I’ve long been a fan of Peter Shankman and the company he founded called HARO. Last month he posted a warning about free wifi that resonated with me. He gave me permission to repost it here. I hope it helps keep you safe!
Why it’s time for YOU to say good-bye to free WiFi
by Peter Shankman
Remember my post back in August about how it’s time to say goodbye to free WI-Fi in coffeehouses, in airports, etc?
I have never been more sure of something in my life – Today, I’ll prove it.
I’m on the 6:20am Amtrak from NYC to Boston right now. For a brief moment, I switched off my Sprint EVO 4G, and am using Amtrak’s free WiFi to prove a point.
I also installed a little Add-on to Firefox (I usually use Chrome, I switched to Firefox for this experiment,) called Firesheep.
If you haven’t heard of Firesheep, prepare to be really, really frightened.
I’m not a true tech geek, so please forgive me if I don’t totally speak Geek. Essentially, FireSheep allows you to see who’s connecting to various sites that don’t encrypt their HTTP login cookies, like Facebook, Evernote, Yahoo, Amazon, Dropbox, Gowalla, Twitter, WordPress, and others, to name a very limited few.
Once you see who’s connected, it’s a simple matter of double clicking on their name, and YOU ARE LOGGED INTO THEIR ACCOUNT, AS THEM.
No, I’m not bullshitting you.
Firesheep has garnered a LOT of press over the past week since it was released, and rightly so – This Firefox add-on scares the living HELL out of me.
Now keep in mind – I am NOT logging in as anyone else, or logging into anyone else’s websites or folders as anyone else during this experiment, I’m simply trying to prove a point:
FREE WI-FI HAS NEVER BEEN, AND NEVER TRULY WILL BE, SAFE. WE BELIEVE IT TO BE SAFE BECAUSE THE MAJORITY OF US HAVEN’T BEEN TOLD OTHERWISE. UNTIL NOW.
Right now, within TEN MINUTES of this train leaving Penn Station, NY, someone has just logged onto Evernote through Amtrak’s Wi-Fi, someone else has logged into Yahoo, and someone else has logged into Windows Live. I guarantee that if this wasn’t the 6:20am train and 90% of the people on it weren’t sleeping, I’d be seeing a LOT more accounts. And as the trip continues, and as more people wake up, I will.
Ooh – Two people just logged into Facebook
Here’s the kicker: If I were to click on their name from the list RIGHT IN FRONT OF ME, I’d have access to every piece of data that B… has on Evernote, that J… has on Yahoo!, and that S… has on Facebook. Every photo. Every audio recording. Every conversation they thought was private. Every potential life-changing or relationship-ruining piece of data. Every company-crushing-if-public memo. I could download it, use it to my advantage, post it to a public place (like You-tube,) or even DELETE THEIR ACCOUNT if I felt like it.
Using free Wi-Fi is essentially the same thing as leaving your house with all the doors and windows open – But this takes it one step further: This posts a big sign up as soon as you leave, to anyone who happens to be looking, that says “I’M NOT HOME NOW, HERE’S WHERE ALL MY SECRET STUFF IS, AND HERE’S A MAP TO FIND IT. FEEL FREE TO TAKE, USE, OR DESTROY WHATEVER YOU WANT.”
The last time I wrote about sounding the death bell for Free Wi-Fi, it was from a business and corporate perspective. This time, it’s from the perspective of YOU
IF YOU ARE USING FREE WI-FI, NOTHING YOU “DIGITALLY OWN” IS SAFE.
Companies who provide free Wi-Fi have NO incentive to protect it – It’ll lead to more questions from people that the workers there have no idea how to answer. And let’s face it – If you provide a secure password to your secure network to everyone who walks in, how secure is that network
Answer? Not secure at ALL.
And if big companies put a fix in play to stop Firesheep, something else will come up. Free Wi-Fi networks will ALWAYS be the weakest link in your security chain
For the safety of you – your business – your home – your friends – your relationships – your children – SPEND $50 A MONTH AND BUY A portable Hotspot card. I don’t care which one you buy – Sprint, Verizon, AT&T, whatever.
And no – a portable hotspot isn’t 100% safe, either – Nothing is – But if you’re using your own hotspot, and you have some level of security on it, then you at LEAST have a better chance of being safer – I.e., there are more inviting targets to go after, that can be accessed quicker, without having to hack a WEP password or the like.
Stop using free Wi-Fi. Please. It might be the best $50 a month you’ve ever spent.
I agree that Firesheep is a problem, but spending $50/month for a wireless internet card seems to be a bit of an extreme solution. A cheaper solution would be to sign up for a personal VPN service. I use a VPN provided by my workplace, so I don’t have any experience with personal VPNs. However, a quick search brought up this one for only $70/year:
http://www.witopia.net/index.php/products/
In this way you can connect to any network, secure, public, free, whatever, and set up a secure tunnel to a trusted location where you know your traffic will be encrypted. And you don’t have to pay $50+/month.
Even cheaper is to install other add-ons (blacksheep)that will actively block applications and add-ons like Firesheep. No need to be all, the sky is falling, it’s merely a crack, and we have the caulk to secure the pieces.
Or better yet, force your browser to log you in using HTTPS every single place it’s available, which is most of the sites you have mentioned in this article. A quick google would have turned all this up.
So, do you still think free WiFi is so dangerous in light of the two responses above?