108
[Corp Blog] What is an evil twin attack, and should they worry you? Alternate title: should you use VPN when connecting to the public WIFI? (protonvpn.com)
submitted 9 months ago by Raisin8659 to c/technology@lemmy.world
20 comments fedilink hide all child comments

Comment:

I thought this article gives a balanced view if we should VPN with a public Wifi network, instead of the normal VPN vendor selling fears.

Summary:

Evil Twin Attacks - Not a major threat anymore

What is it?

Evil twin attacks involve hackers setting up fake Wi-Fi networks that mimic legitimate ones in public places. Once connected, attackers can spy on your data.

Why was it scary?

Before 2015, most online connections weren't encrypted, making your data vulnerable on such networks.

Why isn't it a major threat anymore?

  • HTTPS encryption: Most websites (85%) now use HTTPS, which encrypts your data, making it useless even if intercepted.
  • Let's Encrypt: This non-profit campaign made free website encryption certificates readily available, accelerating the widespread adoption of HTTPS.

Are there still risks?

  • Non-HTTPS websites: A small percentage of websites (15%) lack HTTPS, leaving your data vulnerable.
  • WiFi sniffing: Although not as common, attackers can still try to intercept unencrypted data on public Wi-Fi.

Should you still be careful?

  • Use a VPN: Even with HTTPS, your browsing history can be tracked by Wi-Fi providers and ISPs. A VPN encrypts your data and hides your activity.
  • Be cautious with non-HTTPS websites: Avoid entering sensitive information like passwords on such websites.

Overall:

HTTPS encryption has significantly reduced the risks of evil twin attacks. While vigilance is still recommended, especially when using unencrypted websites, it's no longer a major threat for most web browsing.

top 20 comments
sorted by: hot top controversial new old
[-] mindlight@lemm.ee 18 points 9 months ago

Once you connect to this fake network, the attacker can intercept the unencrypted data you transmit over it, including sensitive information like your usernames and passwords, credit card numbers, and other personal data.

So essentially the blog post says that you should make sure you only use HTTPS does with trustee certificates (padlock and no warning from the browser). This is good advice.

On the "your ISP can see what site you access" now I'm pretty sure that when we're talking about open wifi, which we are, they can register your DNS lookups, IP-addresses and ports used by your computer but that doesn't mean they automatic know who you are, especially if you never logged in with credentials that can be traced to your person.

While VPN, generally speaking, is a good solution it essentially just means that while you might use 15 different open wifi providers during a month (=inconclusive information about you spread among 5-15 different operators), centralizing all your internet activity to one single VPN provider (= extremely conclusive information about you) also has risks and a backside.

Good information on the "Evil Twin problem" but in my opinion the focus should be on educating people on how to recognize when the browser is connected to a site without a trusted certificate and what to do/ not to do then rather than promoting VPN.

An evil twin can easily fake the VPN service, popup a browser window with "https://ProtonVPNUpdate.ru" and a request the use to update the VPN client.

If the user fail t recognize that the site is running HTTP or HTTPS without a trusted certificate there's a risk that the user will follow the instructions from "Proton VPN" ("But it was their logo and it also had PayPal on the site....") and connect to the Evil Twin VPN Server.

[-] KpntAutismus@lemmy.world 16 points 9 months ago

using a VPN for literally everything has been a great idea for a long time now.

always assume the hotspot is malicious.

[-] QuantumSparkles@sh.itjust.works 1 points 9 months ago

I can’t seem to find a straight answer of whether I should use Mullvad, Proton, or Tor. Someone help me out?

[-] KpntAutismus@lemmy.world 3 points 9 months ago

i'd say many of these providers largely do the same thing. mullvad seems to be a generally good idea and a popular option.

personally, i'm using expressvpn.

[-] Nollij@sopuli.xyz 3 points 9 months ago

Please stop using Express. Snowden (yes, that one) called out why a while back. It's pretty wild.

Mullvad is definitely the favorite among those that I would expect to have experience. Honorable mentions to Proton and IVPN. There's a big difference in ethics among providers. Given the entire point of a VPN (as a proxy to the external Internet), this is a critical point that can't be ignored. Otherwise you're just trading Comcast's spying for Kape's spying.

I recently switched to AirVPN, since it's one of the few to still support port forwarding.

[-] BearOfaTime@lemm.ee -2 points 9 months ago* (last edited 9 months ago)

This is the answer.

IP lacks security. It was discussed when it was being developed, and decided it required too much overhead at the time (um, yea, sure, right).

Bottom line: no reason today for every connection to not be encrypted. It's trivial for our pocket computers to do.

Edit: haha a bunch of downvoters. Show me any company that doesn't require a vpn/encrypted tunnel to connect to the company from outside? In the 90s, over dialup, SECUREID cards were used to validate a connection - it wasn't encrypted, but being a dialup it at least validated who you were.

Encrypted connections everywhere should be the default.

[-] Nollij@sopuli.xyz 2 points 9 months ago

I think you're being down voted because IP and encryption serve very different purposes in different ways. Look into the OSI model, which is the standard for modern network connectivity. IP lives at layer 3, network. TCP lives at layer 4. Encryption, such as SSL, lives at layer 6. I'm not even really sure how the IP layer would even have security, short of a VPN, which itself breaks the mesh network model.

Also, the Internet and many of its standard protocols were created a very long time ago. TCP/IP was created in 1974. The "Internet" at that point was acoustic couplers and directly dialing your destination, typically a university or major research company.

I agree that all websites should be HTTPS these days. It's why Google has been pushing it (and punishing those that don't) since 2017. But it's built on ancient designs.

[-] kittenzrulz123@lemmy.world 9 points 9 months ago

Tip: If you want to hide your activity use a no logs VPN or even better, something like Mullvad. However, in the end you can't get more private then tor.

[-] KpntAutismus@lemmy.world 3 points 9 months ago

once my expressvpn contract runs out, i'll take a look at mullvad. seems to be the go-to around here.

[-] subtext@lemmy.world 2 points 9 months ago

I can also recommend ProtonVPN. One of the few that still allow port forwarding (made easier when used in conjunction with Gluetun).

[-] felbane@lemmy.world 2 points 9 months ago

Proton is also one of the few with proper P2P support, particularly helpful for those that are increasingly inclined to sail the seven seas.

[-] LinkOpensChest_wav@lemmy.dbzer0.com -1 points 9 months ago* (last edited 9 months ago)

deleted by creator

[-] Proxy@lemmy.imagisphe.re 7 points 9 months ago

He was caught because the FBI was already seeking for him and knew who he was. He made mistakes that revealed his identity, Tor is not to blame here

[-] LinkOpensChest_wav@lemmy.dbzer0.com -1 points 9 months ago* (last edited 9 months ago)

deleted by creator

[-] Petter1@lemm.ee 8 points 9 months ago

Shor answer: Yes, always use your VPN

[-] JustUseMint@lemmy.world 7 points 9 months ago

Only caveat is what site you visit is still visible just not specifically what you did or what page but you can see a user go to Facebook for example

[-] Darkenfolk@dormi.zone 6 points 9 months ago

Thanks for the summary OP, more posters should do it.

[-] magic_lobster_party@kbin.social 6 points 9 months ago

Modern browsers are ringing all warning bells and whistles if a site doesn’t use HTTPS properly, possibly even preventing you to even load the site.

If you’re connecting to an insecure site, you will know.

[-] TORFdot0@lemmy.world 0 points 9 months ago

Even if you use https to browse, metadata such as DNS and destination IP are going to be visible to attackers without VPN.

Should you be paying extra for a VPN just for public WiFi. Probably not, but if you pay for Apple iCloud+ or Google One, you should be taking advantage of the free vpn services that come with those subscriptions

[-] BearOfaTime@lemm.ee 6 points 9 months ago

My recent experience after rebuilding a few computers and installing newer browser versions: 80% of websites give me an expired cert warning.

this post was submitted on 29 Jan 2024
108 points (96.6% liked)

Technology

59144 readers
2404 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
L3s@lemmy.world
L3s@fry.gs
L4s@fry.gs
L4s@lemmy.world
enu@lemmy.world