So, I'm starting a list of Free WiFi hotspots in Toronto, particularly in downtown, but there will be some locations listed that are much more east or west of Yonge Street. For whatever reason, 4G and LTE data plans are becoming more expensive these days rather than less, and now that I've recently become the proud owner of a few monthly bills completely accessorized with $100+ in data overage charges on each (the tl;dr version would be: someone on our family plan didn't know YouTube videos ate up bandwidth... as well as Google Navigator, ugh.) I'm finding a bigger need these days to supplement my smartphone and netbook data usage while I'm out and about to buffer these unsuspecting data usage reveals. I've got grey hair thanks to my less than spectacular data plan.
One thing about surfing on open WiFi though is that if you don't have your bases covered, you and your tech could fall prey to hackers that troll open, unencrypted networks for data dumps, or even install keyloggers onto your computer just waiting for you to do your online banking. We need to keep our data safe at all times, and it would truly be a disaster if you unwittingly pay for use of free WiFi with your banking or other severely personal information.
While I'll continue to create my list of Free WiFi hotspots in Toronto until its massive, I've been having this growing need to write up a post on how to keep all of you safe, especially if you chose to use a hotspot based on my recommendation page.
4 Ways to Secure Your Computer While Using a WiFi Hotspot
One would hope that WiFi hotspots would have at least an encrypted password enabled to keep their network moderately secured, but very few do; and even if they do require a password to log onto their network, that is only a smidgen of security (it helps, but not much.) Please follow these steps to shield your browsing and general usage secure.
1. Toggle On/Off WiFi Switch
It might sound counter intuitive, but if you're not using WiFi the entire time (such as, you're writing your next novel masterpiece and are only browsing online intermittently for research,) turn off your WiFi antenna while you're not actually online. Most laptop/netbooks have a handy button among the F keys to toggle the computer's WiFi to On or Off. For the Asus Transformer (T100T) that I'm using, I simply need to click the Fn (Function) key + F2. Even if you're connection is sitting idle while you're working with an Office suite, hackers can still potentially tether to your computer through the open connection.
2. HTTP vs HTTPS
Try your best to always use HTTPS within the urls that you're browsing; which essentially means that any website you go to should start with the securely encrypted "https://" instead of the unsecured "//". By using https://, any data you enter on the site you're securely accessing will be encrypted, which is helpful when you're entering usernames and passwords. Https:// doesn't always work, 'cause not all sites are SSL certified (such as GeekwithStyle.ca, as it doesn't make sense yet for me to certify this site. I'm not selling you anything, and the only person who logs into any sort of backend is me.)
Both Firefox and Chrome have plugins (such as FF's HTTP Nowhere extension,) where it will automatically connect you to the HTTPS version of the website you're accessing, so you won't ever have to think about whether that simple 's' character was added to the url or not. You can also teach the plugin to ignore using https:// on specified sites (like mine,) so that you can still access those favourite sites of yours regardless of their security settings.
3. Two-Step Verification
I can't stress how necessary two-step identity authentication is on a daily basis, let alone when using an open WiFi network. This program creates a second, ever changing password (by the minute,) that is virtually unhackable, meaning only you can get into your site, since you'll be the only one who knows the right set of digits for the next 0 to 59 seconds. With the help of my smartphone, I use two-step passwords on a multitude of sites, including my blog, my email and Twitter. How to use two-step verfication is a blog post all on its own, but if you've never tried it before, start with securing your Google account with this helpful wizard (and if you have a selfhosted WordPress blog, be sure to get the two-step plugin so that you can have extra security for your website as well!) It's the back-up plan you hope will never have to be used, but should a hacker discover your Gmail password while you were browsing your inbox in a cafe, they still won't be able to access your account, because they wouldn't have access to your second 6-digit code.
Here's a pic of what my Google Authenticator looked like 10 minutes ago on my smartphone (the one downside to this process is that you will always need your smartphone on hand to get the ever changing 6-digit code.) The little pie on the right hand side is a 1-minute timer, and the six-digit password on the left continuously changes each minute. I'm looking forward to the day I have ten accounts listed, as two-step authentication becomes a more popular option.
4. Virtual Private Network (VPN)
Virtual Private Networks (VPNs) are probably the easiest way to keep yourself secure, even if you forget to do steps 1 to 3 (which I wouldn't recommend doing, but you could.) A VPN changes/masks the IP settings of your device's network drive, making it virtually invisible from prying eyes, including hackers that are cruising by the cafe you're sitting in (or even your home.) VPNs have a lot of useful tricks to keep your computer/identity anonymous to anyone watching while you're surfing online.
Below are links to the VPN companies that I've tried, use daily and trust. I do have to note though, that most of these sites have a referral program 'cause they like making friends, so yep, there are some referral links below (that will only help me in my membership fees should you choose to join them too.)
One of my favourites is PrivateTunnel. You get 100MB free to try their program out, and is simple to install anywhere (desktop, laptops, android, Windows, Mac platforms)
- Pay for data packets instead of a monthly subscription (works great if you're only going to use the VPN every once in a while, and not all the time.)
- One account will span across all of your computers/smartphones. This is helpful if you have more than one device that requires a VPN program, and honestly, you could benefit from using a VPN on every single Internet ready device you own, even those that stay at home.
- Quick and easy to use Windows platform app (I have not tested PT on any Apple devices, because I don't own any.)
Cons for using PrivateTunnel:
- Android app is a little clunkier than other VPN apps I've used. It takes a few seconds more to connect, and not as easy to disconnect.
- With a limited amount of data (depending on which packet you choose,) you have to keep an eye on how much you're using at any given time.
- 100MBs to initially test their program really isn't alot (don't try to use YouTube or other video services, or you'll eat up that data in minutes.) I'm not sure if the 100MBs is replenished each month, or if its only a one time trial.
My other favourite is TunnelBear. I've been using this one the longest (for close to a year now,) as a VPN for my smartphone, and more recently as VPN service for my netbooks as well.
Pros for using TunnelBear:
- Quick and easy Android app; you're connected in seconds.
- 500MBs of free monthly data, which is enough for the casual VPN user on a smartphone. Or easily send TunnelBear a tweet (through their settings widget) once a month, and utilize 1.5G/month of free data instead.
- Affordable monthly and yearly subscription plans for unlimited usage, meaning that after subscribing, you won't have to worry about how much data you're using on your VPN.
- Buy local - TunnelBear seems to have been developed by engineer students from U of Waterloo, and their headquarters are based in my home town (Toronto, woot!)
Cons for using TunnelBear:
- Desktop (Windows) app, occasionally takes longer to connect depending on your settings. I can easily connect to a Canadian network, but find the United States connection sometimes difficult. If you're only using a VPN to mask your computer from hackers, selecting "Closest Tunnel" from the list is the best option and you shouldn't have any delays in connecting (there are benefits for Canadians to use an American channel, but I'll let Google explain why.)
- A subscription account is good for one desktop/laptop and two mobile devices. I have two netbooks that I use equally for work while travelling (sometimes it just comes down to which netbook has more battery life at any given moment,) so am limited to choosing only one of these devices for the unlimited service, and then the other device has a monthly limit of 1.5G of data as a free account (I don't actually need to create two accounts with TunnelBear though, it automatically recognises which is using the Lite/Free service.) I have five smartphones on our family plan, and can only use this service on two of those devices. Again, the other three devices can use the free/lite service, and that just might be enough anyway.
Hola Unblocker is a plugin available on Chrome and FireFox, (whereas PrivateTunnel and TunnelBear are both applications,) as well as a smartphone app that I've used before I knew about TunnelBear. Hola Unblocker is meant for another purpose (viewing sites that are not readily available to you based on your country location,) but its essentially a VPN as well.
Pros for using Hola Unblocker:
- Free unlimited service, and an affordable premium service available for a few extra perks (a constant SSL connection for any website landed on will be an interesting perk in the future.)
- Boasts that it speeds up your internet connection.
- Hola uses a cache that compresses the amount of bandwidth data used by up to 25%, so in theory this plugin can actually help you use less data if running while using your data plan instead of WiFi. (I don't really have a way of testing this claim, but sounds awesome.)
- If ever a need arises, you can choose different countries for VPN locations based on website. Twitter can be set to have a Canadian VPN, while simultaneously using a UK VPN for Facebook and a US VPN for Google+.
Cons for using Hola Unblocker:
- The current version requires the user to select a country on every individual website visited, which can be tedious on first usage. You'll need to remember to create settings for every website you go to, when you first land on those pages with the Hola plugin turned on. If you do choose to use Hola, I would recommend opening every website that you visit constantly, and set your preferences for each website right away, so that you won't have to think about it later. Once you've set your preferences, Hola will remember them for future usage.
I'm a far cry from being an expert on safe and secure browsing, but these four tips above are a great start to practice with. I would love to hear if you have any different tips on how to keep your identity and computer safe from local hacking (or online hacking even.)