Kids IT Lab No.9 | Security

Is Public Wi-Fi Dangerous?

Cafés, train stations, convenience stores, airports — free Wi-Fi is everywhere. It's convenient and saves mobile data, but using it carelessly can expose your communications to others. This article explains what makes public Wi-Fi risky and how teens can use it safely.

What Is Public Wi-Fi?

Public Wi-Fi (free Wi-Fi) is a wireless internet service provided by shops and local governments. Opening your phone's Wi-Fi list, you'll see names like "Starbucks_Free_Wifi," "JR-EAST_FREE_Wi-Fi," or "FREESPOT." Most can be used without registration and don't consume your mobile data allowance. Japan's Ministry of Internal Affairs reports that public Wi-Fi hotspots nationwide now number in the hundreds of thousands.

3 Main Risks

What's Safe vs. What to Avoid on Public Wi-Fi For anything involving money, passwords, or personal data — switch to mobile (4G/5G) Action On public Wi-Fi... Recommendation Reading news, maps, or social feeds Read-only actions ○ Safe (if HTTPS) Use as-is Watching YouTube / streaming music High-bandwidth streaming △ Saves data allowance OK to use — good data saver Posting on SNS / sending DMs Requires being logged in △ Traffic is protected OK via official app Logging in to SNS / email for the first time Sends your password × Dangerous Switch to 4G/5G Online banking / mobile payment apps Financial transactions × Never use Always use mobile Entering credit card numbers New subscriptions / online shopping × Never use Do it at home on your Wi-Fi Phone tethering (personal hotspot) Share your mobile data ○ Safer alternative No public Wi-Fi needed
Fig. 1: Risk by action on public Wi-Fi. For anything involving money or passwords, always switch to mobile data.

① Eavesdropping: on an unencrypted network, radio signals carrying your data can be intercepted by anyone nearby. Password-free (open) Wi-Fi is especially risky. ② Evil twin (fake access point): a criminal broadcasts a Wi-Fi signal with a name identical to a real café's — like "Starbucks_Wifi_FREE" — and monitors all traffic from anyone who connects. ③ Man-in-the-middle attack: an attacker inserts themselves between you and the server to read or alter your communications.

HTTPS Helps — But It's Not a Perfect Shield

HTTP vs. HTTPS: What an Attacker Can See On the same public Wi-Fi, an HTTPS site keeps your content protected × HTTP (no encryption — outdated) URL: http://example.com/login user=tanaka&pass=Hello123 ↑ Sent over the air in plain text What the attacker can see ▶ Full URL of every page you visit Every page you browse is visible ▶ ID and password (plaintext) Login credentials are fully readable ▶ All form data Address and card number visible in full ▶ Cookies and session tokens Can be used to log in as you → Never use HTTP sites on public Wi-Fi ○ HTTPS (encrypted — today's standard) URL: https://example.com/login x9$#kQ@m!2f... (encrypted)... ↑ Sent as encrypted ciphertext What the attacker can see ▶ Domain name (example.com) Site name visible, but not which page ▶ Everything else is unreadable ID, password, and card numbers are safe ▶ Traffic volume and timing "Probably watching video" can be inferred Note: fake-certificate man-in-the-middle attacks are a separate issue Always read browser security warnings → Padlock 🔒 in the URL bar = generally safe
Fig. 2: HTTP vs. HTTPS. Modern sites are almost all HTTPS, and the padlock in the URL bar means your content is protected even on public Wi-Fi.

Most modern websites support HTTPS (encryption), so the content of your communication is harder to eavesdrop on. That said, fake access points and man-in-the-middle attacks using forged certificates are still a threat. Also, DNS, IP addresses, and some destination metadata can reveal which service you connected to, so browsing patterns may still be inferred.

Pay special attention to the login screen that sometimes appears right after joining a public Wi-Fi network. Airports and cafés often show a terms-of-service page, but a fake access point can display a similar page. If that screen asks for your social media or email password, it's dangerous. Never enter personal account passwords on a public Wi-Fi consent screen.

How Teens Can Use Public Wi-Fi Safely

The basic rule is: "on public Wi-Fi, don't log in, don't pay, and don't enter personal information." Reading a social media timeline, checking news, or looking up directions is fine. Anything involving money or personal information — switch to mobile data (4G/5G) first. For extra security, using a VPN (Virtual Private Network) encrypts your traffic. Think of it as creating a secure tunnel from your device to a trusted VPN server.

After you finish, set that Wi-Fi network to "don't auto-connect." Your phone remembers Wi-Fi names it has connected to and may reconnect automatically when it sees the same name again. If an attacker sets up a fake access point with the same name, your phone could connect without you realizing. Delete Wi-Fi networks from your saved list after you're done with them — especially ones you only use occasionally.

Common Pitfalls

Things to never do on public Wi-Fi
  • Logging in to banking, mobile payment apps, or credit card sites. Eavesdropping or man-in-the-middle attacks can harvest everything.
  • Leaving your device set to auto-connect to networks like "Free_Wifi" with no known operator.
  • Using a sketchy free "VPN-like" app. Cases have been discovered overseas where such apps actually sold your traffic data.

How Does This Help Your Future?

As a working adult, you'll increasingly work from business trips and cafés, and you'll need to judge public Wi-Fi situations correctly. Logging into work systems on public Wi-Fi and leaking confidential data could result in a lawsuit against you. Understanding the risks while you're a student — so you can evaluate them yourself — is a skill that will serve you throughout your career.

Schools and companies often have rules about taking devices offsite, using VPNs, and logging into cloud services. Knowing the risks of public Wi-Fi helps you understand why those rules exist, even when they feel inconvenient. Weighing convenience against security and making your own judgment call is a fundamental adult skill.

What You Can Do Today

3 steps to get started
  1. Review your phone's "Wi-Fi auto-connect" settings and turn off automatic joining of unknown networks.
  2. Make a personal rule: switch to 4G/5G any time you need to log in or make a payment away from home.
  3. If you want stronger protection, talk to your parents about subscribing to a trusted paid VPN (such as NordVPN).

Summary

Public Wi-Fi is convenient but carries risks of eavesdropping, fake access points, and man-in-the-middle attacks. HTTPS provides some protection but is not foolproof, so the rule is: switch to mobile data for logins and payments. Turn off auto-connect to unknown networks, and consider a VPN for serious use.

Related Articles

PreviousWhat Happens When Your Device Gets a Virus? NextIs USB Flash Storage Dangerous? RelatedWhat Is a Network? RelatedHow Does the Internet Work?
← Back to Kids IT Lab