Following a recent Nym network upgrade, you may be experiencing regular disconnections with your NymVPN app. The team has identified the issue and is working on resolving it. We'll be in touch soon.

The dangers of public wi-fi, and how to protect yourself

Why the Mr. Robot scene is closer to reality than you think.

7 mins read
Nym VPN against surveillance.webp
Share

Cyberpunk in a coffee shop

In the first season of Mr. Robot, there’s a scene that became a symbol of modern cybersecurity paranoia. The main character, Elliot, sits in a small coffee shop: the sound of the grinder, people chatting, laptop on the table. He connects to the public Wi-Fi network — and within minutes, he has access to strangers’ accounts, corporate systems, and even private conversations.

For viewers, it may look like a dramatic plot device. But for cybersecurity professionals, it’s just everyday reality. Attacks like this really do happen: fast, silent, and invisible to the victim.

The dangers of public Wi-Fi

1. Lack of Encryption
Most free networks (cafés, hotels, airports) use weak or no encryption at all, often with a shared password for everyone. This means anyone on the same network can attempt to snoop on other users’ traffic. [1]

2. Sniffing (traffic interception)
An attacker only needs basic software (like Wireshark or tcpdump) to capture network traffic. Even if HTTPS protects content, metadata like DNS queries, server IPs, and packet timing and size remain visible. [2]

3. MITM (Man-in-the-Middle)
In a classic MITM attack, the attacker acts as a “proxy” between the user and the servers. All of the victim’s data flows through the attacker’s device. This allows them to:

  • Alter information
  • Inject their own messages or ads
  • Steal logins and passwords.

4. Evil Twin
Hackers set up a cloned Wi-Fi hotspot with names like “FreeAirportWiFi” or “CoffeeHouse_Guest.” Users connect, thinking it’s legitimate, but all their traffic is immediately exposed. [3]

5. Captive Portal Attacks
Many public networks use “login portals” where users must accept terms or enter an email. Attackers can spoof these portals, tricking people into giving away far more data than intended. [4]

Stay protected everywhere

with the world's most private VPN

Public Wi-Fi vulnerabilities: Real world stats

  • 87% of users admit they’ve put personal data at risk using public Wi-Fi. [1]
  • 28% of global hotspots have no encryption at all, leaving passwords, chats, and files exposed. [2]
  • 53% of people connect to public Wi-Fi without verifying the access point’s authenticity. [2]
  • In 2019, researchers in London set up a fake hotspot and intercepted traffic from over 200 users in a single day, including bank employees and lawyers. [3]
  • In the U.S., journalists have been targeted through fake Wi-Fi in cafés and hotels. [5]
  • At Black Hat Asia in 2021, researchers demonstrated how to compromise a corporate email account in under 30 seconds using public Wi-Fi. [6]
  • According to the WatchGuard Global Security Report, public Wi-Fi remains one of the top three vectors for initial device compromise. [7]

The psychology of trust

Why do people keep connecting despite the risks?

  1. Illusion of control: “I’m not logging into my bank, so I’m safe.” In reality, even email or social media can give attackers an entry point.
  2. The “it won’t happen to me” bias: Most people assume hackers target “others,” not them — a cognitive bias criminals exploit.
  3. Habit of quick access: Wi-Fi has become like a power outlet for the internet. We connect automatically, without thinking twice.

Common myths about public Wi-Fi

  • “I use HTTPS, I’m safe:” HTTPS encrypts content, but doesn’t hide metadata. Observers can still see where you connect, when, and how much data you send. [2]
  • “I have nothing to hide:” Even basic information builds a profile of your behavior. A compromised social account can be used for fraud against your friends.
  • “Using a VPN in a café makes me 100% secure:” VPNs protect content, but most don’t protect metadata like your traffic records — and some providers keep logs [7].

What Wi-Fi attacks look like in practice

  • Packet capture: Wireshark shows every domain the victim visits.
  • Evil Twin: a cheap router clones the SSID, and users connect without suspicion. [3]
  • Phishing via Wi-Fi: spoofed Gmail or Facebook login pages harvest real passwords.
  • DNS spoofing: altered DNS responses redirect users to malicious sites.
  • Wi-Fi Pineapple: a penetration-testing tool often abused by criminals. [6]

Business and Privacy Consequences

  • Financial theft: Mobile banking apps compromised via public networks. [7]
  • Corporate data leaks: In 2020, a U.S. law firm lost tens of gigabytes of sensitive files after an employee connected to a fake airport Wi-Fi. [5]
  • Journalists and activists: Public Wi-Fi has been used in authoritarian states to monitor dissidents. [5]
  • Social fraud: Compromised social accounts are exploited to scam friends and colleagues.

VPNs as protection on public Wi-Fi

VPNs create an encrypted tunnel between your device and the server, making traffic invisible to hotspot owners or attackers.

But:

  • Most VPNs don’t hide metadata (timing, frequency, destination) [7]
  • Some providers keep logs that can be handed over to third parties
  • Traditional VPNs are often blocked in censored countries.
Earlybird-email banner (1).webp

Why NymVPN is different

NymVPN was designed to be the world’s most private VPN thanks to decentralized technology that can protect not just the encrypted contents of your activities, but all the data behind it.

  • Noise Generating Mixnet: Your traffic is mixed with hundreds of others, making it impossible to trace specific packets back to you.
  • Metadata protection: The timing, frequency, and volume of data are concealed. Observers can’t piece together a full picture.
  • Decentralization: No central server or logs to compromise.
  • Resistant to blocking: Mixnets are much harder to filter than classic VPN tunnels.

A traditional VPN is like driving in an armored car: no one sees inside, but everyone sees when and where you go.
NymVPN is like driving in a convoy of hundreds of armored cars that constantly shuffle places. Nobody can tell which one is yours.

Nym's Noise Generating Mixnet

Cyber hygiene as cultural practice

The Mr. Robot scene is not an exaggeration: it’s a realistic snapshot of what happens every day. Free Wi-Fi can lead to stolen money, corporate leaks, compromised accounts, or surveillance.

The only real defense is building a culture of cyber hygiene:

  • Don’t trust public networks
  • Always verify connections
  • Use decentralized tools like NymVPN, which protects not just your content, but also your metadata.

Privacy isn’t about “hiding.” It’s about control: deciding what can be seen about you, by who, and when.

Early-Bird.png

References

  1. Norton Wi-Fi Risk Report (Symantec, 2017) — PDF
  2. Kaspersky Lab Wi-Fi Security Risks (2019) — Article
  3. BBC: Fake Wi-Fi hotspots security test, London (2019) — News
  4. Cisco Captive Portal Vulnerabilities — Report
  5. Electronic Frontier Foundation — You really do have some expectation of privacy in public
  6. Black Hat Asia Wi-Fi Attacks (2021) — Conference
  7. WatchGuard Global Security Report (2022) — Report

Keep Reading...

Pablo: Improve quality

The end of the password era, but not the end of data security

Passwork risks, and how zero-knowledge proofs provide a next-generation solution

7 mins read
Pablo: Improve quality

Can you be tracked while using a VPN?

VPNs are great privacy tools, but you can still be tracked. Choose the right type of VPN to avoid it.

6 mins read
Pablo: Improve quality

Do VPNs protect you from hackers? Experts answer

VPNs can be powerful tools in protecting us from hackers, but not all cyber attacks. dVPNs are even more effective.

12 mins read
Nym VPN against surveillance.webp

Browser fingerprinting: What is it and why you should care

Prevent internet tracking and leave no fingerprints

6 mins read