If you’ve ever turned on the TV, listened to the radio, or seen a commercial for a VPN service on the internet, I’m sure that you’ve heard that you should never connect to the “Public Internet,” or a “Public Network,” as it’s “unsafe.” Ever wonder if that’s true, or if they’re just trying to sell you some snake oil? In this blog post, we’ll attempt to decipher what the “Public Internet” is, what a “Public Network” is, whether each is safe, and we’ll go over some scenarios in which we’ll examine whether a network we connect to is trustworthy or not.
First, let’s attempt to define “Public Internet” and “Public Network” so that we can figure out what they are. If we search Wikipedia for “Public Internet,” we get the following TL;DR definition of the internet:
The Internet (or internet)[a] is the global system of interconnected computer networks that uses the Internet protocol suite (TCP/IP)[b] to communicate between networks and devices. It is a network of networks that consists of private, public, academic, business, and government networks of local to global scope, linked by a broad array of electronic, wireless, and optical networking technologies.
So, basically, the internet is just a bunch of networks that are interconnected, with some being public, and some being private. But that’s just a definition of “Internet.” What, then, is the “Public Internet”, or is there one? That’s a little harder to define, because if you think about, most of the networks out there (think driving down the road and seeing all the wires on the telephone poles…those are essentially the networks) are owned by either private companies (Think, AT&T, Verizon, Charter, Cox, etc….), or by telecommunication “Cooperatives.” Neither of those represent a “Public” internet, as each requires you to pay to access them. I did some more Googling, and here’ is what I found from sciencedirect.com:
The public Internet was the global hub through which messages could be directed from any Internet subscriber to any other Internet subscriber.
OK…..so let’s look at a key word in there: Was. Back in its infancy, the internet was public, as anyone could subscribe simply by connecting to one of the nodes of the internet. But even that wasn’t technically “Public,” as you had to pay to subscribe, and you had to get an ISP to allow you to connect to the nodes.
In the United States as of the date of publication of this article, there is simply no “Public Internet.” There are a few free options to get on the internet, but they tend to be very limited in connection abilities, and not only that, they tend to be subsidized by some outside factor (think, Government or advertiser who pays to be seen).
“Public Network”
OK, so I think you can see where this is going. If there is no “Public Internet,” why are you wasting a blog post on it? Well, there are certainly “Public Networks,” so lets talk about them now. A “Public Network,” as defined by Techopedia as the following:
A public network is a type of network wherein anyone, namely the general public, has access and through it can connect to other networks or the Internet. This is in contrast to a private network, where restrictions and access rules are established in order to relegate access to a select few.
So now, if we take a step back and think about this, we see public networks all over the place. Any place with “Free Wifi,” is a public network. Coffee shops, airports, grocery stores, etc…..they all offer public networks as a convenience so that you can stay connected while you’re there. Have you ever connected to one? I bet you have!
Let’s think about a public network like a public swimming pool. If you want to go swimming and go to the public pool, you are trusting that the operator of that pool is keeping up with the pool chemicals, and that the lifeguards (if there are any) are up to date on their certifications, and that the safety equipment on site is functional. You also have no say on who is allowed to swim, what conditions disqualify someone from being able to swim (think open wounds, diarrhea, etc…), and how many people are allowed in to the pool. All of that is in exchange for access to the pool for free (we won’t talk about indirectly paying for the pool through your tax dollars). If you have a swimming pool at your own house, you are in charge of those things, and you know for a fact that the chemicals are within spec to keep you safe, the safety equipment is up to date, and if you decide to pay a lifeguard, you know for a fact that they’re certified and up to date because if you have that kind of cash, you’re probably double and triple checking their creds before hiring them. You aren’t letting any old schmo off the street to come swim, and you’re probably not letting your uncle Jim, who has a gaping wound on his leg, in the pool.
This analogy is a good one for public vs. private networks. On a public network, you are trusting that someone is implementing appropriate security measures. And honestly, they probably aren’t, because good security is hard and time consuming. At home, at least it’s just your family on the network (you did password protect your WiFi. right?), and even if you don’t keep up with security and updates, at least the limiting of who can be on your network is a security step.
Here’s the bottom line….don’t connect to a public network. Just don’t. You probably have other options anyway, like staying on a cellular network, where network engineers who do this for a living are implementing security steps. But if you must (still…don’t do it), here are some things that will make you a little more safe on them:
- NEVER connect to an “open” public WiFi access point. Under no circumstances is this OK, even if you are going to use a VPN after you connect. Open WiFi networks simply transmit all packets in plaintext, readable to literally everyone on the network. So, if you log on to Joe’s Open WiFi, then decide to logon to your VPN after you connect, guess what is transmitted in plaintext? Yep, you guessed it, your connection string or handshake (which probably includes some sort of credentials) to the VPN. Yes, everything after that will at least be encrypted, but a really determined hacker who steals your connection string, probably can crack the encryption and privacy the VPN provides. On a wireless network, ALL traffic is broadcast by devices and the access point, and is able to be captured by a wifi adaptor in “Promiscuous Mode.” This is different than on a wired network, where you only see traffic on the network port which is destined to or from your device.
- Only connect to public networks that have at least WPA2 encryption enabled. What does this mean? If you walk in to a place, and they have a sign that says, “Free WiFi! Password is blahblah123,” that is what you are looking for. This will at least protect you somewhat from others on that network, as all of your traffic will be encrypted between you and the access point. Nobody will be able to just watch all of your traffic in plain text go by, although remember, everyone on that network is using the same password, and a determined hacker might be able to capture your access token and decrypt your traffic.
- Use a VPN after you connect to a password protected WiFi network. This will add another layer of encryption between you and any potential hackers. VPNs provide privacy, and another layer of encryption, adding to your overall security posture.
- NEVER login to anything remotely sensitive while you’re on a public network. Even if there is a password on the network, and you’re connected to a VPN, you are still in the public swimming pool, and trusting that the network is secure. What if the network operator is logging all of your traffic for decryption later? What if a rogue attacker has set up another access point with the same password just to capture the traffic of anyone who isn’t paying attention to which network they’re on? You don’t want to log in to your bank accounts and let them have that info. Just keep it to whatever you need to do on that network, and keep the sensitive stuff on better protected networks.