There’s been a lot of buzz this week about a USA Today reporter who was hacked by another passenger onboard an American Airlines flight recently:
“I hacked your email on the plane and read everything you sent and received. I did it to most people on the flight.”
He had verbatim detail of a long email that he repeated back to me essentially word for word.
We’ve received tons of questions asking if it’s safe to connect to airplane WiFi in light of this, and I figure it’s something others are wondering about as well.
No public internet connection is inherently safe.
Whenever you’re using a public connection you’re exposed to flaws in the network, and are a bit at the mercy of anyone using that same network. It doesn’t really matter whether you’re at a coffee shop, a hotel, or on an airplane.
To protect your data, an easy option is to use a Virtual Private Network (VPN). These are inexpensive, easy to use, and truly — there’s no reason not to.
How do VPNs work?
Alright, so the disclaimer here is that while I am tech-y for OMAAT, I am not a computer engineer or anything. My husband, who is a computer engineer, gave a pass to this explanation with an “Ugh. That’s really simplistic, but more or less accurate” followed by an “It’s really not appropriate to turn this into an extended sex metaphor, you should edit that part.”
So this is a basic for-my-mom explanation. 😉
When you connect to the internet, your communication with various websites is either encrypted or open based on what site you’re visiting.
Things like Gmail, your bank, Facebook — those are always encrypted (that’s what the https means at the beginning of the URL). So in theory those should be safe, but you’re relying upon the destination site and your internet service provider (ISP) to keep that connection secure. If you’re at home, you can probably trust your own network, but even https can potentially be circumvented by the ISP forcing you to use an alternate certificate (that’s why you sometimes see that padlock with the slash through it in the navigation bar, because the site certificate is suspect).
It gets complicated, but the takeaway is that even normally encrypted sites aren’t necessarily secure when you’re accessing them from a public network.
And everything else is potentially open-season.
Once you’re using a VPN, everything is encrypted to the server of the VPN provider. So it doesn’t matter as much what the security level of the individual sites is, because your VPN creates a shield for your device.
The VPN shield protects you from people reading your data when on public or shared WiFi (whether it’s Starbucks or Gogo). It also prevents less-legitimate sources from looking at your data (be it the guy hacking from the row behind you or the Chinese government), because all they can effectively see is the connection to the VPN. The rest of your internet usage goes into an opaque tunnel.
While obviously better, a VPN still isn’t perfect — it’s like drawing the curtains over your activities versus hanging out with the blinds open and lights on. That’s sufficient for the vast majority of us, but if you’re running a Soviet spy ring you probably need to look into more advanced options.
Which VPN to use?
Honestly, there are hundreds, and as long as the company is reputable and trustworthy, they all work about the same (unless you’re going to China, where the internet is more complicated in general). The VPN company can theoretically see any unencrypted traffic, so you don’t want to use a fly-by-night operation. I’ve used a few different ones:
This is what I’m using currently. TunnelBear is cheap at less than $5 a month, it works on my computer and my phone, and I appreciate their commitment to the bear theme, which I find hilarious.
Last year I used ExpressVPN almost exclusively, and it worked really well. No problems in a variety of geographic locations, and the one time I did have a slight technical issue their customer service was fantastic. I would still be using them if I hadn’t decided to try out TunnelBear for science.
Astrill worked best of any of the services we tested in China last year (but that situation is volatile). Their interface is a bit clunkier, but they have a “stealth mode” that worked brilliantly for getting to Twitter and YouTube in China.
Vypr is a highly reputable service in China, and the one endorsed by my geek friends. It worked well, though the app was a bit fussier than Astrill. Ben ended up having to change servers pretty frequently, which was a little irritating, but it still worked well overall. I haven’t used it since though, as the app just isn’t as useable as the other three for everyday use.
So based on my experiences I would go with TunnelBear or ExpressVPN. If you’ve used others please share them in the comments!
Is it hard to setup a VPN?
Nope. With any of these services you’ll install a program on your computer or phone. Once you connect to the internet, you then open the VPN app to create the network “shield.”
They all have great tutorials should you run into issues, but it generally takes less than five minutes to configure a VPN service.
The one caveat is that you’ll want to set them up before you’re traveling. There are many countries where you can’t access these websites to download a VPN, and it’s better to install these kinds of things from a reliable internet connection anyway.
If you’re accessing public WiFi, ever, you should be using a VPN.
The services aren’t that expensive, a VPN is easy to setup, and the extra protection is well worth it. You should also be using a password manager to create unique and complicated logins for individual sites (we use LastPass) as an added measure.
Do you use a VPN when you travel? Which one?