

Maybe Better If You Don’t Read This Story on Public WiFi - clay_to_n
https://medium.com/matter/heres-why-public-wifi-is-a-public-health-hazard-dd5b8dcb55e6

======
jMyles
An interesting read, but sparse enough on details to be basically useless.
Additionally, there's nothing that I can discern to be new here. The following
is demonstrated, all of which are known (and in fact obvious) to people with
even an elementary understanding of how wifi and TLS work:

* That wifi probes are public

* That wifi devices, by default, expose reasonably reliable evidence about their type and origin via their MAC address

* That many OS's automatically connect to 'trusted' wifi networks, regardless of their apparent physical location

* That many websites don't have TLS by default (or at all)

* That, if a user connects to a network you control and requests a URL not beginning with "https," it is trivial to present them with a fake page looking like the one to which they thought they were browsing (of course they won't see a lock)

* That, is a user transmits unencrypted plain text over a wifi network to which you have access, it's trivial to glean the content of their transmission.

None of this is news, and it's all that this article seems to point out. Even
more bizarre is that, almost without exception, it merely leaves these items
implied, failing to describe the mechanism of action.

~~~
lsaferite
Sounds like he had a WiFi pineapple in his backpack.
[https://wifipineapple.com/](https://wifipineapple.com/)

~~~
jMyles
Agreed. I thought (although I'm not very well schooled on this) that I
detected one at the Stumptown on Division St in Portland two days ago. There
were 10-12 people there with laptops, and all but one that I was able to see
had some kind of code reading or editing on their screen (it's a developer
hangout, for sure).

I announced what I believed to be my discovery, and someone else agreed and
said that they had just browsed to an apparently spoofed amazon.com.

