How to use public Wi-Fi networks safely

Every day, millions of people connect to free internet at airports, cafes, hotels, and shopping malls, unmindful of the risks lurking in the open air. The convenience of instant internet access often outweighs caution, but it's precisely in these areas that cybercriminals prey most greedily on unprotected devices. Public Wi-Fi represents an ideal environment for data interception, as user traffic is often transmitted unencrypted or through vulnerable encryption protocols.

Ignoring basic digital hygiene rules can lead to the theft of bank details, access to personal correspondence, and the compromise of corporate accounts. Attackers use sophisticated attack methods, such as creating fake access points or injecting malware directly into the victim's traffic. Understanding the mechanics of these threats is the first and most important step to keeping your digital identity secure.

In this article, we'll take a detailed look at the technical aspects of data protection, review the tools you need to use, and discuss what actions you absolutely should avoid when connecting to other people's routers. You'll learn why regular HTTPS isn't always effective, how to properly configure a firewall, and which operating system settings can help hide your device from prying eyes.

Key Threats in Open Wi-Fi Networks

The most common attack method on public networks is the so-called Man-in-the-Middle (MitM) attack. In this scenario, a hacker creates an access point with a name similar to that of the establishment's legitimate network (e.g., Starbucks_Free instead of Starbucks_WiFi), and redirects the victim's traffic through its own computer. All passing traffic is analyzed in real time, allowing the attacker to read passwords, session cookies, and other confidential information.

Another serious threat is packet sniffing. Specialized software can intercept data transmitted over a wireless network if it isn't protected by strong encryption. Even if a network requires a password to log in, this doesn't guarantee the security of data transmitted within the network itself, as the access point administrator has complete control over the traffic.

⚠️ Warning: Even using HTTPS sites isn't a panacea. Attackers can use SSL stripping, forcibly redirecting users to an unsecured HTTP version of the site to intercept login credentials.

Also worth worrying about are "Evil Twin" attacks. Hackers set up a powerful router that emits a stronger signal than a legitimate access point, forcing users' devices to automatically connect to it. Once connected, victims may see fake login pages that look identical to those of popular services or providers, requiring card or social media credentials.

📊 How often do you connect to open Wi-Fi in public places?
Never, I use mobile internet
Rarely, only if really necessary
Often, this saves traffic.
Constantly, without thinking about safety

Configuring a firewall and network profiles

The first step when connecting to any new network is to correctly identify its type in the operating system. Windows, macOS, Android, and iOS offer a choice between "Home/Private" and "Public" profiles. Selecting the "Public" profile automatically limits your device's visibility to other devices on the network and closes ports used for file and printer sharing.

In the Windows operating system, you need to make sure that the firewall is enabled and configured accordingly. To do this, go to Control Panel → System and Security → Windows Defender Firewall and check the security status of active networks. Enabling a firewall blocks incoming connections that could be initiated by attackers attempting to scan your system for vulnerabilities.

  • 🔒 Set the network profile to "Public" immediately after connecting.
  • 🚫 Disable file and printer sharing in network settings.
  • 🛡️ Make sure your firewall is active for all connection types.
  • 📡 Turn off the "Find other devices" feature in the discovery settings.

On macOS devices, you should go to System Preferences → Security & Privacy → Firewall and enable blocking all incoming connections if you're on an untrusted network. This will prevent remote login attempts through standard services like SSH or Remote Desktop, which are often left open by default.

☑️ Network Security Check

Completed: 0 / 1

Using a VPN to encrypt traffic

A reliable way to protect transmitted data is to use a virtual private network (VPN). This technology creates an encrypted tunnel between your device and the VPN provider's server, rendering intercepted traffic useless to an attacker. Even if a hacker were to sniff packets, they would only see a meaningless string of characters that would be unable to reveal the content of your activity.

When choosing a service, it's best to choose paid solutions with a proven track record and a strict no-logs policy. Free VPNs often monetize their operations by collecting and selling user data, which completely defeats the purpose of ensuring privacy. Encryption protocols such as WireGuard or OpenVPN, provide a high level of cryptographic protection.

VPN type Security level Impact on speed Recommendation
PPTP Low (outdated) Minimum Do not use
L2TP/IPsec Average Average Acceptable
OpenVPN High Noticeable Recommended
WireGuard Very tall Minimum The optimal choice

It's important to enable the "Kill Switch" feature in your VPN client settings. This option automatically blocks all internet traffic if the connection to the VPN server is suddenly interrupted, preventing your real IP address and data from leaking onto the public network. Without this feature, your device may appear on the public network with your real IP address for a few seconds before reconnecting.

Why are free VPNs dangerous?

Free services often throttle your speed, sell your data to advertisers, or embed trackers. On public Wi-Fi, using an unverified free VPN is tantamount to handing over your data to an unknown third party.

Two-factor authentication and password management

Even with all the technical security measures in place, the human factor remains a weak link. Using two-factor authentication (2FA) is critical for all important accounts: email, banking, and social media. If an attacker intercepts your password through a sniffer or phishing page, they won't be able to log in without the second factor (SMS, code from an authenticator app, or hardware key).

It's recommended to use password managers to generate and store complex, unique passwords. Reusing passwords across different websites is a serious mistake that, in a public network, can lead to a chain reaction: hacking one obscure forum could give you access to your primary email account. Password managers allow you to use long character sets that are impossible to brute-force.

You should also be wary of automatic password saving in your browser when using guest networks. Browsers often prompt you to save login information, and accidentally confirming this action on someone else's or a public computer (or even your own if your device is stolen) creates a security breach. Always ensure that incognito mode is not enabled when accessing sensitive data.

⚠️ Warning: Never enter bank card details or access corporate systems over public Wi-Fi without a VPN enabled, even if the site uses HTTPS. The risk of session compromise remains high.

Device settings and disabling services

Modern devices are equipped with a variety of wireless features that may be active by default and broadcast your presence. Bluetooth, NFC, and Wi-Fi Direct should be disabled unless you're using them. Vulnerabilities in Bluetooth protocols (such as Blueborne) allow hackers to gain complete control of a device while in close proximity.

In your operating system settings, disable the automatic connection to known networks feature. Devices often try to connect to a network labeled "Free Wi-Fi" or the name of a popular hotel chain, even if it's a fake access point belonging to a malicious user. Manually select the network each time and delete the network profile after you finish your session.

  • 📶 Disable automatic connection to open networks in Wi-Fi settings.
  • 🔌 Turn off Bluetooth and NFC when not in use.
  • 🗑️ Delete network profiles after use (Forget network).
  • 🔄 Turn off AirDrop or shared file transfer.

For Windows users, disabling certain network services through the registry or group policies is a useful option if you frequently work in dangerous areas. Disabling a service SSDP Discovery And UPnP Device Host Prevents your device from being visible to the network and reduces your attack surface. However, these actions require caution and understanding of the implications for your home network.

Checking HTTPS and security certificates

When working in a browser, always pay attention to the presence of a lock in the address bar and the prefix https://This means the connection between your browser and the website server is encrypted. However, as mentioned earlier, this doesn't protect against all threats, but it's a basic minimum. The lack of HTTPS on any website that requires data entry in 2026 should be a red flag.

Browsers may display warnings about security certificate issues. If, when accessing a well-known site (such as Google or Facebook), you see a message stating that the connection is not secure or that the certificate was issued by an unknown organization, stop using it immediately. This is a sure sign that you are under attack by a MitM attack, and an intermediate node is attempting to decode your traffic.

Browser extensions such as HTTPS Everywhere (or its modern equivalents) help enforce secure connections where possible. Installing such plugins creates an additional layer of protection, minimizing the risk of accidentally switching to the HTTP version of a site due to configuration errors or malicious activity.

Frequently Asked Questions (FAQ)

Is it possible to be completely secure on public Wi-Fi without a VPN?

It's extremely difficult to fully protect yourself without a VPN. While using HTTPS, a firewall, and disabling common services significantly improves your security, they don't hide your IP address or traffic metadata from your ISP. A VPN remains the only reliable way to conceal the content and destination of your traffic.

Is it dangerous to simply read news on the open web?

Browsing news sites without entering personal information is relatively safe if the site uses HTTPS. However, even then, there's a risk of downloading malvertising or mining scripts if the network is subject to content injection. The risk is lower than entering passwords, but it's not zero.

Does incognito mode in a browser protect you on public Wi-Fi?

No, Incognito mode (Private Browsing) only prevents your history, cookies, and passwords from being saved on your device after you close a tab. It doesn't encrypt your traffic or hide your activity from the network owner or hackers on the same Wi-Fi network.

What should I do if I'm already connected to a suspicious network?

Disable Wi-Fi immediately. If you entered any passwords or card details, change them immediately using another, secure connection (e.g., mobile data). Run a full antivirus scan of your device and remove the network profile from your settings.