5

There's a long dispute across the Internet community about the risks related to free public Wi-Fi. Some information security-related Web sites which look rather trustworthy even say that you should never use public WiFi because of the risks. But on the other hand, governments and companies like Facebook and Google are going about installing free WiFi nodes across the world, including in developing countries like India.

Is there a larger purpose to it? Are these WiFi spots capable of tracking people even if the WiFi on their phones are switched off? I remember when working in a company that required us to install a Blackberry BYOD software to disable phone cameras in the company, the WiFi on my phone used to get switched on automatically even if I switched it off. On officially questioning the company if they were monitoring us, I got no response, but the WiFi switching on behaviour stopped immediately.

So is a public WiFi inherently dangerous? And if it is, why is it being made available to people in the first place? And if it is not, then why?

ximaera
  • 3,395
  • 8
  • 23
Nav
  • 351
  • 2
  • 9
  • 16
    Why are cars available even though they are dangerous? – Anders Apr 09 '18 at 07:28
  • 9
    Your premise is wrong, public WiFi is not a risk. – Elias Apr 09 '18 at 07:41
  • 3
    I'm voting to close this question as off-topic because the only way to answer it would be to speculate into the motives of companies. – Anders Apr 09 '18 at 09:04
  • 2
    If you want to ask if WiFi is "dangerous", perhaps we can provide you with the data that proves it isn't. What you've written here relies on the answerer believing in conspiracy theories -- the very opposite of what this site is about – Django Reinhardt Apr 09 '18 at 10:44
  • 1
    @Anders cars are not free though... – MonkeyZeus Apr 09 '18 at 12:15
  • The topic is good. The question is opinion-based itself though. I've put in some edit to make it better, let's see. – ximaera Apr 09 '18 at 12:49
  • @Ladadadada thank you for the approval, but now the question lacks a proper answer :-) Would you consider re-opening it? – ximaera Apr 09 '18 at 13:33

5 Answers5

6

The companies providing free WiFi are doing that usually for one reason: Profit. And that is usually done by

  • Make people stay at their place
  • Make their place attractive (for tech users)
  • Create a modern image of themselves

And risk is not a big issue for the users as well as for the company, because the just are not aware.

And as the biggest risk is the access point itself (which is owned by the providing company) as it has the ability of a MitM, the company will perhaps not perceive it as a risk. (Because they trust themselves)

Organisations usually also overestimate their abilities. So there are also risks by poor configuration (e.g. network devices can communicate with each other; faulty encryption -> here even other users can interfere network packets).

mad_manny
  • 207
  • 1
  • 6
4

governments and companies like Facebook and Google are going about installing free WiFi nodes even in developing countries like India.

Risks and dangers are not binary, just because something have risks associated with it, does not mean that you immediately shouldn't be using it at all. You have to understand the motives and incentives of people to understand why government and companies provides free public Wi-Fi and why people uses them.

Motives of governments

For government, having an internet educated population is a benefit. There are people who believes that internet should be a human right and government providing free internet is no different or is a part of government providing free education.

Risks to governments

There's really very little risks for governments to provide free public internet, except the cost of building the infrastructure and other opportunity cost of where else they could have spent the tax payer money.

On the flip side

Many people thinks the government is a powerful entity, too powerful. The Government running free internet that can be used by everyone means they can monitor how people are using the Internet, track people's movement, etc. However, this is NOT their risk to take, people who don't like the terms for a government's free wifi are free to not use the service. It is not a disincentive for the government not to provide free wifi.

Motives of Companies

As always, companies are profit driven. Companies can profit from providing free internet from several ways. Google have a huge advertising presence all over around the Internet and they also make money of providing many paid Internet services and infrastructure. For a company as gigantic as Google, they don't even need you to use their services to indirectly profit by your presence in the Internet. The more people is in the Internet, the more valuable the Internet becomes and the more money that Google makes from providing related services that many businesses uses that you might have used.

Coffee shops, grocery stores, shopping centres, and other such physical stores don't make money of providing free internet directly, but they profit from people visiting their location. If people are scheduling a meetup in a their shop instead of a competitor because they provide free wifi, that's a money well spent, as these people likely will be ordering something on the menu as well.

Risks to companies

When you provide a free public internet, you take on the risk that people will be abusing the service by using too much data or downloading illegal materials or other illegal purpose. Companies take on the first risk by limiting the amount of "free" internet that they provide in a single session. While it's true that a free internet cannot be truly limited without shutting down the service for everyone else (you can just reregister, use a different device, or spoof any identifying information), for most people this stumbling block is high enough that it's easier to just hop on another free wifi rather than trying to find a way around a specific provider's limitations. For the second risk, many countries have some sort of safe harbor rules where in some circumstances wifi provider's aren't held responsible for actions of their users.

On the flip side

For most companies that monitor the usage of the free wifi, they usually do these monitoring to protect their own interests, rather than because they're interested in your personal data. In countries where safe harbor are not as clear cut, or where it requires some action from them to attempt to control what's coming from their network, companies have incentives to monitor the traffic going through their free internet to ensure it's not being used for abusive purposes.

Some companies may also try to profit (or recover some of the expenses) of providing free internet by adding or replacing ads on pages passing through their public wifi with their own ads. There are also some who may try to profit by selling user tracking data, but these are not an easy money, adding tracking system or ads injecting also incurs many infrastructure costs and issues, and in many cases it's just not worthwhile as they already profit from your coffee purchase anyway.

Motives of people

Especially in developing world, internet access can be a sizable expense compared to your income. If you can reduce your mobile data usage by connecting to free wifis, that can add up to significant savings. Savings that can be used for other activities that matters more for them. Many people are uneducated about the risks of public Wi-Fi, but it doesn't mean that there's no safe way to use free public wifi. Even knowing the risks of public Wi-Fi, I don't necessarily discourage people from taking advantage of them, provided they take some steps to control their risks.

Risks to people

Apart from risks that I've outlined above about user tracking and such, users also have risks from the behavior of other users. Public Wi-Fi are often configured with little regards for network security, so it may be possible for one user to snoop into the traffic of other users. Businesses that sets up open wifi often don't care about this risk, primarily because this risk are not on them. They're not the one to lose if someone let lose a Firesheep on the network. As a security conscious user, there are several ways you can modify various aspect of this risk, such as by using a VPN, by accessing only sites that uses HTTPS, by refraining from certain activities on the public wifi, etc.

On the flip side

Ultimately for the user it's all about cost and benefit. Often the risks of using public Wi-Fi is just an abstract risk, and using them in that particular moment can be beneficial for various reasons. Everyone have different priorities and different risk profile, even if a large number of people believes that they shouldn't ever be using public Wi-Fi, there is always a much larger number of people that believes the risks are acceptable.

Lie Ryan
  • 31,089
  • 6
  • 68
  • 93
3

There are many reasons to that, as you said a greater cause (not necessarily a greater good though):

  • Promotion of their services
  • Collecting internet-hungry people for marketing purposes
  • Data Collection => Data Mining
  • Charity
  • Promotion of Technology
MTG
  • 212
  • 1
  • 3
1

To answer

Why is public free wifi available even though it's known to be dangerous?

Because it is convenient. It would be much more secure to have a password "free" and to have a real secure connection you need WPA enterprise (because of the secure key negotiation).

But people see how free wifi works when there is an open networks and their devices even notify them there is one. That's what they understand and how they know it and everything else needs more explanation.

On the motives why someone provides free wifi you're just speculating and that's the only thing we can do as well.

allo
  • 3,173
  • 11
  • 24
1

Public wifi is not dangerous when you only read some public data like wikipedia or the local newspaper ... use private navigation and avoid password inputs, you do not have to go read your confidential emails when on public wifi. For example even the 'free' wifi hotspot may be a fake official one for example at airports. What is dangerous is how little people know about this.

Christophe Roussy
  • 141
  • 4
  • 1
    You can read your confidential emails when on public WiFi, just make sure you are connecting to your IMAP/STMP server (or webmail) through an encrypted connection (IMAP/SMTP with TLS, HTTPS). – Matteo Italia Apr 09 '18 at 10:30
  • 2
    "That guy first acessed 'Age of consent' article on Wikipedia using HTTP then acessed 'cp-island.tumblr.com' using HTTPS. As it's encrypted I can't guess what he's doing..." – Gustavo Rodrigues Apr 09 '18 at 10:45
  • Of course you can use HTTPS sites but not sending any passwords and not accessing confidential data is safest ... for sure. – Christophe Roussy Apr 09 '18 at 10:51
  • @GustavoRodrigues Wikipedia is HTTPS protected for quite a long time already. Also, the threat surface you're talking about is not limited in any way to a Wi-Fi access point. Actually, I believe, in *your example* an access point wouldn't be a threat at all. – ximaera Apr 09 '18 at 12:52
  • @ximaera Wikipedia also uses HSTS, and most browsers also have [an internal preloaded entry](https://cs.chromium.org/chromium/src/net/http/transport_security_state_static.json?rcl=88834a897cfab97f6a2317b94abf0b4dbf999eee&l=3495) so they know that it's a site that's always supposed to use https before they even connect to it for the first time. – user3490 Apr 09 '18 at 13:17
  • @ximaera It's just an example: I cited Wikipedia, even if it uses HTTPS and HSTS, because it's in the answer. Anyway, the point I wanted to show is that you shouldn't assume it's safe to use HTTP just because the data you're acessing is public. Also even using HTTPS some data is leaked (like domains via DNS queries and SNI). – Gustavo Rodrigues Apr 10 '18 at 13:52
  • 1
    @Gustavo Rodrigues this is a broad risk unrelated to public Wi-Fi. IP transit is no safer. – ximaera Apr 10 '18 at 16:45