The Future of Public Wi-Fi: What to Do Before Using Free, Fast Hot Spots

New York's new Wi-Fi network moves as fast as the city.

I’m considering moving my office to the bus stop on 17th and 3rd in Manhattan. Sure, it’s brutally cold right now and the bathroom across the street isn’t the cleanest but, oh, the Wi-Fi. It isn’t only free, it’s faster than anything else around, including my real office’s network.

The best thing about the neighborhood? It’s one of the first parts of New York City to turn old phone booths into hot spots. In the months ahead, they’ll cover the city like graffiti in the 80s, meaning I can walk around town using fast, free Wi-Fi—not Verizon ’s slow, pricey data. Even better, it uses a new technology to automatically connect when I’m in range. No need to re-login.

Welcome to the future of public Wi-Fi. It will soon spread well beyond the City That Never Sleeps, and it’s unlike the isolated free Wi-Fi hot spots in airports, coffee shops and hotels, best known for slow speeds and posing serious risks to your digital security. This is fast, it’s ubiquitous and it’s relatively more secure.

I got a glimpse of it this week while testing the LinkNYC network being deployed by city officials and a consortium of companies called CityBridge. They expect to install 500 of the new ad-supported booths by this summer. On Tuesday, it flipped the switch on near Union Square.

New York’s network may be far speedier than most, but it’s a microcosm of what’s happening across the globe. Wi-Fi networks with widespread coverage and new standards are popping up to allow us to cut back on paying the carriers an arm and a leg for cellular data. It’s downright exciting—and downright scary if you don’t take some real security precautions.

In the Fast Lane

To prepare a network for all of Gotham, CityBridge made an underground network of fiber-optic cables that feed into each of the booths. Google has to do the same to deliver its ultrafast Fiber Internet service, which is slowly spreading to more cities, including Kansas City, Mo. CityBridge says New York’s system will be the fastest citywide system in the world, beating those in cities like Taipei or Helsinki.

What’s it like in the fast lane? Dizzying. It took just 45 seconds to download a two-hour, 1GB file while sitting 10 feet away from the LinkNYC booth. That same file took 6 minutes to download on my home network and 15 minutes on the free Wi-Fi at LaGuardia Airport. On Verizon LTE, it said it would take 35 minutes. (I sure wasn’t about to use my precious remaining data to find out.)

As people start to flood the network those speeds will slow. However, CityBridge chief technology officer Colin O’Donnell says he doesn’t expect speeds to drop significantly.

Even without CityBridge’s special setups, other free connections are getting speedier. Boingo, which provides Wi-Fi in half of major U.S. airports, recently upgraded speeds in seven locations. Connected to its faster, paid tier in LaGuardia, I downloaded that same 1GB video in two minutes. And I couldn’t tell the difference between it and the LinkNYC network in my typical email, web-browsing and music-streaming routine.

Don’t Forget Your Passpoint
When you join the LinkNYC network on an iPhone, you will be prompted to join the encrypted Passpoint network.
When you join the LinkNYC network on an iPhone, you will be prompted to join the encrypted Passpoint network. Photo: Drew Evans/The Wall Street Journal

To get the most out of the updated public Wi-Fi in New York and elsewhere, there’s some new lingo to learn: Passpoint, which is sometimes referred to as Hotspot 2.0.

The technology allows a Wi-Fi hot spot to work like a cellphone tower. Your phone or laptop’s Wi-Fi connection can seamlessly switch from one hot spot to the next as you move around—no need to repeatedly log in. On New York’s LinkNYC network, it means walking out of your apartment and being able to walk for blocks and blocks. On a nationwide network, like Boingo’s, it means when you are in range of Boingo’s Passpoint secure network, whether it be in Atlanta or Walla Walla, Wash., you’ll be instantly connected.

For all the future convenience, there is a bit more initial hassle. When you first join a Passpoint network, you’re required to download a small file called a profile to your phone, tablet or laptop. The network will use it to ID you every time you’ve come back in range of the network. Most new operating systems support Passpoint.

NYCLink will initially only offer the “Private” Passpoint network to iPhone users. AT&T, Time Warner Cable and other Wi-Fi providers have already started offering Passpoint support and networks.

Other Wi-Fi providers, like Time Warner and Boingo, offer Passpoint networks.
Other Wi-Fi providers, like Time Warner and Boingo, offer Passpoint networks. Photo: Drew Evans/The Wall Street Journal

Passpoint will be huge for those of us who want to cut back on cellular data. But it’s also going to benefit those who sit at the coffee shop all day, unaware of how at risk they are. Unlike the open networks you find at Starbucks, Barnes & Noble and McDonald’s, Passpoint uses the same WPA2-encryption as your home or office’s network.

Do Not Connect Until…

I was feeling great about how much more secure my data would be until I spoke to Mark Wuergler, a security professional at Immunity Inc., who gets paid to find vulnerabilities in high-value networks.

“An attack is inevitable on New York City’s system,” he says. “It is too big of a trophy.”

CityBridge says it has a team of security experts working 24/7 to make sure that doesn’t happen. But Mr. Wuergler’s point is that all public Wi-Fi networks, even ones with the new security, are like dark alleys in tough neighborhoods—you don’t go in without protection.

With the help of Mr. Wuergler and several other security experts, I took the following steps. You should too.

Encrypt, encrypt, encrypt: Passpoint hot spots will protect your wireless data with encryption. But browser traffic, mail and social media data should still be protected via SSL encryption. On websites where you input personal data or passwords, make sure it says HTTPS in the address bar and you see the small padlock icon. If you don’t see those, you may be exposed.

Set up a VPN: A virtual private network (often called just a VPN) creates an encrypted tunnel from your device onto the Internet via a remote server. “VPNs are like driving a tank in a battlefield full of shotguns—the shotguns may try to stop you but they can’t get through your armor,” Mr. Wuergler says.

No matter what public Wi-Fi network you are on it is wise to use a VPN.
No matter what public Wi-Fi network you are on it is wise to use a VPN. Photo: Drew Evans/The Wall Street Journal

Your employer may offer a VPN option for your laptop and phone if it doesn’t use a trusted third-party service. For Windows PCs and Android phones, HotSpot Shield is a good option. (It offers a free option, and a higher tier for $12 a month.) For iPhone and Mac users, I recommend Cloak. (It starts at $3 a month.) You can configure both to automatically connect as soon as you join any network.

Delete saved public networks: Unless it’s a Passpoint network, don’t allow your device to remember or auto-join public networks. This can make it easy for an attacker to trick your device into connecting to their malicious network pretending to be the real one.

Get your digital hygiene in order: The best way to protect your most important accounts is to make sure you use a strong—and different—password on each of them. I finally took my colleague Geoffrey A. Fowler’s advice and set up a secure password manager—I went with one called Dashlane—to help me keep track of them all.

I also enabled two-factor authentication on all my bank, email, shopping and social media accounts. If someone steals your password, they won’t be able to use just that to get into your online accounts—they’ll also need the text-messaged code.

Now if you’ll excuse me, I’ll be in my corner office backing up 200GB of old photos.

Shared from Wall Street Journal by Joanna Stern

Write to Joanna Stern at