I mentioned running a Mac to eliminate the possibility that my own computer was somehow infected by a worm that caused it to send out the rogue emails directly.

robvas said:
How complex was your password? Did you use it anywhere else?

The myth of uberhackers hanging out at coffee shops collecting Dick and Jane's password is pretty popular
Click to expand...

Right, so I was reluctant to believe in the theory that someone was packet sniffing and stealing passwords.

Still... a breach happened, and I don't know how.

The password was a dictionary word with numeric characters, and it was used elsewhere. So, granted, there are any number of ways my password could have been compromised. Perhaps it was simply coincidence that the emails were sent out hours after I used a Starbucks WiFi access point.
 
Thanks everyone for chiming in. Now, does everyone use a VPN service for their wifi access? Or do you set one up at home?
 
biosci said:
Thanks everyone for chiming in. Now, does everyone use a VPN service for their wifi access? Or do you set one up at home?
Click to expand...
If you have a fast internet connection (Both upload and download) you could use one at home. You will have a little lag since you have to hit your house and back.

Depending on how fast of a wifi connection you usually use, it might not be a big deal. But a service is faster and more reliable and they are pretty cheap - $5 a month. You could also just use an ssh tunnel if you access to a linux server already (https://calomel.org/firefox_ssh_proxy.html)
notjustjay said:
I mentioned running a Mac to eliminate the possibility that my own computer was somehow infected by a worm that caused it to send out the rogue emails directly.

Right, so I was reluctant to believe in the theory that someone was packet sniffing and stealing passwords.

Still... a breach happened, and I don't know how.

The password was a dictionary word with numeric characters, and it was used elsewhere. So, granted, there are any number of ways my password could have been compromised. Perhaps it was simply coincidence that the emails were sent out hours after I used a Starbucks WiFi access point.
Click to expand...

Remember this very site was hacked not to long ago...
 
No it's not secure, but really I don't think anyone really goes around sniffing my info.
 
If you are using the internet, VPN or not, then you can never be 100% secure.

As said above, HTTPS is good enough if you are logging in to your bank for example.
 
Honestly, not much is truly secure these days. Packet sniffing/snooping can reveal quite a bit about what's happening on any give wireless network. The only thing I do while on any given public wireless network is surf various lame websites.

Just use common sense when on an unknown public network. IE, keep your online banking for you secure network @ home. ;)
 
Nothing has ever been secure online. Especially nowadays. The government has virtually unfettered access to anything and everything you do. A VPN does not change this. Not signing into any accounts/using passwords on an open wifi network is just basic computing sense.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back