Use a VPN While Traveling?

8 points

4 years ago

A while back there was an HN discussion[1] in which I asked whether there's a consensus that it makes sense to use a VPN while traveling and using public wi-fi in places like airports. The answer I received was pretty consistently that there's no point.

But the NSA has released a document that says: "Accessing public Wi-Fi hotspots may be convenient to catch up on work or check email, but public Wi-Fi is often not configured securely. Using these networks may make users’ data and devices more vulnerable to compromise, as cyber actors employ malicious access points (Masquerading [T1036]1), redirect to malicious websites, inject malicious proxies, and eavesdrop on network traffic (Network Sniffing [T1040])."[2]

So, I'm still unsure about it. For instance, suppose I accidentally use a malicious public wi-fi service masquerading as the one supplied by an airport. I try to go to https://www.somewebsite.com. Would the malicious wi-fi service be able to supply a phishing version of www.somewebsite.com that also uses https? If not, why not?

[1] https://news.ycombinator.com/item?id=28643650#28643995 [2] https://media.defense.gov/2021/Jul/29/2002815141/-1/-1/0/CSI_SECURING_WIRELESS_DEVICES_IN_PUBLIC.PDF

5 comments