Using a VPN for Wi-Fi Security
The short answer is that for most people, most of the time, VPNs are still a pretty good idea when using public Wi-Fi. While this type of network has indeed become a lot safer—almost perfectly safe thanks to upgrading to HTTPS—you need a certain level of awareness to tell if you’ve accidentally wandered onto a site that doesn’t use HTTPS. As such, it’s better to be safe than sorry and we recommend you still have a VPN engaged when using public Wi-Fi.
That said, we also want to emphasize that the chances of you falling prey to any kind of attack are pretty small, so it’s not like you need to stress out if you ever use public Wi-Fi without a VPN. Think of it more as an extra layer of protection or insurance, even. Let’s take a look at the kind of threats you may face.
Is Public Wi-Fi Dangerous?
Until fairly recently, public Wi-Fi had the potential to be dangerous thanks to so-called man-in-the-middle (MitM) attacks. Because most sites used unencrypted HTTP instead of the more secure HTTPS, somebody with ill intent could set up on the same network and intercept data you were sending to and from the internet.
A successful MitM attack could be pretty disastrous: perpetrators could gather up a lot of personal data. This could include your name and email address, but also more sensitive information, up to and including usernames and passwords you use for different sites.
The best way to protect yourself against this risk was by using a VPN. Here’s the short version of how VPNs work: they reroute and encrypt your internet connection. This has many great benefits, such as allowing you to seem to be in a different country, but the main advantage in the case of MitM attacks is that all the hacker sees is a bunch of encrypted gibberish.
All that said, though, it’s possible that MitM attacks were never that big a risk. For one, MitM attacks were probably never that common to begin with according to Nicholas Weaver, a professor at the University of California, Berkeley. Though much has been made of their dangers, the effort to set one up — you need to be in the same physical space as the network you’re trying to infiltrate — is a big deterrent for criminals.
Public Wi-Fi Is More Secure Than Ever
However, this point is somewhat moot as the main weakness that makes MitM attacks even possible has been removed. Before, you used to connect to the internet using a protocol — a set of rules governing communication between devices — called HTTP. This has been phased out, though, and now most web communication runs over a protocol called HTTPS.
That added “S” stands for “secure” and means that your connection is encrypted. If a MitM attack managed to hijack a public Wi-Fi network, all the hacker would see is encrypted data, the gibberish we mentioned earlier.
Because of the advent of HTTPS, plenty of people now assume that using public Wi-Fi is perfectly safe and, well, it is. Many of the risks associated with using public Wi-Fi are simply gone, provided you’re using a site that has HTTPS enabled.
However, that’s also where the remaining, minor risk comes in: though most browsers will warn you if you access a site that still uses HTTP, not all of them do. If you access an older site while somebody is camped out on the network you’re using, then they could see what you’re doing.
Also, HTTPS doesn’t solve another issue, namely that MitM attacks can still reveal your DNS requests. Though generally speaking these rank fairly low on the threat meter as they reveal on the site you’re visiting, not the specific page, they can be a threat to your privacy. That said, we doubt if getting their hands on your DNS requests is worth the trouble of setting up at your local Starbucks for most hackers. (DNS over HTTPS solves this problem. You can enable it on Windows 11, but it’s not available on every device just yet.)
The upshot is that while public Wi-Fi is mostly safe, there are still a few snakes in the grass that can bite the unwary. If you have the situational awareness to make sure that you don’t accidentally wander onto a site still using HTTP—or use a browser that warns you when you access HTTP sites—then using public networks isn’t too much of a risk.
That said, if you visit a lot of older sites or are worried about your DNS requests falling into the wrong hands, then having a VPN engaged while using public Wi-Fi is the best course of action. Switching one on takes all of two seconds, and can give you great peace of mind.
Don’t have a VPN yet? Here’s our guide to the best VPNs you can buy.