Not sure if I used the correct terms but what is the difference in security and privacy between downloading from a public wifi (or a closed wifi; with password) and mobile hotspot (sharing 4G/5G data from your phone to your computer)? Which one is recommended or does it not matter?
Well, using a mobile hotspot will tie the IP address to your phone, so probably not a great idea if your name is listed on the account. Honestly, just use a quality VPN and you’ll be fine with your home connection.
I also did use a VPN on both mobile and computer. Does that change anything?
Yes a VPN will hide your IP address from the server you’re connecting to. The VPN service will still see your IP and may log/record it. You also have to watch out for things like DNS leaks.
Also have to make sure that the public WiFi network one’s device is connected to doesn’t block VPN connections, as was the case at at least one Walmart I tried using the WiFi at.
If you’re using a trusted VPN like Mullvad, it doesn’t matter really.
Edit: I know, I shouldn’t give a shit. But writing a fairly long comment to share my knowledge on this only to see it immediately downvoted without any explanation kind of sucks. So I’m removing this comment and will not interact here anymore.
Short answer: Mobile hot spot (w/ your own cellular device) is preferable to public wifi from a security perspective.
There are other considerations, such as how much cellular data downloads cost to you, what sites you’re visiting, what you’re actually doing, etc. In general, it’s advisable to avoid public wifi if you can, but if you must connect to public wifi, then you should make darn sure you connect to the right network (watch out for imposter networks w/ a legitimate looking name) and use VPN (ideally a paid service) to encrypt your traffic. Even with both of these measures, you’re best off avoiding sensitive activities like online banking on public wifi. If you must do banking or other sensitive stuff, either do it on your phone or wait until you get home.
Hope this helps.
Editing to add: When I initially responded, I’d forgotten which community I was in. In this context, I believe the other responses are better than mine, but I’ll keep mine up in case it helps other readers.
It depends on his threat model and what he’s trying to hide really. Public WiFi is fine, as long as you validate/check the SSL cert it’s using is from your bank and is legitimate. Using public WiFi with a VPN is more secure as long as you trust your VPN provider. If he’s asking these questions, then he’s probably not doing banking though, and should ideally be using VPN+TOR or something similar.
On the public wifi, the operator of that wifi can see any data you pass through their network. They can likely see what sites you visit, but probably can’t see what data you send to and from those sites, due to encryption. Unless they have an account with you, or you provide your information in clearext, they can link your data to your devices, but not to you directly, at least not from your use of the AP. They can potentially link your data to your image on their cameras, and thus your identity.
Your ISP has the same access to your data, but they also have a payment account linked to you, and they regularly cooperate with rights holders and law enforcement.
A VPN can do the same thing as an ISP: they know what sites you visit, but probably don’t know what data you are sending and receiving, and they can link it to your payment account. However, they generally do not cooperate with rights holders, and may or may not cooperate with law enforcement in their jurisdiction. While you are using a VPN, your ISP knows you are using them, but doesn’t know what you are sending back and forth, due to encryption.
If you want to remain as anonymous as possible, use a burner device with no accounts on public wifi.
If you want to avoid harassment by rights holders while you engage in piracy, a VPN is sufficient.
I have this very same question. Guess I’ll just wait for someone more experienced and knowledgeable to enlighten us here in the comments. Sorry if I’m not much help, have a nice day <3
When you use a hotspot from your phone the site/peers/whatever sees an IP that your ISP has assigned to you and could share that with authorities etc.
When you use a WiFi they see an IP assigned to the owner of the WiFi.
Security wise its easier for others in the WiFi to try and fuck with your computer since you are on the same LAN.
So it depends on what you fear the most.
most properly configured public wifi will enable client separation, of course that potentially still leaves lower level protocol and radio attacks.
I have no idea what this client separation is.
As far as I know there isn’t really any client separation on wifi. It’s a shared medium.
At least I don’t see anything preventing you from reading someone else traffic. So anything unencrypted on a wifi is also accessible to any other clients.
I had tools more than 10 years ago that could automatically hijack session cookies on wifi for anybody connected and not using https.
no worries.
the net effect of client separation is that your device sees no other layer 2 devices on the wlan besides the gateway. this would typically be enforced at the frame level by the APs and is separate from any radio privacy cryptography.
a properly configured wireless setup would assume every client is compromised and would also disallow local client-client via source routing or proxy ARP or any other escape options. 100% secure? probably not, but its a non trivial barrier that would have to be circumvented.
as with e.g. broken WEP years ago, there are still options to mess with clients at ~Layer 1 but I dont believe its currently as trivial as it used to be.
Good explanation, a note that most public WiFi will use client separation. Macca’s, starbucks, airplanes etc you will only ever see your device and the gateway. (More for other people that are reading, I assume you know this 😄)
