It is a well known fact in security circles that if you were to do anything at all over an ‘untrusted network’ you must use some sort of countermeasure to ensure that you are not being watched.
Countermeasures include usually mean encryption that is, some sort of strong encoding that only you and the other party would know.
Free internet can be setup by anyone, any where, and is very hard to verify unless if you happen to be in the know.
Anything passing through it could be intercepted and analysed by the owner. It is giving your enemy a free lunch.
By using encryption, it only makes the analysis harder (if it is a well funded organisation, it may not be as hard)
The other and more important issue is our ‘trust‘ in applications, Dave Porcello CTO of Pwnie Express (company that make ‘interesting’ gear) said, “We just look for apps that work and trust them, because they help get work done”
Applications are created by people, people are not perfect, applications are not perfect.
Application vendors are usually there to make money and do not always focus on privacy but yet we place our trust in them by giving them sensitive information which may include:
- Date of birth
- Geo location
If the application developer is not taking steps to secure this information, then The Enemy will have a field day.
In short, if you don’t need the application, don’t use it. If you ‘do’ need the application, don’t give personal information (or use aliases…remember aliases?)
This article is a good case study:
- Don’t use free internet!
- Use line/network encryption (a VPN does not always use encryption)
- Badger your application developer to make sure their applications are created with security and privacy in mind
- Use the latest version of any application you use