Using Public WiFi Networks

Setting up and using WiFi, as an alternative to Ethernet in your home, is a tricky project. Wifi will never be a true alternative to Ethernet.

There are things that you can't control, as a domestic WiFi LAN owner.

  • Noise on the channel (analogue interference).
  • Neighbors sharing the WiFi spectrum (digital interference).

When you take your portable computer to the local coffeeshop, you are still subject to the problems of a domestic WiFi LAN. You have additional problems too, issues that you (as a mere customer) can't control.

  • Security used by the hotspot, to control access, and to keep the customers safe.
  • Other customers at the hotspot (digital interference).
  • The Internet service used by the hotspot.

These issues all apply after you are connected to the hotspot.

Security Issues - and the Initial Connection
Initial hotspot connection is a big issue. And authentication / encryption is a part of the connection problem.

  • Authentication identifies you to the hotspot Access Point, letting only those who have legitimate access use the network. Authentication prevents unauthorised active use of the network.
  • Encryption encodes the network activity between your computer and the access point, so no hackers can snoop on your activity. Encryption prevents unauthorised passive use of the network.
  • WEP, which is the original standard for WiFi security, only provided encryption, with a static encryption key. The hackers figured out how to break the key, so WEP was dismissed as insecure.
  • WPA / WPA2 has several versions of authentication and encryption. You will probably use the simplest in your home WiFi LAN: WPA-PSK with TKIP. PSK is a pre-shared key, similar to the key used in WEP, but more complex. TKIP is an encryption protocol which starts off by using the pre-shared key, but changes the encryption key regularly, to keep hackers from breaking the key. By preventing unauthorised access (by using authentication), and snooping (by using encryption), a WiFi LAN is safer.
  • At most big hotspot chains, like T-Mobile, they have dismissed using WPA (or even WEP), because it's a pain to setup and to manage. If you setup a home LAN, you will (should) use WPA or better, because you control the LAN, and because you need to keep YOUR LAN (with maybe some non-WiFi computers even) secure. But how can you do that, if you don't control or can't meet the customers and their computers?
    • Not every Starbucks customer, with a laptop, is capable of setting up a WPA client, without help.
    • Very few hotspots have anybody on staff, even remotely proficient in setting up WPA security, and available during store hours.

With most hotspot chains, the hotspot AP itself will be open, and use a captive portal for access restriction. You connect to the hotspot, THEN you authenticate using your credit card (or maybe a token provided by the store running the hotspot). Using a hotspot provides challenges similar to, but not limited to, those involved when using a public computer.

To really understand the differences between WEP / WPA / WPA2, and open (with credit card / token), authentication, you have to start with some understanding of the OSI network model, and network layers.
  • WEP / WPA / WPA2 authentication and encryption occurs at layer 2, the Data Link layer. Data link authorisation / encryption occurs between your computer, and the hotspot Access Point, with a mere minimum of information transmitted in the clear (ie visible to any hackers). Based upon the WPA shared key and settings on your computer and on the Access Point, a lot of initial conversation takes place, between your computer and the access point, that you don't see.
  • Open, followed by credit card / token, authorisation, involves a brief initial conversation, between your computer and the access point, that you don't see (layer 2 again). This is followed by with some portions of the transaction transmitted in clear (unencrypted), and readable by any nearby hackers.
    • Initial connection to the hotspot AP is open to anybody. This eliminates the need for setting up WEP / WPA authentication for each WiFi customer.
    • Once a (Layer 2) connection between the AP and a client computer is established, you the customer see a "Please Login" screen in your browser, and can either enter a credit card number (if connectivity is open to everybody paying), or a token (if connectivity is sold by the store running the hotspot). Generally, the browser will use an encrypted protocol between the browser and the hotspot; if so, you will see the familiar padlock icon in your browser. This allows you to use your credit card with some degree of security (but still be careful).
    • Since you have an open connection (with maybe the credit card transaction encrypted), any Internet use will be unencrypted. Whatever you do with your browser, or any other Internet traffic, is available for snooping by any nearby hackers.

  • Any Internet activity between your home LAN (or a public access point) and a distant Internet server, unless transmitted securely (with the padlock), is open to any Internet snooper. Traffic volume on the Internet is immense though, and merely snooping Internet traffic is likely to be a waste of time. With a properly setup home network, all WiFi traffic between your computer and the access point is encrypted; with a hotspot, this may not be the case. A hacker, snooping local traffic on an unprotected WiFi LAN, is much more likely to pick up relevant secrets from unwary customers.

Don't be an unwary hotspot customer. As with using any public computer (and even if you carry your own computer with you), protect yourself when using any LAN that you don't control.


Other Customers at the Hotspot

As discussed in my other articles, you have to share the bandwidth. If there are other customers at the hotspot, they will be accessing the Internet too. If they are just browsing the web, and you are doing likewise, you can likely share just fine.

If either you or another customer is using a hotspot to download large music or video files, the other customers may suffer from degraded service. As with any WiFi LAN, depending upon how the hotspot is setup, those with intense network activity (such as downloading large files) may cause unfairly degraded service for the other users.
  • Don't go to a crowded hotspot and download large files during peak use periods.
  • Don't be surprised when your network performance drops during peak use periods.


The Internet Service Provided By The Hotspot
As in your home, the quality of the Internet service provided, to any hotspot, may vary. Cable broadband based Internet service will vary depending upon time of day (and Internet access by the cable customers who are immediate neighbours to the hotspot). DSL based Internet service will vary depending upon the distance from the hotspot to the telephone connection office.

Issues like the WiFi channel used, which you would change at home to avoid interference by the neighbours, will be ones that you won't be able to control. And service outages, that you can only report to your ISP from home, you won't be able to report to the hotspot service provider. They will affect you, nonetheless.