Why Public Wi-Fi Is a Lot Safer Than You Think

栏目: IT技术 · 发布时间: 4年前

If you follow security on the Internet, you may have seen articles warning you to “beware of public Wi-Fi networks" in cafes, airports, hotels, and other public places. But now, due to the widespread deployment of HTTPS encryption on most popular websites, advice to avoid public Wi-Fi is mostly out of date and applicable to a lot fewer people than it once was .

The advice stems from the early days of the Internet, when most communication was not encrypted. At that time, if someone could snoop on your network communications—for instance by sniffing packets from unencrypted Wi-Fi or by being the NSA —they could read your email. They could also steal your passwords or your login cookies and impersonate you on your favorite sites. This was widely accepted as a risk of using the Internet. Sites that used HTTPS on all pages were safe, but such sites were vanishingly rare.

However, starting in 2010 that all changed. Eric Butler released Firesheep , an easy-to-use demonstration of “sniffing” insecure HTTP to take over people’s accounts. Site owners started to take note and realized they needed to implement HTTPS (the more secure, encrypted version of HTTP) for every page on their site. The timing was good: earlier that year, Google had turned on HTTPS by default for all Gmail users and reported that the costs to do so were quite low . Hardware and software had advanced to the point where encrypting web browsing was easy and cheap.

However, practical deployment of HTTPS across the whole web took a long time. One big obstacle was the difficulty for webmasters and site administrators of buying and installing a certificate (a small file required in order to set up HTTPS). EFF helped launch Let’s Encrypt , which makes certificates available for free, and we wrote Certbot , the easiest way to get a free certificate from Let’s Encrypt and install it.

Meanwhile, lots of site owners were changing their software and HTML in order to make the switch to HTTPS. There’s been tremendous progress , and now 92% of web page loads from the United States use HTTPS . In other countries the percentage is somewhat lower—80% in India, for example—but HTTPS still protects the large majority of pages visited. Sites with logins or sensitive data have been among the first to upgrade, so the vast majority of commercial, social networking, and other popular websites are now protected with HTTPS.

There are still a few small information leaks: HTTPS protects the content of your communications, but not the metadata. So when you visit HTTPS sites, anyone along the communication path—from your ISP to the Internet backbone provider to the site’s hosting provider—can see their domain names (e.g. wikipedia.org) and when you visit them. But these parties can’t see the pages you visit on those sites (e.g. wikipedia.org/controversial-topic), your login name, or messages you send. They can see the sizes of pages you visit and the sizes of files you download or upload. When you use a public Wi-Fi network, people within range of it could choose to listen in. They’d be able to see that metadata, just as your ISP could see when you browse at home. If this is an acceptable risk for you, then you shouldn’t worry about using public Wi-Fi.

Similarly, if there is software with known security bugs on your computer or phone, and those bugs are specifically exploitable only on the local network, you might be at somewhat increased risk. The best defense is to always keep your software up-to-date so it has the latest bug fixes.

What about the risk of governments scooping up signals from “open” public Wi-Fi that has  no password? Governments that surveill people on the Internet often do it by listening in on upstream data, at the core routers of broadband providers and mobile phone companies. If that’s the case, it means the same information is commonly visible to the government whether they sniff it from the air or from the wires.

In general, using public Wi-Fi is a lot safer than it was in the early days of the Internet. With the widespread adoption of HTTPS, most major websites will be protected by the same encryption regardless of how you connect to them.

There are plenty of things in life to worry about. You can cross “public Wi-Fi” off your list.


以上就是本文的全部内容,希望对大家的学习有所帮助,也希望大家多多支持 码农网

查看所有标签

猜你喜欢:

本站部分资源来源于网络,本站转载出于传递更多信息之目的,版权归原作者或者来源机构所有,如转载稿涉及版权问题,请联系我们

网页配色实用手册

网页配色实用手册

温鑫工作室 / 科学 / 2011-9 / 59.00元

《网页配色实用手册》在日常生活中,色彩早已广泛地深入到人们的精神生活和物质生活中,它是一种能够激发情感、刺激感官的重要元素。《网页配色实用手册》 从色彩的应用范围和网页设计行业需求出发而编写。全书共分为9章,第1章~第2章主要介绍色彩的基础知识、网页与多媒体的相关知识,帮助读者掌握最基本的理论;第3章主要介绍明度、纯度以及色彩感觉的配色,引领读者深入学习;第4章~第8章分别根据网站的属性、网站的地......一起来看看 《网页配色实用手册》 这本书的介绍吧!

JS 压缩/解压工具
JS 压缩/解压工具

在线压缩/解压 JS 代码

URL 编码/解码
URL 编码/解码

URL 编码/解码

RGB CMYK 转换工具
RGB CMYK 转换工具

RGB CMYK 互转工具