Is HTTPS safe on public wifi? In this article, we’ll talk about HTTPS, the concerns of using public wifi, and how HTTPS makes you more secure (or not).
First, what is HTTPS (and how is it different from HTTP)?
You may already know what HTTPS is. But then again, you may be coming to this security discussion late in the game, and maybe you’ve never noticed that some websites use HTTP while others use HTTPS. Where do you find the HTTP/HTTPS? If you are browsing the internet, take a look at the address bar when you are visiting a website. Here’s a screenshot of what you might see:
HTTP stands for “HyperText Transfer Protocol” and HTTPS stands for “HyperText Transfer Protocol Secure.” This is a bit technical, but an easy way to understand it is like this:
- Computers send information back and forth. They talk to each other.
- When your site uses HTTPS, the computers that need to talk to each other to make the website do what is supposed to do create a unique code to use talk to each other.
- When information needs to be sent one way or another, the computers jumble up the information in such a way that only the computer with the code can understand it.
- In this way, your information is kept safe from hackers. Hackers might be able to get ahold of it, but it would be worthless to them without the code to understand it.
In more technical terms, HTTP uses port number 80 for communication and works at the application layer. When I first learned this, the words meant nothing to me, it was complete and total tech-speak. So I dug a little deeper. Working at the application layer means that the computer spends the bulk of its time and effort in presenting the information to the users who is looking at the screen, without a lot of care for how it gets there from the network or other computers.
Here’s the technical stuff…
HTTPS uses port 443 and works at the Transport layer. And again, this makes little sense to me, though after reading about HTTP I have an idea of what the “transport layer might be.” After some research, I can now report that HTTPS is a part of the HTTP protocol, that works with HTTP and another set of operating instructions called SSL (secure sockets layer). It is the combo of HTTP and SSL working together that makes data safe as it blurs around the world in the interwebs.
HTTP and HTTPS do not address the movement of the data. SSL does not have anything to do with the presentation of the data on the screen to the user. They work together to make the user experience happen and happen securely.
What are the concerns of public wifi?
Public wifi, whether it is protected by a password or not, is by nature, a more crowded space. Many of us are secure on our networks at home simply because we are too small of a fish for a hacker to ever come across and mess with. When we go out into the public and log onto a network where there are many other people, the chances of coming across a hacker increases. The open nature of a larger public network allows for the increased risk of spying or snooping, and the network itself could be connected to compromised machines or devices.
If the wifi is public and there is no password or authentication required, that can be a great place for you to get free wifi, but that lack of password and authentication makes public wifi an ideal place for someone who wants to do bad deeds to do those bad deeds, because it would be very difficult for those bad deeds to be traced back to him or her.
When you use public wifi, you risk someone eavesdropping or spying on your browsing activity, meaning they can access (see) everything you send and receive.
You also risk getting a virus or other infection. If a computer in the network is already infected, and that device has full network privileges, that device can go and infect everything and everyone one else who is connected to the network, and that includes through wifi.
Does HTTPS solve the problem of the dangers of public wifi so that I can use it without concern?
Yes, and no. HTTPS ads another layer of protection to your data while it is whizzing in and out of the network you are on. HTTPS encrypts most of the data, so that it can’t be read by anyone else., for the most part. But even HTTPS might not be enough security on a public hotspot, as some of your data may still be vulnerable. HTTPS unfortunately does not encrypt DNS queries, for example, which could lead to DNS attacks or spoofing.
Using a VPN can be a good option to add another layer of security to shield your data if you have to utilize free public wifi. There are several apps you can try out that are free, such as Turbo, Power, Unseen Online, Fish, Goose, VPNHub, Proton, and more. You’ll find that many tech bloggers recommend against relying upon free VPNs to protect you, as the VPN may also be a target for viruses and malware infections. See, for example, our recent article: Is Turbo VPN Safe To Use?
Remember, HTTPS doesn’t protect your device and the network from the other dangers of a public (and unprotected) wifi hotspot. Even with HTTPS, your device is still vulnerable to infection from viruses, malware, and other bad stuff from hackers who are using the public hot spot.
Is HTTPS safe on public wifi?
If you are asking if HTTPS makes you completely safe to browse around and transfer private and sensitive information on public wifi, then the answer is NO, it does not. It is definitely preferred that you use HTTPS sites only on public wifi if you have to use it, because HTTP sites transfer your data completely unshielded. But by the very nature of an open and unprotected network, you are vulnerable, no matter what you do. I’d avoid public wifi unless you have no choice, and if you have to use it, be careful about what you connect to the network, and what you send over the network.
What are your thoughts or questions about using HTTPS on public wifi, or the dangers of using public and open wifi at all? Let us know what you think in the comments.