Is the secure wifi at my local pizza joint (shows up secure on networks,
and the proprietor hands out password to anyone) any more (or less) secure
than if I'm using Xfinity secure wifi?

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Boris wrote:

Is the secure wifi at my local pizza joint (shows up secure on networks,
and the proprietor hands out password to anyone) any more (or less) secure than if I'm using Xfinity secure wifi?

From Comcast's description, the traffic going through an xfinitywifi
hotspot is not accessible to the owner of that wifi cable modem. With
other hotspots, the operator could see your traffic. If it is secured
(HTTPS or VPN) then they just see gibberish; however, that does not
prevent them from inspecting the packet data to see the source IP
address (you) and the destination IP address (to where you connect).
Since the VPN provider is after the network channel, yep, the operator
of that network channel can see you are connecting to a VPN service.
This is the same inspection that your own ISP can perform even when
using Tor: the network channel can see the sourc and destinations (for
TOR, they can see the entry node, not the exit node). If you don't care
about them tracking then just be sure whether or not you want your web
traffic encrypted or tunneled to keep it private.

It's not just businesses using Comcast's service than have wifi hotpots
named xfinitywifi. Anyone with a dual-band wifi cable modem and the
firmware can run an xfinitywifi hotspot. I have one at my home. Anyone
that visits (who is a Comcast customer) gets to connect to my hotspot
using the Xfinity Connect app on their device. Comcast allocates more bandwidth of which some is reserved just for the hotspot so its use
doesn't affect my bandwidth in the service tier that I pay for.

A wifi hotspot can be named anything. You might be at "Joe's Crab
Shack" (assuming they provide wifi) and see "Joe's Crab Shack" and
"Joe's" for hotspots. Which one is offered by the cafe and which one is
some joker that came into the cafe with his own wifi hotspot? What if
both wifi hotspots had the name "Joe's Crab Shack"? What if you see
only one named "Joe's Crab Shack" while you are there but there are 2
hotspots with the one with the strongest signal strength being the cybercriminal's?

https://askleo.com/can_the_owner_of_an_open_wifi_hotspot_see_what_files_im_downloading/
http://ask-leo.com/how_do_i_stay_safe_in_an_internet_cafe.html https://us.norton.com/travel-hotspot-security/article
and lots more at https://www.google.com/search?q=wifi%20hotspot%20tracking#q=wifi+hotspot+security

Although they suggest using a VPN, that's only needed when connecting to non-secure (HTTP) sites. Well, it's likely that such sites have nothing
that, to you, would be considered sensitive or private since their
content is published to any visitor. It's anywhere you login or are
passing sensitive data (credit card or bank account numbers, etc). Even
with HTTPS, the network channel can see you are connecting to, say, your
bank and which one at what time but they cannot interrogate the traffic content, but what do you care if they know who is your banker unless you
are laundering money? VPNs are safer but the good ones aren't free, and
the free ones suck (downtime, slow, you have to trust an unknown with
your traffic).

When using someone's wifi hotspot, you are captive. They can push their
own content, like ads. They may push them as separate pages at your web client, like the auth page the cafe presents to allow you to use their
wifi service. They can inject banners into a non-secure HTTP web page
(which also means you cannot trust the content of the page as it may
have been altered, so maybe those hyperlinks don't go where they say
they go). gozonewifi.com, muftwifi.com, and openwifispots.com are
examples. This not only pushes ads but can track their customers: how
often does this customer visit the cafe, at what times, for how long,
and so on. They can track your history of use and destinations just
like your ISP can.

Use HTTPS. If you want more security, incorporate a VPN or use Tor.
However, the network channel can see the source and destination for
every connection, so they will know who you are and that you connected
to a VPN server or a Tor entry node. They can still collect those
logistics on their customers.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Boris <nospam@nospam.invalid> writes:

Is the secure wifi at my local pizza joint (shows up secure on networks,
and the proprietor hands out password to anyone) any more (or less) secure >than if I'm using Xfinity secure wifi?

The best thing to do is starting a properly (both side authenticated) VPN
over such a connection. Then you should be fine.

Casper

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

In article <XnsA7357D58A7499nospamnospaminvalid@213.239.209.88>,
Boris <nospam@nospam.invalid> wrote:

Is the secure wifi at my local pizza joint (shows up secure on networks,
and the proprietor hands out password to anyone) any more (or less) secure than if I'm using Xfinity secure wifi?

About the same, I'd expect, unless someone at the pizza joint is a
hacker who can create their own WiFi access point.

When something shows up as secure in the list of networks, it means it
requires a password to connect to it, but in the case of sites like this
anyone can find out the password, AND the traffic after that is
encrypted. I think if someone can intercept the initial handshake
between your device and the AP, they could capture the session key and
then decrypt everything from then on. But they could do this with an
Xfinity hotspot, too.

As someone else said, the best thing to do when using any public hotspot
is to use end-to-end encryption, such as a VPN. SSL connections to
websites also provide this protection.

--
Barry Margolin, barmar@alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)