Public Wi-Fi Hotspots and VPNs

In recent Security Now podcast segments on VPNs, Steve Gibson reviewed the importance of using VPNs when accessing the Internet through public Wi-Fi hotspots or even Ethernet connections (as for example, those available at hotels). The problem with Wi-Fi is that it can be intercepted, while the problem with even an Ethernet connection is that other hotel guests can run software to capture information and even passwords which are sent in the clear by many programs, particularly POP3 email programs.

Steve’s recommendation is to use a VPN in order to protect the information, at least as it passes through the segments closest to the user where it can be intercepted. There are three basic options:

1. Use a corporate VPN which tunnels all traffic back to the corporate system
2. Use a public VPN service such as Hotspot VPN or PublicVPN
3. Set up a private VPN which tunnels all traffic back to a home computer or router (running a VPN server application).

With all three options, the information is encrypted between the user and the VPN server. Data sent without further encryption, such as SSL encryption implemented by an application, will be decrypted at the VPN server and then will travel in the clear across the Internet. But at least it will be protected during its travel through the portion closest to the user where it may be the most vulnerable.

PublicVPN is much cheaper than HotSpotVPN. HotSpotVPN provides higher grade encryption for those that want it (at a higher cost).

Personally, I don’t trust companies that don’t provide much information about themselves. PublicVPN does not appear to provide a corporate name, an address, a phone number or the names of any of its staff. HotSpotVPN is more forthcoming. Although it looks like a small company, at least you know who you’re dealing with. So, if I had to choose betwen them, I’d choose HotspotVPN. That being said, either company (or any of their competitors that offer a similar service) can, if they wanted to, monitor your traffic once it pass through their Internet connection. So can their ISP. If you feel safer only exposing your data to your own ISP then option #3 is the preferred way to go.