THE internet is a fabulously insecure thing.
Long years ago I was warned that email should be treated as a postcard.
To the machines that move them around, and there are many of them, an email is a string of openly readable text.
If your network uses hubs then every other machine on that hub can also see all the emails being sent by all the other users.
In your Google “packet sniffer” there’s loads of free software that lets you see what’s actually being broadcast on your network.
One part of the Edward Snowden revelations was they confirmed just how hard security agencies have worked to keep the internet insecure, to make their snooping easier.
Normally this isn’t a problem because most people’s emails are not very interesting, and because most people on your network can be trusted.
You should, however, be wary of giving your home WiFi password to people you don’t trust.
Even in, for example, a McDonald’s, the shared WiFi (while generally less useful than half decent mobile data) is probably safe enough because the numbers of users are so low it’s not worth a crook’s time to watch the network in the hope of seeing an unguarded credit card number.
Which brings us to the ACT Government’s planned WiFi network, which had a test spin recently in Civic.
The Garema Place hotspot worked well from Mort Street to just past the merry-go-round, let’s say a radius of 100 metres.
A home, or McDonald’s, hot spot has a range closer to 10 metres.
So what difference does adding a zero make?
For those readers who have been out of school a while, let me remind you that the area covered by a circle can be determined with r2. So multiply the radius of the circle by itself and then (roughly) multiply by 3.
A home network covers 300 square metres. The Civic hotspot was covering more like 30,000 square metres.
Suddenly, the risk/reward equation for the bad guys slides over to “worth a go”.
A tricked out mobile phone with a $30 solar charger from Supercheap Auto and waterproofing via an upturned soup bowl could sit on the roof of any building in the centre of Civic and listen in to everything being sent on the free public WiFi network.
Now, it is true that web browsing can be encrypted. If the website address you’re looking at is https rather than http at the start then it’s moderately secure.
But how about the apps your phone is blabbering with on the internet? Do you know if they’re handshaking with the server and blurting your password and email address insecurely?
Small-time app makers often don’t think of security when they’re getting started and can get wildly popular, like WhatsApp, before they’re forced to think about it. There’s no easy way for app users to know if data is being sent securely by their apps.
Normally that’s not a problem either, because insecure networks tend to be small.
The upshot is you get what you pay for and really need to think carefully about what you send on free networks that anyone can be listening in to.
I’m not normally one for password paranoia but, for the love of God, make sure your primary email password is unique from all the other ones you use. If your app is blabbing your email (often used as a login) and a common password over an insecure network you’ve pretty much handed over your entire online identity to the guy running the sniffer.
He’s probably not doing that for the love of humanity.