“Ask a security trainer” is the advice column where digital security experts at Freedom of the Press Foundation (FPF) answer your burning questions at the intersection of journalism and security. Submit yours here!

Dear DST,

I occasionally talk with sources and journalists using Signal (both desktop and mobile), and I mostly use Google Drive for work.

Can I trust public Wi-Fi networks, or should I only rely on a personal hotspot while traveling or commuting?

The monthly subscription that includes an unlimited personal hotspot is not cheap, and sometimes I want to upload/download big files on the go that can exhaust my cellular data package.

What are the acceptable trade-offs for using public Wi-Fi (security vs. convenience)? And are some Wi-Fi networks safer than others, i.e., a shared working space for members only (like my gym, for instance) versus a train or airplane network?

Are there diagnostic tests or signs that the layman can run or look for to understand a network’s security before using it?

And in case I do use a public Wi-Fi, does a VPN on top of it provide any layer of security at all?

Signed,

PHIL (Personal Hotspotter in Limbo)

Hi Phil,

Let’s go through these concerns point by point:

Can I trust public Wi-Fi networks, or should I only rely on a personal hotspot while traveling or commuting?

That depends on what exactly you are ultimately trusting the Wi-Fi network with. If you’re using Signal or Google Drive, there’s not much a random Wi-Fi network operator can do to realistically surveil or tamper with your files or messages on those platforms. Google Drive encrypts your connection to them with in-transit encryption, hence the https:// in the browser address bar when you use it. Google can still see what you’re up to on its platform, of course.

Signal goes even further, in that it end-to-end encrypts your messages on the platform, so neither the Wi-Fi network operator nor Signal itself can read your messages there. In short, there’s no need to trust the Wi-Fi network because it probably can’t see any of your files or messages anyway. It can only see that you are connecting to Google, Signal, and other websites and apps you use, and that’s about it.

What are the acceptable trade-offs for using public Wi-Fi (security vs. convenience)?

If you do mind that a Wi-Fi network operator can see what websites or apps you are connecting to, that would be where you may want to avoid using that Wi-Fi network, or connect to it and turn on your VPN.

Are some Wi-Fi networks safer than others, i.e., a shared working space for members only (like my gym, for instance) versus a train or airplane network?

If the Wi-Fi network is open, meaning your phone or computer does not ask for a password before you can connect to it, there is an additional risk that users of that network, in addition to the network operator, can see which websites and apps you are connecting to, but not much else. Whether it’s in a gym or train station doesn’t really matter.

Some Wi-Fi networks in schools and corporate campuses require installing a certificate onto your phone or laptop to connect. This is usually used to bolster authentication, i.e., make it difficult for someone to just borrow a password to connect to the network. In rare cases, however, you may be asked to install a root CA certificate. Our advice: Don’t. But if you have to, use a modern, third-party VPN that you’ve set up before connecting to that network, to help protect your privacy in that specific situation, assuming it’s not blocked on that network.

Are there diagnostic tests or signs that the layman can run or look for to understand network security before using it?

Sadly no. There’s not much that can be seen without more invasively poking at network equipment, which may draw some unwanted attention from that network’s IT or security staff.

And in case I do use a public Wi-Fi, does a VPN on top of it provide any layer of security at all?

A properly configured VPN can help ensure that the Wi-Fi network operators and/or users can only see that you are connecting to a VPN, but not much else. However, the VPN will now be able to see what the Wi-Fi network would otherwise see, so it’s important to make sure the VPN is trustworthy. Check out our guide outlining what we look for in a VPN.

Hope this helps!

David Huerta