Browsing privacy/security on public wifi networks

[peacemover]

I have a DROID 2, which I absolutely LOVE. Everything I need and then some with functionality, etc. When browsing on the web, checking e-mail, or especially viewing or uploading/downloading media content, I prefer to use a wifi connection, when available.

My question, I suppose, is more of a general question:

Can others, i.e. the owner or manager of a "public wifi" network monitor, log or intercept content users view, download or send, pages they visit, e-mail messages, etc?

Case in point- I work at a hospital where I do overnight on-calls a couple of times a week on most weeks. We are allowed moderate access to the internet during break time during work hours. However, after 8 pm, I am on my own time, unless I get called to an emergency, which I then need to respond to right away.

There is a "public wifi network" provided by my hospital. Should I assume this "public wifi network" is being monitored or is it safe to assume some degree of privacy?

I am not up to anything nefarious, dishonest, dubious or illegal, I am just very protective of my personal privacy and want to know what I should assume can be seen and tracked and by whom. Any thoughts?

 

[pool_shark]

In the age of technology there is no such thing as privacy, especially when using hardware that belongs to someone else.

 

[GeLopez]

it all depends on the equipment and knowledge of the "owner/manager" of the network. so, yes they can see what you do, what you download and where you go on the internet.

however a little better news is that most of the public networks dont have such a talented person.

hope that helped you more than confuse you

 

[peacemover]

Yeah- that has been my rule of thumb, pool_shark. I have a few friends in the IT dept who said it was okay, and our organizational policy doesn't specifically say anything about the "public wifi network"- I have just been very judicious about it. I don't generally access it AT ALL during work hours, and during my "free time" after 8, I only use it for checking personal e-mail, and occasionally Facebook or Twitter- and of course I never divulge any proprietary, disparaging or confidential info about my work.

So hopefully it is okay.

I also occasionally watch some youtube music videos, etc during this "free time." I had figured hey- it's MY time and I am not doing anything bad so there should not be any problems. Is it advisable NOT to use the free wifi provided by an employer even on break or free time?

 

[GeLopez]

it all depends on the employers rules. or, until you get caught.

 

[peacemover]

Well, I asked one of the lead IT guys and he said it was okay, and the policy does not specifically address it. It is not a matter of "getting caught"- I don't want to do anything in the first place that would be considered a violation of policy. Sounds like I should probably check with IT or HR again to get more specific guidance.

 

[pool_shark]

It's the same as using your work email. They own it, it's their network, it's their software, there is no reasonable degree of privacy when using your workplace equipment.

 

[peacemover]

That is what I thought. Like I said, I only access personal stuff on breaks or after hours, and never anything nefarious, etc, but I think, just to be safe and keep wandering eyes out of my biz I may just have to stick with the 3G.

Thanks much for the input!

Sent from my DROID2 using DroidForums App

 

[LocoRon]

The good news: If there is no "sign in" page to access the internet, then the only information they have to track you is your MAC address (which can be spoofed, or "faked"), so it's not like they'll immediately say "oh look, "peacemover" is on droid forums again!"

The bad news: They can see the unencrypted session data, and they can log it. If you go to Droid Forum - Covering all Verizon Droid Phones: Motorola Droid, Droid X, Droid 2, Droid Incredible and Droid Eris, they can see exactly what you see, everything you read. However, this only applies to unencrypted (http://) sessions. Anything sent in a secured (https://) session will appear as nonsense to them (although they can still see what website you connected to, they can not see the actual content). In other words, if it's important, either don't do it on a public network, or make SURE it's an encrypted session (https://).

The worst news: The bad news also applies to ANYONE in the area. Wireless is not a secure medium. The signal is broadcast all over the place, and is extremely easy to intercept. In other words, on those public networks, ANYONE that is within your transmission zone will be able to intercept the data, and anything that is not encrypted (https://) will be plainly viewable.

The takeaway: You should be fine using the public network pretty much however you want, but I would recommend you wait until you get home to do your banking.

 

[torokfam]

Great info...Thanks! Can you guys go one step further? How about when im not on wifi at work but using verizons network to view web or banking. Is it more safe? can my employer see where or what im doing?

 

[pool_shark]

The only way your employer can see what you're doing on your own personal device without being on their network is to have a camera aimed at your device.

 

[random190user44]

The only way your employer can see what you're doing on your own personal device without being on their network is to have a camera aimed at your device.

Disregarding how funny that would actually be in practice....there is such a device where you can listen in on people's phone calls.

Is it possible that there's such a device that can intercept and listen in on your 3G data connection? I think there is. Aren't voice and data treated as the same thing on verizon? which is why you can't do both at the same time? (i might be wrong on that)

 

[LocoRon]

Cell phone networks are encrypted, however, they are not entirely secure.

What this means is your typical wireless sniffer will just gather "nonsense" data, so they can't see what you're doing.

However, GSM and 3G have been cracked. It's not exactly "easy" to decipher this data though, as it requires a 1 or 2 TB (yes, terabyte) key file.

4G should be safe for now.

(I'm not sure if all 3G methods are cracked, or just a specific one... if you're interested in this, you should google it. )