I don’t like to do financial stuff using my MacBook or iPads over WiFi connections in motels; I just use my phone over cellular to check balances and if there is a problem I call them.
I don’t even check my email on bare public WiFi or in hotels. I use a VPN to prevent the ViFi contractor from siphoning off any information they can sell, such as, email addresses, email contents.
If you use Google, however, it captures everything. It is the end-point of your connection, of course.
When I was recently in a hotel in Tokyo, Google news headlines insisted on showing me the headlines for Asian news outlets, even though location services were OFF.
So, yes, be careful about checking your financial accounts on the road.
Financial accounts and email (and most website traffic) is encrypted, so someone on a public WiFi network can’t see any of your data. The fact you got local headlines is because the IP address you were connecting from is in that location. It doesn’t require inspection of the data you’re sending/receiving.
For many years I have been using an iPad with a Gigsky mobile data subscription when travelling. It works well in Japan. I Hotspot this to my iPhone and Macbook instead of using hotel wifi.
The latest iPads have e-SIMs for this but I use an Apple SIM card with my ancient device.
Actually I was connecting through a VPN, so it shouldn’t necessarily be a Tokyo IP address. Maybe the VPN automatically used a local server? I’ll have to check.
When you log in to an email provider, the login information isn’t necessarily all encrypted. It depends on the protocol used by your email host. For many years my home ISP (Spectrum) used a simple, unencrypted login - no TLS! Recently it was upgraded, but you have to re-initiate the account to set the updated protocol.
OK, I’m paranoid! Be careful, everyone!
I won’t try to convince you otherwise, but IMO, as long as the bank’s site use HTTPS with a strong cipher (as most should, these days), the fact that the Wi-Fi network might not be secure should be irrelevant.
Someone snooping the Wi-Fi may see that there is traffic from your computer to the bank, but they shouldn’t be able to get anything beyond that. With most sites, including search engines, using HTTPS, I think the dangers of public Wi-Fi are not nearly as bad as they were in the past.
This shouldn’t be possible if the sites you visit use HTTPS connections. You definitely want to make sure the site is adequately secure, and you want to look for security alerts that may indicate a compromised network, but unless you’re visiting sites using unencrypted links, someone snooping the network should only be able to the IP addresses of the sites you’re visiting (and maybe their hostnames). The content of your session shouldn’t not be available.
I don’t disagree that it would take more than one compromise to get past the protection of HTTPS.
I admit I’m a person who worries excessively.
That isn’t good! I wouldn’t be comfortable using an email provider that was still using plaintext passwords, whether or not I’m on public WiFi (but, yes, in that case public WiFi could be risky).
While use of https is a basic requirement for privacy and security on any type of connection to the Internet, wired and wireless, using public Wi-Fi still requires caution. Why? Because it is difficult for most users to ensure all components of a webpage and a website use encryption. Something as simple as a session ID embedded into a URL can give criminals information to exploit. Further, commercial websites have become very complex, with multiple teams and companies involved in coding, data storage, and functionality.
So, I think the safest practice is to avoid doing anything sensitive or private on public Wi-Fi if possible. If not, use a Wi-FI network security scanning app before logging in to websites (such as https://www.sophos.com/en-us/products/mobile-control/intercept-x) and a trustworthy VPN.