This is a critically important distinction to make, and it’s one I’m afraid many people misunderstand.
Become a Patron of Ask Leo! and go ad-free!
Wi-Fi security, or lack thereof, exists in the wireless connection between your laptop and the Wi-Fi access point.
An open Wi-Fi hotspot is not secure, period. It doesn’t matter what happens after you connect.
The Rule: if you didn’t have to enter a password in Windows or on your device simply to connect to the network, you are not on a secure network.
If you see a log-in or Terms of Service page — and by that, I mean any page in your browser with pictures and text asking you to log in or confirm acceptance of some terms of service — then you have already connected to the network. The network is displaying that page.
You’ve connected to the network and probably the router; it’s just not letting you get any further until you log in or accept terms.
If you can connect without giving Windows a Wi-Fi password, and you can see anything in your web browser — even that log-in page — then it’s an open Wi-Fi hotspot and it is not secure.
It doesn’t protect you; it protects them
If the connection isn’t secure, what’s that log-in page or “terms of service” all about?
What you’re seeing is called an “interstitial” page that has nothing to do with technology and nothing to do with security. It’s about liability.
Technically, it’s called a “captive portal”, as it “captures” your connection and forces you to read and respond to that intermediate page before you’re allowed further.
Take a close read of the words on that log-in page. Chances are, all you’re doing is agreeing to the terms of service. The wording and specifics vary, of course, but in general, by clicking on “I Agree” (or whatever the button says), you are stating that you:
- Won’t download porn
- Won’t use it for anything illegal, like downloading copyrighted material (such as movies)
- Won’t use it to stream “too much” information, flood the network, or adversely impact other network users
- Won’t use it … well, in whatever ways the network provider doesn’t want you to use it
Obviously, they can’t prevent you from doing that kind of stuff. But it does allow them to kick you off, and potentially even prosecute you, if you don’t follow the terms of service you agreed to.
So they force you to agree to those terms of service if you want to use their open Wi-Fi hotspot.
That’s all it is. It doesn’t protect you at all. It protects them.
So, if this log-in or accept-the-terms page has nothing to do with your security, how do you protect yourself?
Simple. Take all of the usual steps to use an open Wi-Fi hotspot safely.
Or, don’t use the open Wi-Fi hotspot at all. Instead, provide your own, more secure alternative.1
If you found this article helpful, I'm sure you'll also love Confident Computing! My weekly email newsletter is full of articles that help you solve problems, stay safe, and give you more confidence with technology. Subscribe now and I'll see you there soon,
Footnotes & References
1: I typically use my mobile phone or a device to connect to my mobile phone provider’s data plan. That hotspot uses WPA2 to secure the connection, which requires a password before you can connect and see anything.