OCC Forums

Open Wifi Dangerous?


By jennyjen - 13 Mar 2012

ActiveCaptain advises 'Don 't use open WiFi '.

Is it really dangerous to use open wifi facilities? Has anyone had any negative experiences with this, or is it just another scare tactic to get us to buy another piece of equipment?
By simoncurrin - 14 Mar 2012

Maybe I have been lucky but I have never had a problem with open WiFi despite having used it pretty freely in recent years? I don 't think my computer is too infested with malicious software as a result.
By RobbieW - 16 Mar 2012

It depends on your attitude to risk and an understanding of what that risk is. The original articles explain the risk fairly well - as a result I bought a subscription to one of the services they came up with. As a side benefit I can now stream BBC TV content from wherever because the VPN service makes me appear to be in the UK as well as encrypting my internet interactions.

Most corporates would use a VPN service from thier employees laptops when going across the internet, as opposed to thier own 'secure ' intranets.
By simoncurrin - 16 Mar 2012

I knew there was a way to get full access to the BBC whilst abroad but never figured out how. That 's most useful. I see in the ActiveCaptain site they say a VPN is easy to setup. Is that your experience?
By RobbieW - 17 Mar 2012

I chose to use Astrill, having tried it out before buying. I 'm fairly computing literate & have an understanding of how some of the (hidden) complexity of the internet works. I would rate the difficulty of installation and setup as 4 or 5 in a scale of 1 - 10 (this may be a result of investigating all options rather than taking defaults). Astrill does appear to have good online support if you run into trouble. The following comments apply to the Windows (XP & 7) platform, which are the ones I use.

When I first downloaded Astrill, the pricing gave all the function for one price. This has since changed in that when renewing my subscription, I had to choose which of several VPN options I wanted as the free add on to the base package. I chose OpenVPN as thats what had been working previously.

The product works by building an encrypted tunnel between your device and the VPN providers server. Once installed, you have a choice of running in OpenWeb or OpenVPN mode. So far as I 'm aware OpenWeb will provide encryption for browser based traffic only, ie. HTTP. OpenVPN provides encryption for all your devices interactions with internet services - this would include applications like Skype, eMail (where you dont use a browser only service), UGrib, zyGrib, Torrent as well as the browser. Another way of looking at this is that with OpenWeb ony browser traffic is routed through the VPN server, with OpenVPN all traffic is routed through the VPN server.

A useful (for cruisers) side effect of this routing is that your devices IP address (the thing that makes it unique on the internet) will appear to be in the same country as the VPN server. When not going through the VPN server, the devices IP address is derived from the (usually) country specific ISP ie, the service that your free WiFi, paid WiFi or mobile broadband connection is using.

This side effect can make some country specific services like TV streaming available when routing through the VPN server. These may be blocked when routing through the country ISP as the media rights (for example) do not extend to the country your IP address comes from. Some broadcasters are reported to be smart enough to recognise when your IP address is using a routing service however.

Another potentially useful side effect is that using the VPN server routing may make some applications available that the ISP would prefer to block. A good, pertinent for cruisers, example is Skype, many of the mobile broadband ISPs block Skype connections. How this works is more difficult to explain, especially as I 've not tested this theory out. As simply as I can, an internet connection goes to a 'port ' on the server. That port understands what to do with the data it recieves, sort of 'speaks the language '. Nearly all browser (HTTP) traffic goes to port 80, other applications use different port numbers. So to block a particular application all the ISP need do is block traffic intended for that port. Traffic to the VPN server is directed to a specific port on that server, the server understands how to dissemble your traffic and distribute that around the internet, then reassemble the replies and return them to you. As all your traffic in OpenVPN mode is going through the VPN server, all the ISP can see is the port used by that server - the complexity of what you 're actually doing is hidden inside the encryption. So, providing the ISP allows access to the VPN server port, all the applications you want to work should do so - thats the theory anyway.

I 've significantly rewritten my original reply to i) simplify it & ii) I think there are some benefits to using a VPN service that go beyond the security from local snooping that is possible in a WiFi setup. In fact using a mobile broadband ISP negates the potential for snooping but brings some other constraints that VPN may work around.
By simoncurrin - 17 Mar 2012

I think you 're way ahead of me I am afraid. Thanks though for taking the time to explain. I am sure others will find this thread very useful.
By RobbieW - 18 Mar 2012

A heads up that I have completely re-written my earlier reply to Simon 's question
By simoncurrin - 18 Mar 2012

Thanks for the re-write which makes it much clearer.
By Tonygooch - 1 Apr 2012

Jenny, I worry about using my computer with unsecured wifi 's but in tweo years in the UK, Azores and Canaries I haven 't had a problem, Maybe I 've been lucky?