
Advice to avoid public Wi-Fi is mostly out of date - DiabloD3
https://www.eff.org/deeplinks/2020/01/why-public-wi-fi-lot-safer-you-think
======
mping
Err, no it is not safe unless you trust the app you are running to validate
the certificate chain. Not so long ago, I found out my bank's app didn't
validate the cert and I could happily put a proxy and intercept all calls.

~~~
ben_w
That’s an interesting point. As an app developer, I’d assumed that would be
handled automatically by the OS.

What’s the best way to test for certificate validity? (In my case I’m
interested in iOS, but the same concern must exist on all platforms).

~~~
knute
In my experience, the OS _does_ handle that automatically. If the app isn't
verifying it, it's because they went out of their way to disable certificate
validation.

Which is alarming.

~~~
iso1631
What's the odds that the corporate network the developers are on does MITM
https interception, and the only way they could get their app to work was to
remove certificate validation

~~~
RKearney
Very slim, as you can still verify the certificate chains up to a trusted root
certificate and it’s trivial (and generally part of the enrollment process) to
load the companies root CA on your device.

We MITM and certificate validation works correctly.

~~~
lxgr
As far as I understand, this is no longer possible on modern iOS versions at
least, except if the app developers explicitly disable that validation.

~~~
RKearney
You can pin your certificate in your app bundle such that your app only allows
certificates you specify or ones signed by CA's you specify. That clearly
isn't the case here. Normal iOS operation will verify the certificate chains
up to a trusted root certificate and it is indeed possible to load your own
trusted root CAs on to a device for purposes of MITM. Again, some apps may pin
their own certificates, but that clearly wasn't happening in this example.

I deal with this virtually every day.

------
maltalex
Even if HTTPS is deployed, and even if the client actually verifies the
certificate, untrusted networks are still risky.

There are many attacks against HTTPSs itself (e.g. DROWN [0]), bugs (like the
Windows 10 crypto bug [1] from just a couple of weeks ago), irresponsible CAs
(e.g. symantec [2]), and hacked CAs (e.g. DigiNotar [3]).

Are things better than they were before Let's Encrypt? Sure. But is the advice
against public Wi-Fi out of date? I don't think so.

[0]:
[https://en.wikipedia.org/wiki/DROWN_attack](https://en.wikipedia.org/wiki/DROWN_attack)
[1]: [https://techcrunch.com/2020/01/14/microsoft-critical-
certifi...](https://techcrunch.com/2020/01/14/microsoft-critical-certificates-
bug/) [2]:
[https://wiki.mozilla.org/CA:Symantec_Issues](https://wiki.mozilla.org/CA:Symantec_Issues)
[3]:
[https://en.wikipedia.org/wiki/DigiNotar](https://en.wikipedia.org/wiki/DigiNotar)

------
Amorymeltzer
> So when you visit HTTPS sites, anyone along the communication path... can
> see their domain names (e.g. wikipedia.org) and when you visit them. But
> these parties can’t see the pages you visit on those sites (e.g.
> wikipedia.org/controversial-topic), your login name, or messages you send.

I believe this is the reason Turkey blocked the entirety of Wikipedia[0],
which was recently lifted[1]. They wanted to block specific pages that
revealed negative information (and I believe they did at some point), but when
Wikipedia went https only[2] the only avenue was to block the entire domain.

0:
[https://en.wikipedia.org/wiki/Block_of_Wikipedia_in_Turkey](https://en.wikipedia.org/wiki/Block_of_Wikipedia_in_Turkey)

1: [https://wikimediafoundation.org/news/2020/01/15/access-to-
wi...](https://wikimediafoundation.org/news/2020/01/15/access-to-wikipedia-
restored-in-turkey-after-more-than-two-and-a-half-years/)

2:

~~~
dkarras
Am Turkish, and not really. There is no evidence of Turkey caring about what
the individual citizens visit (except in case of a crime investigation etc.)
Bans in Turkey works like this: Turkey sees something they don't like on the
Internet, Turkey reaches the company / individuals behind it (they can be
anywhere in the world) and tells them "take it down or we will block your
access to Turkish citizens and you'll lose revenue / traffic". If the site
owners comply nothing happens. If site owners refuse for any reason, they
block the site so it is not accessible from Turkey. In the older days, they
used to do it through DNS but it was easy to circumvent. Now they use other
methods so changing your DNS isn't enough, but a VPN works just fine.

This was also the case before https wasn't as common BTW. Turkey either didn't
have the technical capability to block individual pages (even back then) or
they were seeking to punish the site by blocking access in whole.

A site like wikipedia values integrity more so they don't take pages down
without good reason. But companies seeing Turkish citizens as a revenue source
generally comply. If you browse Twitter in Turkey, it is common to see tweets
where it just says something like "this tweet is blocked in your country" \-
Turkey reaches twitter to mark the tweet invisible and that individual tweet
goes away. IIRC it also applies to entire profiles - I'm not a frequent
twitter user but I remember seeing entire profiles blocked by country.

~~~
duxup
I feel like asking the site to take something down ... is effectively caring
about who sees it. Otherwise you wouldn't do that.

~~~
dkarras
Sorry I was not clearer. What I meant was an operation like in China where you
have to be careful about what you look for on the Internet. I saw a video from
China where the police was interrogating someone supposedly because of his
remarks about police confiscating motorcycles in WeChat. They were actively
mass monitoring, found someone they didn't like and took him in for
intimidation and questioning, perhaps more. So in effect, they are monitoring
what individuals are doing on the Internet to catch and punish them en masse.
My point was this type of "watching citizens and snubbing those that look at
things they are not supposed to see" thing is not (yet) a thing here. You can
go ahead and "read" anything, they don't care (by that I mean nothing will
happen to you) but they have a problem with the site being able to serve a
Turkish audience here.

------
GlitchMr
Unfortunately, while HTTPS is very common, this isn't really the case with
HSTS Preload, so active MitM attacks are still a threat.

~~~
skrebbel
refresh my understanding, if i manually type "https" into the address bar,
then i can't be MitM'ed through lack of HSTS, right?

~~~
detaro
correct, assuming you don't let yourself get tricked into trying without
https.

~~~
JohnFen
Which, if my experience pentesting is any indication, most people will.

~~~
aksss
This. The question of public WiFi often isn’t “can you keep your comms secure
if you try”, but “will my average user who just wants stuff to work While
traveling be better off on their own mobile hotspot or connecting to dodgy
free WiFi?” Unquestionably, they’ll be better off avoiding public WiFi.

Applications like Outlook will warn you about cert problems but still let you
bypass them. This could be better on app side, but it’s a reality end users
deal with. And when/if IT knows about it, it’s because the user complains that
their laptop/Outlook is broken. The avg business user doesn't think about cert
chains.

------
saurik
> But these parties can’t see the pages you visit on those sites (e.g.
> wikipedia.org/controversial-topic), your login name, or messages you send.
> They can see the sizes of pages you visit and the sizes of files you
> download or upload.

Given the pattern of sizes of data you request, one can do seemingly-amazing
things such as figure out what area of Google Maps someone is looking at based
on the visible map tiles or figure out what movie someone is watching on
Netflix based on the MPEG fragments or guess what article someone is reading
on Wikipedia based on the pattern of requested media files. Note that these
are each practical attacks that people have implemented; I have also seen a
strong argument for a type ahead search attack based on the sequence of search
response sets but I don't know if it has been implemented and it feels harder
to pull off reliably.

~~~
kelnos
Sure, and if you're under a repressive regime or have reason to think that
someone is targeting you, you should probably still avoid public WiFi (and
take a bunch of other countermeasures as well). But for the majority of
people, who just care that their banking info isn't compromised (etc.), public
WiFi is fine.

~~~
saurik
And if that is what the article said, I wouldn't be annoyed; but it went out
of its way to claim that people wouldn't know what pages you were visiting,
and that's a naive misinterpretation of what encryption is buying you.

------
badrabbit
What is up with these b.s posts about open or public wifi being safe this
week? A few days ago there was a twitter thread by a security person at a
hotel claimig their open wifi is safe.

I won't detail all the many harms you can suffer (or the threats that will
readily cause you harm),but let me state just one argument related to eff's
silly (and dangerously harmfull ) statement here:

1) when you type in a domain in your navigation bar, your browser attempts to
connect to unencrypted http(port 80)

2) if (big if!) The site supports https it will do an http 301 redirect to the
https version of the site.

3) An attacker needs to intercept just one such redirect to have an
opportunity for credential theft or content injection
(downloads,exploits,etc...)

3) your browser does indeed remember these redirects going forward,which is
great.

4) Except if you configured your browser to forget all history. Or if you
happen to remember a site you visited a while ago (perhaps on a different
device) and just typed it in to navigate. Or if you typed in something to
search but your browser navigates to it,or many other opportunities for
pwnage!

5) you don't care about that? Well attackers are happy to setup a malicious
captive portal(captive portal checks are plain http for all browsers I know
of) and use that directly or to social engineer installation of an app you
"need" to connect (oh,mitmproxy has a nifty captive portal like page you can
customize to install a CA cert on the device for TLS interception)

I won't even begin to talk about at least half a dozen additional classes of
MITM attacks that can be used, even with wpa3 and client isolation! What you
have to understand is that vulns that would normally be low severity are
amplified in this sort of a network, due to the sheer magnitude of threat
exposure.

I can't complain about most people being ignorant to good infosec practices(we
have to understand+educate) but man this stings! The eff makes one of my
favorite extensions HTTPSEverywhere, how can they post this? It takes a long
time to educate people about good security practices.

------
air7
I think jumps the gun a little.

When sharing a network, there are other attack vectors into people's
unhardened laptops except browser MITM. Do you have any unprotected shared
folders? Can someone brute force your login via RDP? Can you account for all
the listening ports running on your device?

A NAT provides strong protection by simply firewalling you from the outside
world. It's so common that the focus (rightfully) zoomed in on MITM as that is
the only thing "left", but in a shared network, the adversary may reside on
the inside nulling that protection. Most users have not taken precautions
against this.

Oh, and shoulder surfing.

~~~
reaperducer
_Do you have any unprotected shared folders?_

It's surprising how many people have unprotected shared folders. And for some
reason they very often are full of music.

Spend a few days on a hotel's wifi and you can slurp up thousands of other
people's MP3's.

------
resoluteteeth
Passive interception is less of an issue because so many sites are using tls,
but in the case of a mitm attack isn't https stripping still a problem unless
the site is using hsts?

~~~
kevinsimper
You would have to trust a root certificates from your mitm attacker, so it is
not a problem.

~~~
resoluteteeth
When you first access a site, unless the site is using HSTS you are going to
go to an insecure version so a mitm can proxy the request and remove tls or
redirect you to another site. This is what is known as "https stripping."

~~~
zzzcpan
You are talking about "HSTS Preload", HSTS doesn't do anything on first
access.

~~~
acdha
HSTS helps unless you are always on compromised networks or the site uses
short TTLs. Even without preloading most people are probably not accessing
their bank for the first time ever on a malicious network.

------
JohnFen
They're talking exclusively about web browsing, though. There's more to net
access than the web.

Personally, I just always use a VPN (and a firewall to ensure that no traffic
flows except through the VPN). Then I don't have to worry as much.

~~~
EduardoBautista
HTTPS is not limited to web browsing. It's also how the vast majority of
desktop apps communicate on with web servers.

------
PaulHoule
I remember in 2005 when you could just start up Ethereal, run it for a minute,
and get many people's email passwords, email, everything...

I think Wi-Fi security is going to be a major FUD talking point for the
telecoms as they try to justify high prices, 5G, and the rest of their trip.

5G as it exists now does little to compete with WiFi because (in the
millimeter wave form) it doesn't pass through walls. The overwhelming majority
of data consumption happens indoors, so it can't make for a revolution in the
market unless you get a huge number of antennas and/or cells installed
indoors.

That's immensely problematic because building managers aren't going to want to
have Verizon, AT&T, T-Mobile and maybe someday Dish Network stomp through
their buildings, drill holes, do damage, etc.

There has been talk of wholesale access networks, which would be a great idea
(e.g. a neutral vendor installs indoor infrastructure that gets rented by the
carriers...) but the carriers are dead set against it.

~~~
ozim
But 5G is not meant for in house consumption. It is meant for crowded spaces
like train stations, supermarkets to offload other bands. Then you get micro
cells installed indoors inside of supermarkets. (what I mean by supermarket
means mall and all those kind of shopping centers)

It is meant also for all kinds of smart sensors in area, but not like home
sensors but utilities. We have that with LoRa, but it is really small data
amounts, where 5G would be used for sensors that need more data, like smart
traffic lights? Then you won't have to connect your old traffic lights to some
cable network and they would get good connection capabilities.

Right now 4G is not used everywhere, in less dense areas you only get 3G. Of
course providers will install base stations for 5G in places where it is
economically possible. Places that have 3G now are not getting 5G anytime
soon. It is also understandable that 900MHz is better for longer range than
1800MHz.

~~~
PaulHoule
5G below 6GHz really requires dynamic spectrum sharing with 4G. Once that is
standardized, carriers can gradually switch out 4G for 5G with modest but real
benefits.

I was part of a group that installed some radio gear on the roof of the local
mall and I can say that the building manager of the mall was a tough customer.
It really helped that he liked our (union) electrician and was certain we
wouldn't contribute any leaks to the roof.

Carriers used to use the IBEW and CWA and had some standards for the quality
of work done. Today carriers tend to use non-union contractors -- some of
those people are excellent to OK but some are real idiots that any property
owner would want to keep far away.

So far as serious IoT goes I think the coverage problems will still dog IoT.
With fiber you can get 100% coverage -- it costs money, but there is no site
that can't be served.

Will cell phones carriers will tell you they cover 98% of POPs, when you
investigate it might be more like they cover 89% of POPs. With wireless
systems you make a rather large capital investment that rapidly erodes in
value to get to that 89% coverage but then the cost explodes from there.

------
tsukurimashou
Don't most of public Wifi (airports especially) have their own CA to MiTM SSL
connections just like most companies do to inspect HTTPS traffic?

~~~
fulafel
This only works if your mitm ca is preinstalled in the client device.

------
mayniac
As other people have mentioned, HTTPS without HSTS still makes MitM a problem.

And there are still other attacks possible on public wi-fi networks which
don't involve MitM-ing HTTP(s) traffic. MitM DNS traffic and you can do nasty
things:
[https://github.com/infobyte/evilgrade](https://github.com/infobyte/evilgrade)

------
3xblah
"So when you visit HTTPS sites, anyone along the communication path - from
your ISP to the Internet backbone provider to the site's hosting provider -
_can see their domain names (e.g. wikipedia.org)_ and when you visit them."

Except wikipedia.org does not require SNI.

Most HTTPS sites do not require SNI.

Not every client sends SNI by default. OpenSSL's s_client does not. There are
others.

    
    
        printf "GET /wiki/MediaWiki HTTP/1.1\r\nHost: en.wikipedia.org\r\nConnection: close\r\n\r\n"|openssl s_client -showcerts -connect mediawiki.org:443 -ign_eof
    

Some sites "require" SNI, but then do not check it against the Host header. A
client can send any SNI.

    
    
        The server certificate says *.wikipedia.org.  
    

But there are numerous websites sharing the IP addresses for wikipedia.org,
not all of them serving Wikipedia content. One example is mediawiki.org.

What if a website padded all its pages to be the same size.

------
oliwarner
This seems like weird _advice_ to give out.

Sure, it's not as dangerous as it was... Or is it? All the tools are mature
now. Documentation is rife. A seven year old with a Raspberry Pi can set up a
hotspot and spike your DNS. This thread contains a litany of security
papercuts across the whole stack. DNS, shitty apps, crappy server configs and
sites that just don't care.

So yeah, it's no 1999. You're probably not getting your FTP password sniffed
off a public network these days, but there are still plenty of reasons for me
to use 4G or WireGuard instead of trustless networks.

Public Wi-Fi will remain firmly on my "list of things to worry about" until I
can audit all traffic from my devices.

------
theandrewbailey
Even if a WPA2 wifi point has a password, isn't the encryption key shared
among all connections? I.e, if an attacker has the wifi password, it nullifies
the wifi encryption? I recall that fixing this was one of WPA3's selling
points.

~~~
Cogitri
Not exactly, you need more information than just the WiFi password in order to
decrypt the traffic: [https://superuser.com/questions/156869/can-other-people-
on-a...](https://superuser.com/questions/156869/can-other-people-on-an-
encrypted-wi-fi-ap-see-what-youre-doing)

------
diebeforei485
VPN companies have been using the "omg public wifi scary" meme to market their
products. I agree with EFF here.

------
logicallee
Isn't domain information still in the clear? (What specific domain you're
connecting to.)

~~~
tialaramex
The exact hostname is delivered in SNI (serverNameIndication) during
connection yes. Figuring out a safe reliable way to encrypt this data is an
ongoing work item for the TLS Working Group after TLS 1.3 wrapped up. If you
have a recent Firefox (possibly only in Nightlies?) you can see one possible
approach work with Cloudflare sites which opted in. You will also need
encrypted DNS (DPRIVE e.g. DNS over HTTPS) or it's largely pointless.

------
gwbas1c
I still http-only links on Hacker News regularly.

------
pvtmert
tl:dr;

    
    
      "You would be safe in active war-zone (eg. syria) because you are civillian and do not carry any weapons with you"
    

No, you are not safe at all. Lets assume public wifi requires acceptance of
terms and conditions.

\- Redirects all pages (from your Mac/Ip address) to their server

\- There is checkbox on the page for ToS/ToC approval and 'Continue' button

\- Behind the scenes clickjacking/framebusting happens [0]

\- You get PWNd or monetized.

\- also being fingerprinted by company. eg: amiunique.org

Given conditions, they can inject ads/cookies to track you even after you go
away. (eg. at home)

[0]: [https://blog.innerht.ml/google-yolo/](https://blog.innerht.ml/google-
yolo/)

------
kevinsimper
The EFF is awesome with Let's Encrypt! It was really a dreadful task to buy
and renew certificates, especially as out infrastructure back then wasn't that
automated.

I think this article is a response to all those ads from VPN companies. They
do try to scare people about public WiFi's.

~~~
giancarlostoro
One thing I would love to see in the future is the addition of LetsEncrypt
support for major web servers like Nginx and Apache. I think this could go a
long way. In the case of Apache it would be one of those "mod" type of
packages. Someone feel free to let me know if this is already the case though,
I would love to make note of it.

Edit:

Looks like Apache has one called 'md':

[https://httpd.apache.org/docs/trunk/mod/mod_md.html](https://httpd.apache.org/docs/trunk/mod/mod_md.html)

Your move Nginx? :)

~~~
zzzcpan
_> One thing I would love to see in the future is the addition of LetsEncrypt
support for major web servers like Nginx and Apache. I think this could go a
long way. _

This is not as useful as you think. In nginx you only need a couple of extra
lines of configuration to let an external program issue and renew certificates
independently from nginx, without reloads, etc. Definitely not worth
developing a C nginx module that starts a helper process that does that just
so that a few people who run nginx on a single server could get their
certificates issued with only one line of configuration.

~~~
Goz3rr
You still need to reload nginx for it to start using the new certificates. But
you're right about issuing/renewing certificates. I have a small snippet like
this in all my server blocks:

    
    
      location ^~ /.well-known/acme-challenge/ {
        allow all;
        default_type "text/plain";
        root /var/www/letsencrypt;
      }
    

And to issue a cert (and automatically renew in the future) all I need is:

    
    
      acme.sh --issue -w /var/www/letsencrypt/ -d example.com --reloadcmd "service nginx reload"
    

Although recently I've been using the Cloudflare DNS option also offered by
acme.sh instead of webroot mode. It doesn't make any difference in my issue
workflow because the domains are already on CF DNS anyways, but it's required
for wildcard certs.

I definitely agree in not seeing added the value of a nginx module over my
current solution.

~~~
zzzcpan
Since version 1.16 certificates can be dynamic, no need for reload.

