Privacy for me has been incredibly rewarding, but when talking to people who haven't been introduced to privacy, there are occasionally some moments that make it exhausting. One conversation in particular is one that I've had to go through dozens of times, and it always goes along these lines:
- Alice: Why is your phone in airplane mode? / What's your phone number?
- Bob: I don't have a carrier.
- Alice: But you have a phone.
- Bob: Yes.
- Alice: How do you not have a carrier?
- Bob: Phones can come without a carrier.
- Alice: What do you use it for?
- Bob: Everything you use yours for.
- Alice: How do you talk to people?
- Bob: Messaging apps over Wi-Fi.
- Alice: What if you don't have Wi-Fi?
- Bob: Public Wi-Fi is everywhere. If I don't have Wi-Fi, I likely don't need to get in touch.
- Alice: What about emergencies?
- Bob: I can still contact emergency services.
Each time it happens, it has a unique flavor. One person accused me of lying and then fraud. I know people are just curious and don't mean to be rude, but it makes me die a little inside every time someone asks. I've begun trying to sidestep the conversation entirely:
- Alice: Why is your phone in airplane mode?
- Bob: To save battery.
or:
- Alice: What's your phone number?
- Bob: You can contact me with an app called Signal.
People seem to think that a phone automatically comes with a carrier and that it'll stop working if you don't have one. In reality, I'm saving hundreds of dollars per year while avoiding spam, fraud, breaches, surveillance, and being chronically online. People have a hard time coping with those who do things a little differently.
Public WiFi and privacy in the same sentence? lolololol! You use McAfee too?
It's not 2005 any more. Public wifi can easily be used securely these days
Whatever lets you sleep at night.
I'm curious about an example that comes to your mind as you say this. In your view, what is a privacy risk associated with public WiFi use that is not easily mitigated?
SSL stripping, DNS spoofing, captive portal attacks, leaky metadata attacks (which can and have been reported to happen with popular VPNs)
Lest we forget more and more companies are firing their senior devs and replacing them with college grad vibe-coders? Leading to an uptick in exploits and botched code.
Probably the biggest vulnerability is the captive portal. There is no way to verify you're connecting to an official Starbucks router.
And of course there's the zero days we don't even know about.
What if your system has an unpatched vulnerability? You postponed that Windows update, or your Linux kernel is behind on patches, or even your firmware is vulnerable. Maybe you forgot to install the firmware update, or maybe your hardware vendor doesn't support your specific NIC anymore. A compromised router could exploit network-facing bugs to attack you directly.
I personally wouldn't connect to a public router if you held a gun to my head.
Using public wifi with no protections is already pretty secure since most things are encrypted now days. Using a trusted vpn to encrypt all of your traffic makes it almost perfect, since no people in the same network as you can have the faintest clue as to what your doing.
edit: It's probably not almost perfect but definetly far better than using mobile data.