Allegedly, on or about 4 November 2017, Patrick O'Callaghan sent:
*All* public WiFi is insecure by definition since in general you
don't know anything about who's running it. Whether or not that
matters depends on your requirements. At a minimum, use application-
layer security (HTTPS, SSH, TLS etc.)
Yes, people forget that the encryption aspect of WiFi only covers the
wireless aspect. Once the access point has the traffic, it goes out
through a LAN then WAN, and *that* is unencrypted, and often directly
accessible to other users, and just as prone to compromise as any other
badly run computer system.
If you access a HTTPS server, the server is responsible for setting up
an encrypted connection between you and them, that *allegedly* can go
through an unsafe network in the middle.
But a lot of services are not encrypted, or only partially. Your
usernames, passwords, dates-of-birth, addresses, etc., all being
transmitted in a captureable way. Some of which seem, on the face of
it, nothing to worry about, but do make up a collection of data which
is useful to miscreants.
[tim@localhost ~]$ uname -rsvp
Linux 4.13.9-200.fc26.x86_64 #1 SMP Mon Oct 23 13:52:45 UTC 2017 x86_64
Boilerplate: All mail to my mailbox is automatically deleted.
There is no point trying to privately email me, I only get to see
the messages posted to the mailing list.
Damn, I didn't mean to press *that* button!