Wi-Fi security is a very different thing at home and away.

Wi-Fi networks that you setup and control, be it at home or in a small business, start with an assumed safe group of users. The main security objectives, which I wrote about last time, are two-fold: encrypting data traveling over the air and keeping outsiders out.

On a public wireless network you also need to be concerned with encrypting data coming into and out of your computer, but the solutions are very different. On top of this, public networks add new threats because you are now sharing a network with total strangers as opposed to a trusted group.


Encryption is easy on your own network but a major pain on a public network. Home networks configured with WPA (more technically WPA-TKIP) or WPA2 (more technically WPA2-AES-CCMP) get their encryption for free, so to speak. As a user of the network all you need to do is enter the password and everything is encrypted.

No fuss. No muss.

Public networks typically don't use WPA or WPA2, leaving you to roll your own when it comes to encryption.

The simplest solution is to use secure HTTPS web pages. For example, when I'm traveling for short periods of time, I use secure webmail for my email rather than Thunderbird, my preferred email software.

However, some webmail systems only encrypt the page where you enter your user ID and password. They do not encrypt the pages where you read and write messages.

Yahoo falls into this category. Both their free "classic" and "new" webmail systems send email to you unencrypted.

Even Yahoo's Mail Plus system doesn't encrypt all webmail pages.

Gmail swings both ways. By default, it will encrypt only the login page, but there is an option (Settings -> Browser Connection) to encrypt all webmail pages. Earthlink customers are fortunate, their webmail system serves up all pages using HTTPS.

One problem with secure web pages is recognizing them. Only techies are constantly attuned to HTTP vs. HTTPS. Firefox users can force the browser to display a green address bar on all secure pages, making them much more visually obvious.

But most web pages are not secure, no doubt including some that you would prefer everyone couldn't tell you were viewing.

And the Internet is much more than just web pages. How can you encrypt everything on a public wireless network?

Answer: a Virtual Private Network (a.k.a. VPN).

Virtual Private Networks

What WPA and WPA2 give you on your home network, a VPN gives you on a public network, encrypting everything coming into and out of your computer. I suspect there are millions of computer users that could and should be using a VPN but aren't aware of it as an option.

VPNs are often couched in brutally obscure techie lingo. In part this is because their market has always been networking techies at large companies.

But no longer. Newer types of VPNs are simpler to employ and are available to a newer audience: you and me.

The classic VPN linked the network in one corporate office to another. Perhaps the most common use of VPNs is for traveling employees to make a secure link back to their home office.

But there is another type of VPN for people who are not employed by large companies and/or who don't have a home office network they need to connect with.

For lack of a better term, I'll refer to them as consumer VPNs.

A corporate or business VPN treats the entire Internet as the enemy and encrypts everything between the traveling employee and the home office. A consumer VPN only treats the immediate area (typically a public wireless network) as the enemy. That is, the goal of a consumer VPN is to offer the same level of security you would have at home by using a wired Internet connection.

Thus, a consumer VPN encrypts everything between you and the servers of the company offering the VPN service. After data gets to the VPN company's servers, it is decrypted and dumped on the Internet.

To illustrate, assume that you are in Boston using a VPN service from a company in Virginia and listening to a radio station streaming from California (again, a VPN encrypts all traffic, including streaming audio). Data coming into your computer travels unencrypted from California to Virginia. The VPN company then encrypts the data (your favorite radio station) and sends it from Virginia to you in Boston. Software on your computer then decrypts the data.