Ask HN: Is Public WiFi Dangerous?

This page summarizes the projects mentioned and recommended in the original post on news.ycombinator.com

Our great sponsors
  • WorkOS - The modern identity platform for B2B SaaS
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • SaaSHub - Software Alternatives and Reviews
  • algo

    Set up a personal VPN in the cloud

    Your intuition is correct. The exception is that DNS will, by-default, be sent to the default router DNS servers, which might monitor/track what you do (most ISPs run DNS that do this too), and unencrypted HTTP. Unencrypted HTTP is more and more rare as time goes on.

    Most of the "shame on public WiFi" comes from VPN companies, which are just trying to fearmonger into a sale. Sure, DNS over HTTPs isn't as widespread as it should be. Sure, some websites aren't encrypted, still. But that doesn't mean that routing all of your insecure traffic to a VPN provider so they can handle it instead is going to increase your security. It just moves the threat model from "your public WiFi network and people on it" to the VPN provider.

    If you really want to be safe, you could run your own VPN with algo (https://github.com/trailofbits/algo) or manually setup WireGuard and route traffic e.g., back to your home ISP, instead. That's probably my best suggestion, rather than using any of the cliche VPN providers that advertise everywhere.

  • subspace

    A fork of the simple WireGuard VPN server GUI community maintained (by subspacecommunity)

    Or the equally simple Subspace [1] if you want to stick with self-hosting Wireguard directly.

    [1] - The community fork at least. Upstream is no longer updated: https://github.com/subspacecommunity/subspace

  • WorkOS

    The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

  • tor-relay-docker

    Tor relay Docker images for x86-64, armhf & arm64 (from source)

    >Do not use anything on public WiFi unless the security patches are current.

    That's good advice for going online in general but nothing about public wifi makes this particularly more dangerous.

    >Android [can] have better defenses than a Windows laptop:

    >- Android has MAC randomization.

    Windows has that too [1]

    >- The Bromite fork of Chrome has DNS-over-HTTPS options in settings (I think Chrome requires a command line option to configure DoH, but I don't use Chrome so I'm not sure). ISPs hate DoH. Be aware that non-browser apps will use regular DNS. Some public WiFi blocks DoH (I'm configured for OpenDNS), so be ready to fall back to another browser using regular DNS.

    You are conflating Chromium and Chrome but all Chromium based browser have this under security settings [2]

    >- Bromite has an option to always check for https - enable it.

    Again this is all Chromium browsers under security settings [2]

    >- Tor Browser is a bit easier to get on Android.

    Huh? [3]

    >- SMTP has an opportunistic TLS exchange that can be thwarted, so I wouldn't use it.

    You aren't using SMTP directly from a consumer ISP connection anyways. If the ISP doesn't drop the traffic, the server you are connecting to will probably reject the message as spam.

    >- For me, I would wipe the stock OS off the device and run Lineage de-Googled.

    Sure that's great if you are privacy conscious but has no bearing on whether public wifi is safe. If anything, one could argue you are slightly less safe since Google tends to be very aggressive about signing and certificate pinning so you could be more more likely to notice if someone is doing an MITM.

    [1] https://support.microsoft.com/en-us/windows/how-to-use-rando...

    [2] chrome://settings/security

    [3] https://www.torproject.org/download/

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts