this post was submitted on 29 Jan 2024
106 points (96.5% liked)

Technology

58663 readers
4394 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
L3s
[email protected]
[email protected]
[email protected]
enu
[email protected]
L4s
106
[Corp Blog] What is an evil twin attack, and should they worry you? Alternate title: should you use VPN when connecting to the public WIFI? (protonvpn.com)
submitted 8 months ago by [email protected] to c/technology
20 comments fedilink hide all child comments
 

Comment:

I thought this article gives a balanced view if we should VPN with a public Wifi network, instead of the normal VPN vendor selling fears.

Summary:

Evil Twin Attacks - Not a major threat anymore

What is it?

Evil twin attacks involve hackers setting up fake Wi-Fi networks that mimic legitimate ones in public places. Once connected, attackers can spy on your data.

Why was it scary?

Before 2015, most online connections weren't encrypted, making your data vulnerable on such networks.

Why isn't it a major threat anymore?

  • HTTPS encryption: Most websites (85%) now use HTTPS, which encrypts your data, making it useless even if intercepted.
  • Let's Encrypt: This non-profit campaign made free website encryption certificates readily available, accelerating the widespread adoption of HTTPS.

Are there still risks?

  • Non-HTTPS websites: A small percentage of websites (15%) lack HTTPS, leaving your data vulnerable.
  • WiFi sniffing: Although not as common, attackers can still try to intercept unencrypted data on public Wi-Fi.

Should you still be careful?

  • Use a VPN: Even with HTTPS, your browsing history can be tracked by Wi-Fi providers and ISPs. A VPN encrypts your data and hides your activity.
  • Be cautious with non-HTTPS websites: Avoid entering sensitive information like passwords on such websites.

Overall:

HTTPS encryption has significantly reduced the risks of evil twin attacks. While vigilance is still recommended, especially when using unencrypted websites, it's no longer a major threat for most web browsing.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 19 points 8 months ago

Once you connect to this fake network, the attacker can intercept the unencrypted data you transmit over it, including sensitive information like your usernames and passwords, credit card numbers, and other personal data.

So essentially the blog post says that you should make sure you only use HTTPS does with trustee certificates (padlock and no warning from the browser). This is good advice.

On the "your ISP can see what site you access" now I'm pretty sure that when we're talking about open wifi, which we are, they can register your DNS lookups, IP-addresses and ports used by your computer but that doesn't mean they automatic know who you are, especially if you never logged in with credentials that can be traced to your person.

While VPN, generally speaking, is a good solution it essentially just means that while you might use 15 different open wifi providers during a month (=inconclusive information about you spread among 5-15 different operators), centralizing all your internet activity to one single VPN provider (= extremely conclusive information about you) also has risks and a backside.

Good information on the "Evil Twin problem" but in my opinion the focus should be on educating people on how to recognize when the browser is connected to a site without a trusted certificate and what to do/ not to do then rather than promoting VPN.

An evil twin can easily fake the VPN service, popup a browser window with "https://ProtonVPNUpdate.ru" and a request the use to update the VPN client.

If the user fail t recognize that the site is running HTTP or HTTPS without a trusted certificate there's a risk that the user will follow the instructions from "Proton VPN" ("But it was their logo and it also had PayPal on the site....") and connect to the Evil Twin VPN Server.