All public WiFi has this in common: It’s someone else’s network, and you can’t easily know whether it’s safe or not.
- Are the network devices configured correctly?
- Are they up-to-date with their security patches?
- Is someone actively exploiting that network as you access it?
- Is the owner of the WiFi network tracking you and selling that data?
Your best bet is to avoid using public WiFi altogether. Instead, use the mobile hotspot provided through your mobile carrier, or tether your laptop to your mobile device.
The whole situation is like a city swimming pool. Just by looking at the water, you can’t tell if it’s clean. You’d need to test the chlorine levels and other factors to know for sure.
Here’s a recent example of a WiFi exploit named KRACK.
Serious flaw in WPA2 protocol lets attackers intercept passwords and much more
What’s the risk? Attackers within radio range of vulnerable device or access point can intercept passwords, e-mails, and other data presumed to be encrypted, and in some cases, to inject ransomware or other malicious content into a website a client is visiting. Not to mention the ability to directly prove your computer for weakness to exploit.
Will SSL/TLS solve the problems? No:
“Although websites or apps may use HTTPS as an additional layer of protection, we warn that this extra protection can (still) be bypassed in a worrying number of situations,” the researchers explained. “For example, HTTPS was previously bypassed in non-browser software, in Apple’s iOS and OS X, in Android apps, in Android apps again, in banking apps, and even in VPN apps.”
Will using a VPN solve the problems? Only if you’ve chosen carefully. For example, in one…
…comprehensive study of almost 300 VPN apps downloaded by millions of Android users from Google’s official Play Market finds that the vast majority of them can’t be fully trusted. Some of them don’t work at all.”
Since many of the providers are cross platform, these results are likely true for other devices as well.
Majority of Android VPNs can’t be trusted to make users more secure
Again, your best answer is to use a mobile hotspot provided through your mobile carrier, or tether your laptop to a mobile device, and avoid using public WiFi altogether.