how to use wifi securely? web:https? emailTLS? or is it lost cause?
Linux - Wireless NetworkingThis forum is for the discussion of wireless networking in Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Distribution: antiX, Mageia, OpenSUSE, etc... I multi-boot
Posts: 36
Rep:
how to use wifi securely? web:https? emailTLS? or is it lost cause?
If I understand it right, using a free fifi connection at some "Internet Cafe" can expose my data to the owner of the cafe...
I think (but don't know for sure) that by carefully using trusted https: websites, the data transfered to/from the website is protected by the encryption even from the owner/operator of the wifi connection?
I'm less certain of what happens if I use a mail client like alpine to connect to an IMAP account via a TLS connection. would the owner/operator of the wifi connection be able to read the email, (body, header, or even just the so called envelope)???
If I understand it right, using a free fifi connection at some "Internet Cafe" can expose my data to the owner of the cafe...
I think (but don't know for sure) that by carefully using trusted https: websites, the data transfered to/from the website is protected by the encryption even from the owner/operator of the wifi connection?
Yes (more or less).
Once you are connected to a public wifi network (including with encryption like wpa2) everyone else that is connected to the same network can see your plain text traffic (as on a LAN also), unless there are measures to separate traffic to individual nodes. This is where end to end encryption becomes important, so that the 'plain text' data is not visible to anyone between you and the server you are talking to. SSL web connections are (currently) reasonably secure in most situations.
It is worth considering though, other network traffic that is not encrypted, like DNS lookups for instance, there is opportunity to read (or spoof) DNS data.
Utilising VPN's or SSH tunnels to provide a secure encrypted connection to a trused server and sending all traffic via that, is a way to further reduce risk.
Quote:
I'm less certain of what happens if I use a mail client like alpine to connect to an IMAP account via a TLS connection. would the owner/operator of the wifi connection be able to read the email, (body, header, or even just the so called envelope)???
No. That is the whole point of Transport Layer Security, the entire connection is encrypted.
Assume that wireless, by itself, is insecure .. even if the access-point you are connecting to uses WPA2 or something else.
For that matter, assume that an ethernet cable is insecure, too, because that traffic can rather easily be "tapped," too.
Use tunneling technologies such as VPN to encrypt the traffic. Then, it doesn't matter who "taps the wires" nor by what means they do it: the traffic itself is unintelligible.
Moved: This thread is more suitable in <Linux - Wireless Networking> and has been moved accordingly to help your thread/question get the exposure it deserves.
Distribution: antiX, Mageia, OpenSUSE, etc... I multi-boot
Posts: 36
Original Poster
Rep:
Quote:
Originally Posted by descendant_command
Yes (more or less).
Once you are connected to a public wifi network (including with encryption like wpa2) everyone else that is connected to the same network can see your plain text traffic (as on a LAN also)
(wpa2 on a public wifi??) OK about that, and the LAN...
Since I can be sure that nobody else on my LAN at home even knows the difference between encrypted and non-encrypted data... {win xp user who needs my help to fix desktop icons that launch firefox at a bookmarked site if the bookmark goes stale (for example)} And since my laptop (to which nobody else has access) is only device on which I ever installed my wpa2-psk key. So I'm not too worried about that on my local LAN. It's when if I bring my laptop elsewhere...
Quote:
Originally Posted by descendant_command
It is worth considering though, other network traffic that is not encrypted, like DNS lookups for instance, there is opportunity to read (or spoof) DNS data.
Spoofing is why I like that my bank does two stage authentication with a private personal image that they display at the 2nd stage login prompt...
Quote:
Originally Posted by descendant_command
Utilising VPN's or SSH tunnels to provide a secure encrypted connection to a trused server and sending all traffic via that, is a way to further reduce risk.
Don't suppose there are any truly trustworthy free VPN providers out there?
Quote:
Originally Posted by descendant_command
No. That is the whole point of Transport Layer Security, the entire connection is encrypted.
Good! That is what I thought it was supposed to mean... But I wasn't sure that the so called envelope was also protected.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.