Comment:

I thought this article gives a balanced view if we should VPN with a public Wifi network, instead of the normal VPN vendor selling fears.

Summary:

Evil Twin Attacks - Not a major threat anymore

What is it?

Evil twin attacks involve hackers setting up fake Wi-Fi networks that mimic legitimate ones in public places. Once connected, attackers can spy on your data.

Why was it scary?

Before 2015, most online connections weren’t encrypted, making your data vulnerable on such networks.

Why isn’t it a major threat anymore?

  • HTTPS encryption: Most websites (85%) now use HTTPS, which encrypts your data, making it useless even if intercepted.
  • Let’s Encrypt: This non-profit campaign made free website encryption certificates readily available, accelerating the widespread adoption of HTTPS.

Are there still risks?

  • Non-HTTPS websites: A small percentage of websites (15%) lack HTTPS, leaving your data vulnerable.
  • WiFi sniffing: Although not as common, attackers can still try to intercept unencrypted data on public Wi-Fi.

Should you still be careful?

  • Use a VPN: Even with HTTPS, your browsing history can be tracked by Wi-Fi providers and ISPs. A VPN encrypts your data and hides your activity.
  • Be cautious with non-HTTPS websites: Avoid entering sensitive information like passwords on such websites.

Overall:

HTTPS encryption has significantly reduced the risks of evil twin attacks. While vigilance is still recommended, especially when using unencrypted websites, it’s no longer a major threat for most web browsing.

  • KptnAutismus
    link
    fedilink
    English
    1810 months ago

    using a VPN for literally everything has been a great idea for a long time now.

    always assume the hotspot is malicious.

    • @BearOfaTime@lemm.ee
      link
      fedilink
      English
      5
      edit-2
      10 months ago

      This is the answer.

      IP lacks security. It was discussed when it was being developed, and decided it required too much overhead at the time (um, yea, sure, right).

      Bottom line: no reason today for every connection to not be encrypted. It’s trivial for our pocket computers to do.

      Edit: haha a bunch of downvoters. Show me any company that doesn’t require a vpn/encrypted tunnel to connect to the company from outside? In the 90s, over dialup, SECUREID cards were used to validate a connection - it wasn’t encrypted, but being a dialup it at least validated who you were.

      Encrypted connections everywhere should be the default.

      • @Nollij@sopuli.xyz
        link
        fedilink
        English
        210 months ago

        I think you’re being down voted because IP and encryption serve very different purposes in different ways. Look into the OSI model, which is the standard for modern network connectivity. IP lives at layer 3, network. TCP lives at layer 4. Encryption, such as SSL, lives at layer 6. I’m not even really sure how the IP layer would even have security, short of a VPN, which itself breaks the mesh network model.

        Also, the Internet and many of its standard protocols were created a very long time ago. TCP/IP was created in 1974. The “Internet” at that point was acoustic couplers and directly dialing your destination, typically a university or major research company.

        I agree that all websites should be HTTPS these days. It’s why Google has been pushing it (and punishing those that don’t) since 2017. But it’s built on ancient designs.

      • KptnAutismus
        link
        fedilink
        English
        310 months ago

        i’d say many of these providers largely do the same thing. mullvad seems to be a generally good idea and a popular option.

        personally, i’m using expressvpn.

        • @Nollij@sopuli.xyz
          link
          fedilink
          English
          310 months ago

          Please stop using Express. Snowden (yes, that one) called out why a while back. It’s pretty wild.

          Mullvad is definitely the favorite among those that I would expect to have experience. Honorable mentions to Proton and IVPN. There’s a big difference in ethics among providers. Given the entire point of a VPN (as a proxy to the external Internet), this is a critical point that can’t be ignored. Otherwise you’re just trading Comcast’s spying for Kape’s spying.

          I recently switched to AirVPN, since it’s one of the few to still support port forwarding.