If you own a computer or a mobile phone, chances are you have done something very risky with it—connected, perhaps without even knowing that you have, to a public Wifi network. Most coffee shops or trains or hotels don't have hackers hanging out in them and snooping over their Wifi networks. But some do, and those people can find out a disturbing amount of information about anyone whose Wifi-enabled device happens to be overly friendly.
The Dutch site De Correspondent published (and Matter republished, in English) an account of what, exactly, an "ethical hacker" could determine, or at least infer, about the people around him at public coffee shops. That included:
- that various people in the room had visited McDonald's, Spain, Heathrow, an Amsterdam hostel;
- the specifications of the mobile phones in the room;
- the language settings of those phones and other devices;
- their OS version (and by extension any known vulnerabilities in that OS);
- what sites their owners visiting;
- people's names;
- their passwords.
Maurits Martijn writes:
In less than 20 minutes, here’s what we’ve learned about the woman sitting 10 feet from us: where she was born, where she studied, that she has an interest in yoga, that she’s bookmarked an online offer for an anti-snore mantras, recently visited Thailand and Laos, and shows a remarkable interest in sites that offer tips on how to save a relationship.
Creepy, right? There are, of course, ways to minimize these risks (besides staying home and swearing off the use of all internet-connected devices, forever). Most people do not try to minimize the risks, however; we just trust that our favorite coffee shop isn't also the favorite coffee shop of someone who's nosy or out to steal our passwords, and much more internet savvy than we are.