Security while traveling and using WiFi

Last updated on 2020/08/19


by Janez Troha

I recently attended a conference where I had to stay in a not cheap hotel that had shared WiFi. Being a curious person (as any Mr. Robot fan would be), I wondered how secure accessing the Internet there really is. Well, as you might have guessed, it’s horrible. 

I could see every guest’s device on network, lounge printer and even some hotel guests’ printers. ::shocked::

In this configuration, anyone can inject ads to any page, sniff traffic (credit cards), or run at the moment very popular crypto mining in the browser on any page you visit.

You might be asking yourself at this point, how this affects you (the user), me (the developer) or Easy Blog Networks (the product)?

For starters, Easy Blog Networks staff cannot access the app without “Secure Endpoint”. So, let’s say the staff is traveling (either at a conference or sipping Margarita while watching dolphins swim) and using an insecure wifi, someone cannot just delete all servers or blogs, or get a list of emails from the app.

However, any user or a potential user can still be affected. Previously, everything relied on the user to be cautious. Browser vendors are slowly adding meaningful policies directly to the browser, but they are not enabled by default and each app vendor has to review and enable them.

And this is where Content Security Policy and HTTP Strict Transport Security come in place. As app developers, we can instruct the browser to use Content Security Policy to disallow loading any scripts on a page that are not approved by us.

Comcast injecting ads on a page? Denied.

Starbucks mining crypto coins on our page? Denied.

SEO conference attendee getting list of all your blogs via some clever advertising? You get the idea now. Denied.

And the second even more important one is HTTP Strict Transport Security. This will tell the browser to never load a page over an unsecured connection (HTTP).

I might have gotten you worried now and thinking how to actually verify that using Easy Blog Networks is really safe.

You can check any page using where Easy Blog Networks has “A” score. However, there is still space for improvement, and as always, we are working toward that goal – making users and staff safe.

Happy and worrisome New Year. :)