Plus what else might be exposed.
Let me make one important correction to what you’ve described:If you give someone access to your Wi-Fi, you have given them access to your network.
They’re on it.
What they can see depends on a number of things. Chances are they can not see your traffic, but even so — to be blunt, I hope you trust them.
Become a Patron of Ask Leo! and go ad-free!
Perils of sharing Wi-Fi
A Wi-Fi connection is a direct connection to your local network. While Wi-Fi encryption is important, it does not protect you from malicious behavior by connected machines. While there’s a tiny chance network traffic could be exposed, of greater concern is that anything shared on your local network would be accessible to anyone connected. Of greatest concern is the possibility that the connected machine could, inadvertently or otherwise, spread malware.
A Wi-Fi connection
It’s important to realize that a wireless connection — regardless of how your hardware is set up — is a connection to your network. It’s the equivalent to running a cable between the connected machine and your router.
A very common scenario looks like this:
That’s a simple setup where multiple computers are connected to the internet via a single device: a wireless router. Some computers are wired, and some are connected via Wi-Fi.
It’s important to realize that this is exactly equivalent to this:
A wireless router just puts the wireless access point in the same box as the router itself, but in either case, it’s nothing more than a connection to your local network.
And of course, machines on your local network should all be able to “see” each other.
It’s good that your wireless access point is using encryption, but it’s important to realize what it does and does not do.
It does not protect you from your neighbor.
By giving your neighbor the key, the encryption does not affect your security with them at all. It’s as if they were connected directly to your network — because they are. It’s almost the same thing as having given them a wired connection to your router.
The Wi-Fi password (or encryption key) protects only the connection between the computer and the Wi-Fi access point. The key is required to be able to connect wirelessly. This prevents others — people to whom you have not given the password — from accessing your network, and protects data sent wirelessly from being viewed by others as well.
But that’s it.
What’s the risk?
There are three basic risks:1
- If you have computers sharing files or a printer, your neighbor may be able to access those files or print to your printer.
- There’s a tiny risk your neighbor may be able to “see” some or all of your network traffic. I call it tiny because routers typically do not route traffic to computers not involved in the conversation.
- If your neighbor’s computer becomes infected with malware, that malware may propagate to your machines.
To be honest, it’s the last one that scares me the most.
The first two are all about your neighbor’s intention, which in most cases is probably honest and above board and is at least something you can attempt to judge. The latter, however, involves your neighbor’s ability to keep their own system free of malicious software. That’s a risk I’d be reluctant to take even with the best of intentions.
To address your banking concern: as long as your bank is using https, then I don’t see an issue. This encrypts the connection between your computer and the bank, so even if your neighbor was able to see your network traffic, they would not be able to decode your banking conversation.2
So, short of denying your neighbor access to your network, what can you do?
At a minimum, turn on the Windows or other software firewall on every machine you have on your network. The good news is this is the default behavior in recent versions of Windows.
A more secure approach is to use a second router:
The important characteristic here is that there is a router between your local network and the point at which your neighbor connects.
As I often say, a router acts as a firewall, and as such it has a “trusted” side — your local network — and an “untrusted” side — normally the internet — that it’s protecting you from. This setup draws that trusted/untrusted line between you and your neighbor.
Yet another approach is to get a wireless router specifically designed for this application. In recent years, wireless routers have come to market providing two separate wireless connections, one of which — typically called a ‘guest’ network — is isolated from your local network. While the intent is to provide access to the occasional guest in your home, this connection could also be the one you share with your neighbor.
One Possible Legality
Finally, there’s one more thing I want you to look into before you agree to share your internet connection with anyone.
I want you to check the terms of service with your ISP.
It’s very possible — likely, even — that they explicitly prohibit this type of sharing (you’re taking away a potential customer, after all).
While it’s unlikely that they would detect the connection was being shared with a neighbor, if they did, you could be penalized in some fashion.
Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.
I'll see you there!
Footnotes & References
1: Note that on a password-protected WiFi hotspot, being able to access the hotspot does not imply that you can also sniff the traffic of other computers connected to the same hotspot. Even though the password to connect is shared among all users, in WPA and WPA2 the actual encryption key used for each connection is different.
2: However, there are no absolutes. If your neighbor had malicious intent or had been infected with a specific form of malware, he could potentially access your router and compromise even https connections.