Safe Surfing on Open WIreless Networks (reposted from http://socalfreenet.org)

Safe Surfing on Open WIreless Networks

When you're using a wireless network, everything you do could be monitored by someone nearby or across the street, or even several blocks away.

To keep your personal information private, there's an increasing level of steps you can take. Opinions vary widely about how important this is and ultimately its up to you to determine how much effort you put into this, but the 80-20 rule is well applied here - for 20% of the effort you can get 80% of the protection, so its worth doing some of the steps described below.

Secure Surfing

If you do web-based banking, or similar important transactions like stock trading, then be sure that your web browser shows that you are connected via a secure connection. This is typically shown in the browser with a small 'padlock' on the bottom bar. Also, the URL will begin with https:// instead of http://. Most shopping sites also use SSL, so generally speaking, I don't worry about buying a book at Amazon while using my computer at an internet cafe. (I worry much more about email, see below).

If you want to ensure that no-one can see any web pages you go to, you can use a product like http://www.anonymizer.com or http://www.freedom.net/products/websecure/ for $30-60 per year. These products send all your traffic securely to their servers via https - i.e., the lock icon on your browser will always be on. Other products designed specifically for laptop use at hotspots include www.hotspotvpn.com, www.jiwire.com/spotlock-connect.htm, www.publicvpn.com/index.php, www.witopia.net.

Firewall

Even though most open wireless systems are behind a firewall already, having a firewall on your computer is still a smart move in case anyone else on within the system is infected with a network virus. If you're using Windows XP, at a bare minimum, you should enable the built-in firewall (Microsoft step by step guide). This will block outside attacks. However, if you're already infected, or an attack comes via a web page, its helpful to run a more powerful firewall that will notify you about programs trying "break out" of your computer.

If you have a Windows PC, we recommend either Agnitum's free Outpost (better, more features like ad and pop-up blocking) or ZoneLabs' free ZoneAlarm (easier to use).
Anti-Virus

Please run anti-virus software to catch viruses spread via email. My personal favorite is www.nod32.com which, coincidently is a local San Diego company. I like this because its much smaller, faster and specific than the behomoths offered by Symantec et al - and just as effective (if not more so). Its also cheaper. Got to love that!

Email - Important!

In practice, email is likely the most critical data to protect. Think about the number of passwords, order information and personal information that is stored in your email. Now imagine if someone could read this as you do. At most hotspots they can!
Web Email

Common webmail clients like hotmail and yahoo have a "secure login" button which you should always use. However, this only stops snoopers from seeing your password. Look closely at the "lock icon" on the browser and you'll see that it disappears after you logon. This means that whatever email you view on your computer can also be viewed by others. The reason hotmail and yahoo don't use security all the time is that it increases the load on their servers, which, as you can imagine, are already pretty busy!

Unfortunately the only real solution (except for anonymoous surfing described above) if your webmail provider does not support https connections while reading your email is to switch to another provider that does. Of course this generally means changing your email address, which may be inconvenient. You will need to weigh the risk / reward benefit yourself. Personally I don't use a Yahoo/Hotmail account in public places. Like identify theft in general, the likelihood you'll have a problem is rare, but its also fairly easy to avoid. See the recommendations below.

Email Programs

If you're using an email program, like Outlook (Express) or Eudora, these use either POP3 or IMAP prototols - which are both completely insecure. Similarly when you send email, the sending protocol called SMTP is also insecure. However, many ISPs now provide a secure version of these protocols and its easy to find out if yours does. In Outlook Express, first go to Tools -> Accounts. Then choose Properites. CLick on the Advanced tab. THen check the two boxes This server requires a secure connection (SSL) for both SMTP and POP3 (or IMAP). Then send yourself a message. If you get an error sending, then uncheck the SMTP secure connection box and try again. If it works, your provider doesn't support secure sending of email (or possibly uses a nonstandard port). Similarly for receiving email.

Email Recommendations

My personal recommendation for email is http://fastmail.fm. They have several account levels, starting with free. Unlike Yahoo (and Hotmail, sort of), you can use Outlook Express or your favorite email program with Fastmail, as well as the web interface if you prefer. They support secure connections either via the web or your email client. So when you're using a public connection, you can be confident that no-one can easily read your email. Fastmail also provides the ability to check email from other accounts, including Hotmail (but not Yahoo unless you've paid for POP3 access). This provides a workaround to let you keep your hotmail account while you transition to fastmail. There are also other providers out there that specialize in secure webmail such as www.hushmail.com.

ref: socalfreenet.org/safesurfing