As of New Year’s Eve last week, all 279 subway stations in New York City have public Wi-Fi, meaning nearly 6 million daily riders now have access to free internet. Of course, “free” internet services usually come with a price that includes giving up privacy and possibly even security, and free Wi-Fi on mass transit is no different. New York’s network is run by Transit Wireless, a subsidiary of the Australian company BAI Communications. Glancing at its Terms of Service is a reminder that, when it comes to free Wi-Fi, no one has your back.
For instance, the terms state: “Transit Wireless does not ensure or guarantee privacy for users of the Service. Any such use shall be at your sole risk and Transit Wireless, its affiliates and its agents shall be relieved from all liability in connection therewith.”
That’s a pretty clear signal that you’re on your own. Free networks are the digital equivalent of sharing a straw with all your neighbors. Some networks provide moderate security; others provide none. If you’re planning to jump on New York’s underground Wi-Fi—or any public network—here are the basics for staying safe, or at least safer. (Reminder: You’ll have to check manuals or help pages for the how-tos for your specific devices.)
Here are the steps you can take from minimum to maximum protection:
1) Turn off automatic connectivity
Computers try to be handy by automatically logging into Wi-Fi networks you have used before. Turn this capability off and instead connect manually each time. See tutorials for Windows, Mac, and iOS. (Android varies by maker.)
2) Connect to the right network
Just because it says “Starbucks Wi-Fi,” doesn’t mean it is. (Typically, it’s called “Google Starbucks.”) Hackers can set up spoof hotspots to scarf up your data and access your system. Check with the barista or the signage for the right network name—including the right spelling.
3) Look for https sites
Almost every reputable website uses an encrypted connection, with an address beginning with “https” (instead of just http), and web browsers typically flag an address that doesn’t use this encryption.
4) Connect to networks with passwords
Even something like “wifi123,” written on the café chalkboard is better than nothing, as it’s used to create an encrypted connection between your computer (or phone or tablet) and the hotspot.
5) Use a virtual private network (VPN)
The gold standard of safety is a virtual private network that encrypts the connection from your device all the way to servers operated by the VPN service provider. Few VPNs are free. They typically cost up to $10 per month, although some allow a certain amount of free internet traffic per month before charging. We haven’t investigated all services, but two that I like are Cloak (for Apple devices) and TunnelBear (all platforms).
6) Use your phone as a hotspot
The best way to avoid Wi-Fi dangers is to avoid Wi-Fi. Many cellphones can act as a wired or wireless access point for your computer. Cellular data limits apply, but you might switch to your phone hotspot temporarily if the public Wi-Fi networks are sketchy or you are doing something sensitive, like checking your bank account. (See this tutorial.)
1) Download software updates
A great way to take control of a computer on a shared network is to trick the victim into installing spyware disguised as a software upgrade (like Adobe Flash updates). Wait until you are on a home or office network before downloading and installing anything on your computer. For a phone-app installation, turn off Wi-Fi and use the cellular connection instead.
2) Buy anything or visit a financial site
You transmit a lot of sensitive data if you make an online purchase or visit a financial service such as a bank. Connections should be encrypted with https, but it’s still a good idea not to connect over public Wi-Fi (unless you are using a VPN).
3) Let Bluetooth give you away
Advertisers use transmitters called Bluetooth beacons to send offers to passersby. If you prefer to not get them, you have two options. Turn Bluetooth off if you aren’t using devices like wireless headsets. Otherwise, don’t install apps that ask to use Bluetooth to share data. You should see this in the permissions screen when you are installing an app. (Here’s how to turn off Bluetooth on Windows, Mac, Android, and iOS.)