Why you should use a VPN on a public Wi-Fi network

A VPN effectively prevents even a network operator from peeping your activities.

group of hackers in digital environment
Natasaadzic / Getty Images

When you connect to a free or paid public Wi-Fi network, you may notice that some redirection takes place. Instead of taking you to a website you intended to visit or retrieving your email, Apple cleverly inserts a Wi-Fi portal pop-up or screen in both iOS and macOS. On that screen, you can login or agree to terms and conditions for use of the network and proceed.

Apple makes this portal page appear when your iPhone, iPad, or Mac can’t reach an Apple site directly after you joined that network. The operating system understands that something is standing in your way, and it’s almost always a portal page that Apple can repackage to make it easier for you to spot.

mac911 captive apple portal IDG

Apple tests whether it can connect to one of its domains to see whether there’s a portal in place on a Wi-Fi network.

But should you worry that the network operator—whether a mom-and-pop coffeeshop, a hotel chain, or a corporate entity offering free access—can peep your data as it flows over what is, truly, their network?

Not really, and I’ll explain why. However, if you have lingering concerns, a virtual private network (VPN) subscription will alleviate them. Let me first explain why you have little to fear, and then go into VPNs.

Redirection isn’t a hijack

The redirection at a Wi-Fi portal happens at a very coarse level. Whoever is running the network blocks devices it doesn’t know about until they prove themselves, effectively cutting off the internet. However, once you pass the test—clicking a button, logging in, or entering payment—the redirection ends, and you have unfettered internet access.

But it’s also worth considering whether these unprotected and often barely-managed or barely-monitored networks might have snoopers on them. That could be someone sitting in the corner of a café, though that’s unlikely. It’s more probably that if you’re on a compromised network, it’s a computer on the network with malware installed that’s trying to grab details, or a router has been updated to include virus-laden firmware.

wireless symbol Thinkstock

The good news is that it’s unlikely that a compromised network that’s trying to grab details from users will get much information these days. Due to leaks about national-security apparatus data interception in the U.S. and other countries a few years ago, the vast majority of companies that provide email, search, and even content-based online services have switched to encrypted web, email, and app-based connections. (Financial, lega, medical, and ecommerce sites got wise years ago. If you have one that isn’t using encryption for everything, stop using it!)

A malicious party can’t just insert themselves into a secured connection by impersonating a website or email server or what have you. The encrypted connection relies on validation that’s baked into Apple’s operating systems and into third-party browsers, like Firefox. If someone tries to intrude, your various software will throw up alerts, like an “untrusted connection.” Stop and run away from that site until you find out what’s going on. (That’s distinct from phishing emails that try to get you to visit fake sites and enter real details.)

If you get such a warning more than once at a physical location on its Wi-Fi connection, if you have the time and can find someone there who cares, let them know.

Try a VPN instead

Some people simply don’t want the potential for any of their networked data to be examined, whether the contents of it are secured or not. For instance, a third party scanning a network could determine what sites you’re visiting, even if they can’t figure out what pages you retrieve or see the information you submit or get back in return.

That’s where a VPN comes in. A VPN typically encrypts all the data entering and leaving your computer or mobile device by routing it all to a server elsewhere on the internet in a secure data center. Even if most or all of what you do already uses an encrypted connection, the VPN wraps another layer around it, providing more anonymity in the location you’re in and more privacy overall.

You can configure most VPNs to turn on automatically whenever you’re on an unknown network, or one you’ve marked as public or untrusted.

A VPN typically costs from about $4 to $10 a month depending on features and how much bandwidth you think you’ll consume. If you spend a lot of time on networks that you don’t control or ones run by your work, unlimited plans are available.

Fellow Macworld writer Seamus Bellamy rounded up the best VPN services for Mac and iOS users earlier this year, and our colleague Ian Paul at PCWorld took a slightly different look at criteria in October 2018.

This Mac 911 article is in response to a question submitted by Macworld reader Åse.

Ask Mac 911

We’ve compiled a list of the questions we get asked most frequently along with answers and links to columns: read our super FAQ to see if your question is covered. If not, we’re always looking for new problems to solve! Email yours to mac911@macworld.com including screen captures as appropriate, and whether you want your full name used. Every question won’t be answered, we don’t reply to email, and we cannot provide direct troubleshooting advice.

  
Shop Tech Products at Amazon