I am forced to travel internationally for a while. And though I try to use my own mobile network, things are spotty at times. I am forced to use my hotel’s WiFi as a result. Completely unsecured, no WPA or even WEP. Bluck.
Anyway, wanting to make sure I am secure against tampering/eavesdropping/malware.
I am assuming that proper VPN usage would effectively protect my device from the dangers of public WiFi?
To clarify:
-I use GrapheneOS or Fedora Linux (firewalld is running in standard config).
-I use a PG recommended VPN with kill switch on both devices.
**Outside of having to sign into the WiFi over http, I don’t ever leave the VPN connection. In GrapheneOS this is handled automatically. In Linux I have to kill the VPN briefly, sign in, then fire up the VPN again.
-My devices are reasonably up to date
Should that cover it?
**yes I am aware that in a perfect situation I don’t take personal devices internationally. Not possible right now to get a burner device, I don’t have time to set up, nor the money to buy a 1-time then trash device. So I need to use my personal devices safely
The only difference with unsecured WiFi is your connection between your device and the access point won’t be encrypted (unless they use WPA3). Really there’s no extra risk, you should still be using https and whatnot like normal. Mostly a password is gonna protect the owner of the network from people they don’t want on their network, but you aren’t the network owner so it’s not really relevant to you.
There is the possibility someone tries to connect to your device but if you’ve got your firewall set up shouldn’t be a problem.
I always seen videos or articles discouraging of use public wifi as it could be often easier to hack or see traffic or dont really know who is on that wifi, but recently seen also some articles or people saying to use that. Whats yourthought about that -and is it actually safer or more anonymos than using private wifi but wifi? And how i could make surfing on pubic wifi safe and anonymous enough - vpn or tor would be enough?
First, learn what VPN can and can’t do and under what situation it makes sense for you to use it. I think that should answer most of your questions/concerns. Techlore, Privacy Guides, and The New Oil all have info on this. Some research is needed.
VPN is mostly useful if you want to stop your ISP from knowing where you go online and to have an encrypted tunnel between only you and the website you visit. They also help you obfuscate your real IP address and location.
If you are okay with ISP knowing this and the websites you visit knowing this, then HTTPS should be enough as your ISP may know which website you visit but they do not know what you’re doing on it. The websites then will also know your real IP address.
Public WiFi these days can still be unprotected especially at airports as there are no passwords to join so I always recommend using a VPN at all times.
You want some SIMPLE minimal protection of devices on your LAN. Many VPN client apps provide this. Better a physical firewall
When I travel I have a GL-inet roadwarrior router between my devices and hotel wifi
I also run whole network wireguard (mullvad) on the GL-inet. It largely does not matter which router from them you pick. Cost is tightly associated with wireguard throughput.
I use the ATX1800 slate. Notice the X. They do tend to wear out not even being rough handled like the software wears out getting more firewall type errors over time. While it does have its own active cooling fan i ziptie an 80mm usb fan to it for better cooling.
Your VPN client needs to be able to block LAN access. Mullvad’s proprietary client offers this.
If I travel somewhere more restrictive or lower trust and GL-inet middlebox is not convenient I use AmneziaVPN client and 1c1r linux VPS hosting to run my own instance.