Is Public Wi-Fi Safe?
HTML-код
- Опубликовано: 6 фев 2017
- You might want to think twice before signing into that too-good-to-be-true "Free Airport Wi-Fi." It might not be what you think it is.
Hosted by: Olivia Gordon
----------
Support SciShow by becoming a patron on Patreon: / scishow
----------
Dooblydoo thanks go to the following Patreon supporters-we couldn't make SciShow without them! Shout out to Kevin Bealer, Mark Terrio-Cameron, KatieMarie Magnone, Patrick Merrithew, Charles Southerland, Fatima Iqbal, Benny, Kyle Anderson, Tim Curwick, Scott Satovsky Jr, Will and Sonja Marple, Philippe von Bergen, Bella Nash, Bryce Daifuku, Chris Peters, Patrick D. Ashmore, Charles George, Bader AlGhamdi
----------
Looking for SciShow elsewhere on the internet?
Facebook: / scishow
Twitter: / scishow
Tumblr: / scishow
Instagram: / thescishow
----------
Sources:
www.mediapart.fr/en/journal/i...
www.techworld.com/news/securit...
www.zdnet.com/article/european...
www.theregister.co.uk/2013/11/...
mashable.com/2013/08/16/airpor...
www.businessinsider.com/9-citi...
www.pandasecurity.com/mediacen...
www.clickorlando.com/news/hack...
www.pcworld.com/article/244012...
• Video
www.digitaltrends.com/mobile/h...
www.usatoday.com/story/tech/20...
www.welivesecurity.com/2015/09...
www.welivesecurity.com/2014/11...
arstechnica.com/security/2015/...
• Public Wi-Fi: A gatewa...
arstechnica.com/security/2015/...
lab.getapp.com/why-https-matt...
www.consumer.ftc.gov/articles...
security.stackexchange.com/que...
security.stackexchange.com/que...
this is actually a really helpful video for people who don't understand stuff like this
Molly its actually not. its completely useless for man in the middle attacks. If you are out, use your cellphone's internet intead of a public wifi. that or make an ssh tunnel to you home pc and check that your pc fingerprint is actually your pc's fingerprint, else it could be fake.
the easy way is dont do important stuff connected to wifis you dont know or cant trust to be completely untapped. (like open wifis)
Laharl Krichevskoy Since when do cellphones make Wi-Fi? Do you mean data?
IHateNumbers234 i believe it means you can create a hotspot connection( or Wifi) through your phone.
Gorzoid implying the user actually ensures that their page is served over HTTPS and that they aren't redirected to another site.
Gorzoid the dude is right. you can easily spoof a https cert and inject your own. the lock will appear on chrome but it would be the hacker authenticating you. unless you check the CA the hacker can use yours and his keys to decrypt then pass it to the original destination. aka man in the middle.
It's safe if you are the hacker.
Robert Ellis kekekekeke
That isn't hacking tho
SDD525 not if you are behind 7 proxies
I'm the one who knocks
Because hackers know how other hackers work and how to protect yourself from your own attacks. Little is more embarrassing than having someone hack you to get data you hacked off someone else.
Public wifi with password does not mean encryption takes place within the network and does not make it safe.
Password protected wifi uses encryption between the router and client. WEP's encryption, TKIP, and AES are the most common. If there is end-to-end authenticated encryption then the local network doesn't matter.
DerMauch - Bärtiges Wissen! still it does not protect you from man in the middle attacks.
wherever you connect to, you are trustung your connection isnt being tapped into. if you dont verify your destination is the actual place you wanted and not a fake then encryption or not means nothing. All of it can be faked because for https or vpn, no one checks whether the fingerprint is the actual fingerprint and not one from china scammers inc.
@Laharl: The whole point of certificate authorities is to not need to check fingerprints. Https can not be faked unless someone happens to mess with the client directly (like superfish did).
@Undefined User: It does not. Once you are in the same network, man in the middle attacks or tapping traffic is the same as if there were no password.
DerMauch - Bärtiges Wissen! just send the computerphile video to these guys.
But what about free waifu are they safe?
Make sure they're not a Yandere, and you're fine.
tsunderes are annoying too, avoid them as well
No, as about fifty other people have been with her. Tons of STD's.
parasite159 what if it's a compilation of 2 girls 1 cup, is it something I don't mind hackers seeing?
Did you check if she have a little lock on the neck ?
Why is there so much hate against her? I like her.
HaiImDan i really have no clue o...o she doesn't seem any better or worse than the others
Some people don't like her. Simple as that. But it's more common to not like her than to not like Michael or Hank or Reid or Caitlin, for reasons I'm sure you can look for yourself.
HaiImDan me too, her voice is great, I don't see the problem.
she just hops a lot and makes everything sound like a question.
and sometimes Homophobia.....
Watching this video on public wifi lol
You are probably fine. First, if you can get connection to this video, the wifi is likely real, not a fake one. Second, the connection to RUclips is encrypted, so no one can tell what you are watching (unless they look at your screen).
Neodymium Animations and Gaming Also, if someone's using a mobile hotspot to make a "fake wifi" there, and you're watching hi-def RUclips...let's just say they're gonna pay a lot for all that cellular data...😈😈😈
Rohen Giralt Unless they have Unlimited data 😛
Gangster FastForward lmao I commented that 3 years ago haha
Guys is it bad I just used the public WiFi for a few seconds and i didn’t go on any sites or apps
I worked at a paintball field, A PAINTBALL FIELD, where I overheard a mother ask if we had wi-fi. The owner said, "No we don't, sorry about that." Her response was to scoff and say, "Really?" in a sarcastic tone. People really do expect that they can get wi-fi EVERYWHERE.
To be fair, people expect free electricity, heating, and running water EVERYWHERE too.
Shiro Amura Somebody hasn't gone outside in the real world.
I already know from the dislikes who is hosting...
Yeah, that's kind of a bad sign, isn't it?
sounds bad but true
Well, another reason for me to leave a like
HimKioo i suppose you sound like Morgan Freeman
TOTAL XxOWNAGExX Noice!
I almost never let my Wifi go anyplace public without me, usually I keep her in the kitchen where it's safe.
;)
Master Therion
.. what??
Master Therion "wifi" "wifie" "Wife"
Master Therion lol
Same with my wifi. It is inside my house. :)
+Master Therion
ohhh so YOU'RE the reason why your wifi loves having hackers visit her in the kitchen Looool.
She's right, you're a jerk. They know more about her than you ever cared to know ♡ lmao.
It's always bugged me how they say "keep these answers coming" instead of "keep these questions coming"
They say it that way because the Patreon donations are literally what is keeping the answers coming - meaning, they are paying for the videos answering the questions to be made. Hence why they chose to word it that way.
Scishow wouldn't be able to make most of their videos without the support of their Patreons, so they're sort of saying "Thank you for supporting us and letting us do what we do, you're the driving force behind these answers."
vicente alvarado -No money = no answers. The questions may keep coming whether or not they get financial support. The financial wherewithal to research and produce the answers comes from patreon.
vicente alvarado -No money = no answers. The questions may keep coming whether or not they get financial support. The financial wherewithal to research and produce the answers comes from patreon.
vicente alvarado I always had the same problem with that, great to see it's not just me.
I remember, once I used someone's wifi to download Food Fight 15 times till, The signal left and I see a guy walk out really mad. Made my day. :D
Lava Cynical thats probably a hotspot and you just ate all the data 😂
We need cyber security classes in highschools.
public wifi is about as safe as a public glory hole
and takes ten times as long
You know, I've always thought Identity Theft and Herpes had a lot in common. Irritating, possibly debilitating, subject to irregular flare-ups, and something you'll have to be aware of and manage constantly the entire rest of your life.
Do you prefer to use private glory holes?
Umm ok? How many people actually know how to fuck around with public wifi? The answer is not very many, and that number keeps getting smaller as the vulnerabilities get harder to exploit, so no it not the same as a glory hole. Anyone seeing a dick peeking through the hole has a variety of options like chopping that dick off
i think op meant they could both give you a virus. the possibility of someone just waiting around to chop another person's genitals off is about as likely as hacking top secret government files at your local starbucks.
That's why I always just use my Mobile Internet instead of using slower wifi networks.
Smart move. You should also make sure that your wifi and bluetooth are turned off if you are not using them.
You should also make sure to throw all electronics away
Is Mobile Internet encrypted?
Andrew, what about ghost hacking? :O
No it's not, and you can man-in-the-middle attack it (as shown in Mr Robot S02). But it's extremely unlikely, especially compared to wifi MITM.
Do a Tesla mini-series covering all his inventions and discoveries.
this post will be posted on all future videos until we get the mini-series.
Don't do that. Unless I remember to make this reply again, I probably won't.
Oh god no don't be one of those guys
This is spreading like a decease XD
+iAnte NO! TESLA WAS A GOD! HE WAS THE SMARTEST MAN IN THE WORLD! WORSHIP HIM!
You mean one of those kinds of guys?
Ok request with a horrible, horrible announcement of spam. Just don't.
short answer: no.
Well, it's safer with encryption. Even safer with 2-step verifications.
safer and safe are 2 different things
And you are right. But the more security measures you have, the less likely you are to be hacked.
I don't think encryptions that most websites used can be easily hacked.
Most hacking happens with phishing attack, where hacker send you an infected file that steals password from your computer, not through wifi.
I deal with reports of identity theft and phishing emails received by our clients as part of my job at a financial institution. I can tell you the phishing attacks I see generally don't even have viruses in them. They're pure social engineering.
Four easy tips to avoid those scams:
EDIT: Wow, the bit below came out way longer than I expected. I tell people variants of that WAY too much. It just popped right out there.
1) Always, and I mean *ALWAYS* check the actual Name@Domain.com email address. Phishers will mask it behind something realistic-looking, but it will almost always be a free service or some janky domain.
2) Any bank worth its salt will customize their emails. That means that if it's legit the email will use your name and give you an account reference. Any "security alert" that says 'Dear Customer' and/or doesn't specify what account the problem is with is just plain fake.
3) No bank with security protocols that are up to snuff will use embedded links to their website. EVER. This is because phishing exists and there should be NO confusion. They'll simply tell you to go to their website or call. Embedded link = fraud.
4) Never, EVER call a number listed on an email or letter that you're concerned about. Look up a contact number independently and call that.
*ADDENDUM TO 4:* Not all bank numbers are published or made publicly available. Just because the number you see on a letter/email isn't the one listed on the bank web-page doesn't absolutely mean it's fake. Call a known-good contact number to confirm if it otherwise looks plausible.
That story at the beginning is goals for a hacker.
One other thing: if you login to a compromised wifi network https can also be hijacked, they can redirect certain https traffic through their own fake server at the same https url as the real site and see everything you send. If this happens, most modern browsers will detect it and will show a red warning next to the URL or a message about a bad certificate (altho sometimes it will warn for a legitimate site that has forgotten to update the cert).
Yes and this is why everyone should used a good browser.
leave the black hats alone.
Rollerz leader emo teens*
Dylans VitaReviews so there emo hackers?
wow you're so EDGY and DARK i'm soo jealous
bit mean to call her names come on now
but seriously hank and michael are ten times as engaging and easy to listen to
11. And the LORD said thou shalt not covet thy neighbor's wifi, and it was good.
J.J. Shank did Gaben really say that? He is wise, indeed.
What about things like HTTPS Everywhere and the like? I appreciate that you guys are trying to raise public awareness, AND that this is a Quick Question, but you're missing some of the important bits...
https everywhere only forces websites to use https if they have it as an option, though they might not use it as default.
HTTPS everywhere ftw.
LeoMRogers https everywhere can also block all http connections.
True, but the point is it doesn't make a website secure if the secure
version wasn't already an option. It's a useful tool, but its not magic.
This is useful info. My Mom and I were having this conversation the other day, but you explained it much better than I.
Start trolling hackers by searching nothing but cute kittens and obnoxious kids
Or just rickroll. In twenty different tabs, on loop.
You also have to be careful with the VPN you use VPN providers can read and or record everything you do so better pay for a good trusted VPN rather than use an uknown free one!!!
Better yet, get a VPS and set up your own VPN.
I never actually thought about this...
Short answer no long answer nnnnnnnoooooooooooooooooooo
unless you use a vpn to encrypt your no into a yes.
kinda.
I dont care about the safe wifi, I came here to watch Olivia :)
Druid Agel you're creepy.
Armadillito you are right.
Do you think you could do a video on cerebral aneurysms? I had one rupture at 19 and I think it would be great for people to know about them!
Olivia gordon you look great today. keep up the amazing work.
I was at the mall yesterday and was ordering something from amazon and now I can’t sign in my amazon and my email is acting up, do you think I got hacked?
I feel like I... should've known that.
Thanks for this video! haha
I had my Twitter password stolen from a fake free Wi-Fi network.
You might argue that matters quite a bit. How much of today's society is based on how everyone sees you? Allowing someone to pose as you, or to sign in to things you used twitter to authenticate for, is definitely a real problem.
Two-step verification with Authy authentication man
Can you make a video that differentiates how humans process regular sugar and sugar alcohols please 🙏
Would this also go to places that are constantly logged in? Like I have a host of websites I'm constantly logged into that even stay that way when I'm on a separate wifi than the one I usually use. Will they be able to see my password info from that or is that not something they're able to read?
A great use for VPNs is also to get around poorly secured firewalls. A little one called Psiphon is my personal favorite because I have not yet encountered a network that has successfully blocked it.
Your oration has improved dramatically! keep up the good work!
good thing I'm not worth anything.
Same
Cezar Matus you don't have to be. I don't care about interest rates if I'm taking out a loan in your name with no intention of paying it back.
hahaha good luck getting a loan. I fell off a horse when I was 19 and didn't have insurance. 8,000+ in the whole. fucked my credit score up big time.
Cezar still could max out any credit cards or simply go to place that will give out loans to those with a low credit score in exchange for a higher interest rate
Love how simple you made everything
if you are already logged in, are you credentials sent with every page you visit, or just with the log in
like for olivia
+
Nah.
yay in a nutshell I'm a subscriber of yours
You're not, it's a fake channel
I like Olivia, see seems really sympathetic to me :)
Short and informative, well done.
So how do you set up a VPN? I just tried to go to that section on my phone but didn't understand what needed to be typed in or whatever
Wow what an eye opener this video was! Plus she's good, I like her!
Protip: SSH tunneling.
Ironically I'm watching this at the local library.
*laughs at the poor fool who sees my email* I don't think I've ever emptied it in years. 😂
I develop my own wireless protocol with my own hardware instead of a public network.
Ethan Education with blackjacks and hookers!
Nope. I'm an actual software developer.
Too bad you didn't develop your own sense of humor.
First rule of crypto: never do your own crypto. Your most secure best is to use what's already out there.
So you can't communicate with any other wifi networks due to them not using your protocol?
Or are you secretly connecting your devices with the phone lines of all the coffee shops in the world so that wherever you go only you can access their Internet?
Definitely sounds a bit impractical. :P
Olivia Gordon looks so pretty
TOTAL XxOWNAGExX haha I bet everyone who liked his comment was to lazy to say that themselves
Thanks SciShow, that's very useful information. Peace!
This was really informative, great video :)
I like Olivia :)
All her sentences did go up? like asking a question? that's why? she got lots of dislikes?
anti7gn no? they didn't? Sounds like you didn't even watch the video. Good job.
Noel Blackketter that's my question actually.
Did we watch the same video? That's not what I hear.
I did not hear that. It is the frozen snot coming out her nose that made me turn it off.
i didn't notice that, i actually liked the way she talked.
What if you're already logged into a site? For example, Facebook. I'm always logged into Facebook on my phone through the app. Can they get the user/pass just if I go on it, or do they need me to do the actual logging in while connected to the wifi?
That's why I love the Opera browser. They offer a free VPN connection to use at anytime.
Even if the WiFi is password protected, any other user that is authenticated and the network admin are still able to monitor your activities
At your home network too more people than you realise can still know what you're doing, so always use https
Only if the network isn't properly configured. But still, it never hurts to double check that you're using HTTPS before entering any personal information. Don't trust your ISP if you don't have to.
I LOVE YOU OLIVIA!.
If you connect to a VPN, what prevents the hacker from seeing the username and password you used to connect to the VPN?
"is there free wifi here?"
"no sorry."
It was at that moment that Nathan knew, he fucked up
The way she ends her sentences is incredibly graining.
I want to like her so badly, I genuinely do.
But... I ... just .... can't... do it....
Loved the friend holding the door for the hacker.
How does this work with logging in on sites that remember your username and password? Can a hacker see that, before and after you send it, or can no one see it because you are not actually typing it?
Internet safety can be confusing sometimes.... and I'm like a grandma with all computer stuff
Short answer: No
Long answer: No
I'm an oscp
please let other people do videos Olivia...
The short answer is hell no.
*watches this while on free wifi
Stop shaking your hands so much, it's distracting :(
Only under the most desperate of situations have I ever connected to public wifi.
Right, but how do you know if an app you're using (other than a browser) is encrypting your data?
0:35 True story,bro. The attacker doesn't even need to be in the coffee shop. If said shop does have wifi,you can just sniff the packets. This can all be done from a distance.
True. With a good directional antenna, an attacker can sniff your packets from up to a mile away.
A lot of phone apps still don't use https and you can't easily check as there is no browser url input field.
I'm very surprised you didn't say the words "Man in the middle attack" because that is the thing to worry about on an unencrypted wifi.
Holy shit, I can't believe I never thought of this. Thanks for the great idea! 💡😉
Just type something embarrassing like " is it ok to accidentally sneeze in people's coffee"
But what about a real regular wifi of the airport itself? If you connect to that, can a hacker with a laptop still get on your phone/laptop/tablet somehow?
between the robe and the weird hand movements you really look like a jedi
So, how do I make a VPN on my smartphone? Is it an app?
Watching this on a free wifi network at the train station.
Thanks, I found this genuinely useful.
Great topic, glad you guys talked about it!
the little lock next to the "https" can be spoofed supposedly. so it's better to just follow "https" rather than looking for the lock.
i live in an apartment and i was just wondering if i made my wifi with no password and people start using it and i'm setting there spying on them. can i get in trouble for doing that? even if i didn't steal anything? pls someone respond because i'm about to do it.
How do you use a vpn on mobile phone (iPhone) when your school blocks vpns?
if it wasn't for the patreons questions, this channel would be fucking weird if they answered questions from their comment sections
ok, HTTPS are encrypted we can see that by that lock, but what about mobile apps? How to check those?
What's a good free vpn I could use for my laptop? I'm running cyberghost right now, but that whole 5 minute "wait for a free slot" thing is really annoying.
>Wifi without a password means that traffic is unencrypted
Excuse me, wat?!
Don't forget that just because it really is that coffee shop's wifi network or Safeway's wifi network doesn't mean they aren't capturing all kinds of data through your connection, like what sites you're visiting. I'm pretty sure some businesses are already doing this and maybe more.
umm... I may have put myself in danger of being hacked by using a public network like this. what should i do now? is there someone I should report this to?
What about when using apps, like Facebook an IG, is that safe on the free network?
I think I saw a smile at 0:50
Frøken Glattbarbert Stillas-sikkerhetsinspektør nei.
what's a good VPN app for Android phone?
One thing I wish you guys would've touched on is that even if the network is password protected, anyone that has that password can decrypt the traffic with that password, possibly along with metadata that's sent during the handshake. It's not even worth mentioning a password for public wifi.
What about mobile sites with shortened URLs starting with m. ???
The opposite of rogue hotspots is called "war driving"; where someone tries to connect to YOUR hotspot or home network...maybe from a laptop in someone's vehicle in your complex parking lot. Gotta
be careful both ways.
Great video but do you have to talk with the voice inflections of a fourth grader?
Oh no my OCD's going to kick in never stop looking at that lock
VPN's can slow down your speed, and Netflix doesn't seem to work with my VPN, but still it is worth it to know you are safe and not being watched as much