Security and privacy considerations when using public wifi abroad

A

AndroidMan

Registered User
Messages
381
I am travelling to a country in Asia where I believe my phone will not work and even if it does, I will not use it for calls, texts or data.

I will be connecting to wifi only.
I will probably use the likes of whatsapp, email, uploading photos to the cloud reading news sites and checking my bank account.

The places I will connect are likely to be cafes, restaurants, hotels etc.

What should I be wary of doing while using these wifi connections?

They are likely to be open or password protected, but even the latter is no protection as the password is probably written somewhere visible anyway.

Should I not check bank accounts?

What can people actually do or intercept if I am connecting to these wifi's?
Will they just see the sites I visit?
Thats not a worry.

But what else should I be wary of or do or not do?

I assume a wifi that I log in via a portal is probably a concern.
 
Install a VPN on your devices before you go. Most offer monthly subscriptions of €10-15 per month so it's a very small price to pay to protect your devices
 
Definitely use a VPN. I have one included in my Google One subscription which is pretty good and I have a separate one as backup VPN in case Google is blocked. There are loads of VPN companies, just don't use one that is free, go with a reputable paid one.
 
Most websites (and browsers) nowadays only allow Https connections. This means that everything between you and the website is encrypted and cannot easily be snooped on. A VPN will provide an additional layer of security though.

This is what I use because I don't trust even the paid VPNs -

It's free but quite technical.
 
As @Páid said, virtually all traffic is encrypted now by default and a developer would have to go well out of their way to use unencrypted traffic. Any major app that matters to you will be using encrypted traffic.

The risk on Wi-Fi networks is that the provider manages to trick you into installing their encryption certificate, which allows them read the traffic then pass it on to WhatsApp/Google so nobody is any the wiser. If you don’t allow this to happen (the pop up asking you to approve the installation of a new trusted certificate is quite obvious now you know to look for it) then a VPN is unnecessary. If you’re not confident about that then you could consider a VPN.

As others have alluded to though, make sure you’re not swapping the exceedingly low risk of a cafe Wi-Fi managing to intercept your traffic for the risk that a dodgy VPN provider does it after you’ve given their app high privileges on your phone!

Personally I would not bother with a VPN. You might like this article on the topic - https://www.nytimes.com/2021/10/06/technology/personaltech/are-vpns-worth-it.html
 
From my understanding of a VPN, you are simulating a connection from an alternate geographical location.
How will that prevent somebody monitoring or tracking my web activity when I connect to their wifi?
Whether I am in Vietnam and simulating connection from Australia, its still me, my device connected to their network right?
 
Zenith63 said:
As @Páid said, virtually all traffic is encrypted now by default and a developer would have to go well out of their way to use unencrypted traffic. Any major app that matters to you will be using encrypted traffic.

The risk on Wi-Fi networks is that the provider manages to trick you into installing their encryption certificate, which allows them read the traffic then pass it on to WhatsApp/Google so nobody is any the wiser. If you don’t allow this to happen (the pop up asking you to approve the installation of a new trusted certificate is quite obvious now you know to look for it) then a VPN is unnecessary. If you’re not confident about that then you could consider a VPN.

As others have alluded to though, make sure you’re not swapping the exceedingly low risk of a cafe Wi-Fi managing to intercept your traffic for the risk that a dodgy VPN provider does it after you’ve given their app high privileges on your phone!

Personally I would not bother with a VPN. You might like this article on the topic - https://www.nytimes.com/2021/10/06/technology/personaltech/are-vpns-worth-it.html
Click to expand...
Yes.. I get it now. Thanks.
 
AndroidMan said:
From my understanding of a VPN, you are simulating a connection from an alternate geographical location.
How will that prevent somebody monitoring or tracking my web activity when I connect to their wifi?
Whether I am in Vietnam and simulating connection from Australia, its still me, my device connected to their network right?
Click to expand...
We used it in China to access websites and apps that were otherwise blocked or limited.
 
Sure, I understand that.
You are simulating your location.
My concern is is somebdy going to steal money from my bank account if I was to log into my account.
I assume with 2FA that cannot happen but want to figure out what the risks are and I can act accordingly
 
AndroidMan said:
Sure, I understand that.
You are simulating your location.
My concern is is somebdy going to steal money from my bank account if I was to log into my account.
I assume with 2FA that cannot happen but want to figure out what the risks are and I can act accordingly
Click to expand...
2FA makes a huge difference yes. It’s not perfect, there are lots of scams at the moment where you’re asked to generate a 2FA code and send it to the scammer or approve a sign-in. As with the Wi-Fi stuff, if you’re vigilant it is an easy scam to avoid, but not everybody is and these things are successful frequently enough to make it worth while for the scams to continue.

As you mention Vietnam, if that’s where you’re going I’d suggest just buying a SIM when you get there, then you’ll only use Wi-Fi in your hotel where it’s fairly safe anyway. Mobile broadband is widely available there and a pay-as-you-go SIM with a load of data is cheap as chips. The only thing you need to watch out for is as you approach the mobile carrier shop to buy a SIM you’ll be hassled to purchase from a supposedly legit street sellers. This was one of the very few pushy anti-tourist situations we encountered in Vietnam, it was a really refreshing place to visit compared to many other countries where you’re regularly hassled.
 
Thankyou @Zenith63
Question. If i get a local SIM and put it into my new phone, which is unlocked, will things like whatsapp work where there is now a different number on the phone?
I think I will be stuck where 2FA sends text messages, even if I do put my existing SIM back in, as it wont work outside Europe anyway.
 
AndroidMan said:
Thankyou @Zenith63
Question. If i get a local SIM and put it into my new phone, which is unlocked, will things like whatsapp work where there is now a different number on the phone?
I think I will be stuck where 2FA sends text messages, even if I do put my existing SIM back in, as it wont work outside Europe anyway.
Click to expand...
Text messages work outside Europe the same way as inside Europe.
whatsApp doesn’t care about the SIM or phone number once it is setup.
 
AndroidMan said:
Sure, I understand that.
You are simulating your location.
My concern is is somebdy going to steal money from my bank account if I was to log into my account.
I assume with 2FA that cannot happen but want to figure out what the risks are and I can act accordingly
Click to expand...
If you use your own device (not a public computer i.e. internet cafe) and connect via Https then your traffic will be encrypted. A malicious user cannot snoop on what you are doing. A VPN will also ensure that your traffic is encrypted between you and the VPN server e.g. in Australia and this is supposed to provide another layer of security.

It has been alleged that some VPN (free and paid) providers sell your data so I use my own when I need to.
 
You must log in or register to reply here.
Back
Top