Use of public Wi-Fi hotspots has become an essential part of life for some people for browsing on the move for both work and play.
Public Wi-Fi has become almost expected and demanded these days in many countries, but is it actually safe to use on it’s own? Does using https or a VPN help with public Wi-Fi?
Let’s break the answer down into three separate parts:
Firstly, regarding public Wi-Fi alone:
Using public Wi-Fi on it’s own with no protection is definitely not safe. All your internet traffic can be observed and possibly intercepted by someone experienced in hacking and networking.
And then using a VPN:
Using public Wi-Fi with a legitimate, reputable VPN is safe. A good VPN will use much stronger encryption protocols than standard HTTPS to protect your connection and personal data, and is almost impossible to hack.
So the short answer is that if you are going to use public Wi-Fi, you need some sort of protection measures to keep your personal data safe, preferably with a VPN if you are accessing and using any sensitive data like passwords and payments.
The larger the network and the more strangers are connecting, the greater the risks. Fortunately there are steps we can take to make public Wi-Fi browsing more secure.
Let’s look at the issue in more detail below, firstly looking at the general security issues with using public Wi-Fi, and then examining the benefits of using a VPN to secure your connection.
The Problem With Public Wi-Fi
The problem with public Wi-Fi in a nutshell is that it tends to be set up more for convenience than security. It is mostly designed for ease of access, with the password for a public network often openly displayed so anyone in that space can easily connect to the same network. You also don’t have the freedom to customize security settings as you do on home Wi-Fi networks.
Also, whilst there is also the same “green padlock” HTTPS standard encryption for your connection (all legit sites use this now), it’s the size and unknown nature of the network that’s the issue. Plus the fact a lot of these networks aren’t even password protected and are totally open.
Having the green padlock HTTPS is a start but not really enough on some public Wi-Fi networks
Whilst this is very convenient for on-the-move internet access the reality is that for public Wi-Fi networks you don’t know who set it up or who is connected to it. You just don’t have the same control over security and access that you do on a home Wi-Fi network, where there are usually only a couple of known trusted people accessing your router.
Because on some public Wi-Fi networks there are many people connected to the same access point, data sent over these network is susceptible to a so called “Man in the Middle” attack, where a hacker positions themselves in between you and the Wi-Fi access point.
In doing so they can ensure that they, and not the intended recipient, captures the data you send. When entering sensitive information like bank details, credit card numbers and log in passwords, then you see there is obviously a potential problem there.
Any time you are entering sensitive details like credit card numbers, usernames and passwords over public Wi-Fi you are putting that information at risk unless you adequately secure your connection
A huge security flaw in the current WPA2 Wi-Fi protocol was actually discovered by a group of Belgian researchers in the so called KRACK attack in 2017. They were able to trick an access point into thinking they were the intended recipient and not the actual device by exploiting a flaw in a security protocol that is present on most access points. See here for an excellent article that goes into the subject.
The security mainly affected Linux and Android devices, but also to a lesser extent Windows and Mac systems. Patches were quickly issued to rectify the issue and a newer more secure WPA3 Wi-Fi protocol was released with tighter security protocols.
For now public Wi-Fi still remains vulnerable though, especially considering that the above hack attack confirmed that data was vulnerable even if it was previously considered to be secured or encrypted. We will go into this more below but basically any public Wi-Fi browsing is most definitely not the safest way to be going online.
This can include places like:
- Cafes/Bars/Restaurants
- Hotels – a crucial security risk
- Airports
- Train and bus stations and on certain trains
- University and college campuses
- Public libraries
- Shopping centers
- Any other public building with Wi-Fi
Of course there are matters of degree here. Connecting to the Wi-Fi in your small local coffee shop where you know and trust all the people there is one thing. A huge public Wi-Fi network with lots of people you don’t know connecting is another, and opens up more security risks. The larger the network and the more people are connected, the greater the security risks in general.
You could also argue that the type of browsing you are doing is relevant to how much security you need. Very basic informational browsing like checking the weather forecast or sports results is one thing; you could argue you don’t really need security for that. Even just watching videos on YouTube doesn’t really need security if you are not logging in.
But any online activity where you are logging into a site or entering personal details you would not want others to see, does need to be properly encrypted and secured or you could be at risk of having your personal information stolen.
We single out hotels especially because Wi-Fi security there is often the most lax of all despite having many users, especially in relaxed tourist destinations and resorts. You will often find the Wi-Fi access code for all users simply stuck on the wall or written on a notice board, which will give access to the same Wi-Fi network to anyone who uses that password.
This is a hacker’s dream as they effectively have access to the Wi-Fi browsing of potentially dozens or hundreds of people on the same hotel network, so it is a particular form of public Wi-Fi that is not very secure and open to abuse and hacking. We never recommend browsing on hotel Wi-Fi without a secure VPN connection, which we will go into more below.
Airports are also places where you have hundreds or thousands of total strangers passing through, and therefore another place where you need to secure your connection if using Wi-Fi there.
This is especially for people whose line of work involves a lot of traveling and waiting in airports; they need to be able to work but work but do so securely and the VPN solution we detail below will allow that.
The Benefits of Using a VPN on Public Wi-Fi
Because of the security concerns we mentioned above, we always recommend using a Virtual Private Network or VPN when using any kind of public Wi-Fi, particularly when entering any kind of sensitive information like passwords and credit card details.
A VPN is a piece of software that creates a secure encrypted virtual “tunnel” for your browsing traffic so that it is totally private and secure. All traffic is encrypted or scrambled using a strong encryption protocol, meaning it is basically impossible to intercept, and is only unscrambled or decrypted when it reaches the other end.
In any kind of situation where you are entering private and sensitive information over Wi-Fi and you do not have control over who is connecting to the network, or the security settings (i.e. on any public Wi-Fi network), then a VPN is essential to make sure your browsing is fully secure and private.
VPNs can also be used to make home networks more secure. The risks are generally lower in homes but the same general principles apply.
The good news nowadays is that while there are some tacky free VPNs it’s advised to steer clear of, there are also a lot of high quality, viable 100% free VPN options you can use now to see how they work. Some of them even have unlimited use.
Here’s a selection of good free VPN options to get started with:
| Provider | Free Server Locations | Data Limit | More Info |
|---|---|---|---|
| ProtonVPN | 3 (USA, Amsterdam, Japan) | Unlimited | See here |
| AtlasVPN | 3 (USA East, USA West, Amsterdam) | 5 GB/month | See here |
| TurboVPN | 4 (USA, Germany, Singapore, India). | Unlimited | See here |
| ZoogVPN | 5 (USA, UK, Netherlands) | 10 GB/month | See here |
| Hide.me | 5 (Netherlands, USA, Germany, UK, Canada) | 10 GB/month (random server selection) | See here |
| PrivadoVPN | 10 (USA, UK, Canada, Germany, France, Netherlands, Switzerland, Mexico, Brazil, Argentina, New Zealand) | 10 GB/month | See here |
| Windscribe | 10 (USA, UK, Canada, Hong Kong, France, Germany, Netherlands, Switzerland, Romania, Denmark). | 10 GB/month | Visit site |
| Tunnelbear | 49 | 500 MB/month | Visit site |
If you’re wanting a Premium VPN which offers more server locations, 100% unlimited fast servers, plus access to streaming services, then there’s also loads of good options, ranging from $3-8/month in price. Firstly, ProtonVPN PrivadoVPN, ZoogVPN and AtlasVPN all offer excellent Premium plans (with the last 3 being pretty cheap as well)
Here are some more good Premium ones:
- NordVPN
- ExpressVPN (best for streaming)
- Private Internet Access (PIA)
- Surfshark (also good streaming access)
Bottom line – PIA have the best of everything with great value plans plus loads of servers in 80+ countries, but there’s loads of good paid options available now.
*If you’re wanting a VPN specifically just for shorter term use (just 1-4 weeks on holiday), you can get shorter term VPN plans more suited for vacation use.
Do You Really Need A VPN For Public Wi-Fi?
There’s really no reason to not use a VPN on public Wi-Fi nowadays, because excellent free options are available that can be installed and activated in just a few minutes, which offer very generous data allowances.
Regarding Premium VPNs, whilst there is an annual cost involved in getting a good VPN service to secure your connection and do other things like offer unlimited use and access streaming sites, in reality it works out very cheap, from around $30-40 per year for some services. We consider it worth the investment to avoid the stress and hassle that can be involved with having personal data stolen and accounts hacked.
Stolen money is often (though not always) returned by banks but it is the stress of sorting everything out, changing passwords, getting new credit cards, proving transactions were fraudulent etc. that it would really be best to avoid dealing with. Securing any public Wi-Fi connections with a VPN straight away eliminates one of the biggest threats of fraud and identity theft online.
Cybercrime is on the rise with around 600 million victims worldwide in 2015 and incredibly almost a billion people or around one seventh of the world’s population suffering from some kind of cybercrime in 2017. Losses from cybercrime just in the US alone are estimated at more than $10 billion in 2022. The US and UK also have a very high ratio of cybercrime victims per million internet users, with the former clocking in at 1494, and the latter having 4783 in 2022 (per million users, not total – source here).
Whilst “cybercrime” is a catch all phrase that does not specifically mean just people who have had their information stolen on public Wi-Fi, it gives you an idea of the security vulnerabilities that exist online.
We therefore consider a VPN to be a no brainer for anyone who is using public Wi-Fi on a regular basis, such as people who are traveling frequently either for business or leisure.
With a VPN you can browse safely while waiting in airport lounges, train stations or any other public place knowing any data you enter on these connections is secured.
Are There Any Downsides to Using a VPN?
On the negative side VPNs may give you a slower connection than unprotected Wi-Fi, since all traffic has to be routed through one or more servers and the encryption of traffic also tends to slow it down. Speed will also depend on which server you are routing your traffic through; picking a server close to you geographically will normally give you the best service.
This may impact you if you want to do more bandwidth intensive things like video or film streaming; for general browsing then the difference in speed will likely not be noticeable.
In fairness it is mainly the free VPN services that suffer from low speeds; the paid plans are pretty reliable and consistent nowadays. Also the main reason people are using a VPN is for security and privacy of browsing, so for most users a slight drop in speed should not be important.
The major VPN providers are constantly working to improve both the number and speed of their servers and VyprVPN even has several different protocols you can choose from, which allow you to trade off a little security for extra speed if desired for things like video streaming.
The costs of a paid VPN could be argued to a a downside, but we would argue that any money spent is well worth it for regular public Wi-Fi users, versus the stress and hassle and possible financial loss of having personal details stolen and accounts hacked.
Summary Checklist For Staying Safe on Public Wi-Fi
So here is our quick summary of the main things to do to stay safe on public Wi-Fi networks:
- Never log into email, bank accounts, or any other password protected accounts, or enter any personal or sensitive information over unprotected public Wi-Fi.
- Always use a VPN to secure your connection on public Wi-Fi before entering any sensitive information.
- See our help guide if you are struggling to get a VPN to connect on public Wi-Fi. Most often, it is because your DNS servers are custom and need to be switched back to automatic, or you’re trying to use more than one VPN at once.
- If you absolutely have to use public Wi-Fi without a VPN then only use for safe non personal browsing and always look for the secure green https padlock. This provides more security but is still not really safe enough to be logging into protected accounts or entering personal details
- If you have phone data consider using that for browsing instead as that will likely be more secure than connecting to the public Wi-Fi.
- Always have up to date anti-virus and anti-malware software installed on your device to pick up and remove any threats.
